CVE-2020-36183
maven/com.fasterxml.jackson.core/jackson-databind
Deserialization of Untrusted Data
FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
All versions starting from 2.9.0 before 2.9.10.8
Upgrade to version 2.9.10.8 or above.
2021-01-12
source |