Description
MyBatis before 3.5.6 mishandles deserialization of object streams.
Remediation
References
https://github.com/mybatis/mybatis-3/compare/mybatis-3.5.5...mybatis-3.5.6
https://github.com/mybatis/mybatis-3/pull/2079
Related Vulnerabilities
CVE-2022-31170 Vulnerability in npm package @openzeppelin/contracts
CVE-2018-17196 Vulnerability in maven package org.apache.kafka:kafka-clients
CVE-2019-10786 Vulnerability in npm package network-manager
CVE-2019-16552 Vulnerability in maven package com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
CVE-2023-26486 Vulnerability in maven package org.webjars.npm:vega-functions