Description
MyBatis before 3.5.6 mishandles deserialization of object streams.
Remediation
References
https://github.com/mybatis/mybatis-3/compare/mybatis-3.5.5...mybatis-3.5.6
https://github.com/mybatis/mybatis-3/pull/2079
Related Vulnerabilities
CVE-2017-1000391 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2019-10382 Vulnerability in maven package org.jenkins-ci.plugins:labmanager
CVE-2023-37961 Vulnerability in maven package org.jenkins-ci.plugins:assembla-auth
CVE-2020-2224 Vulnerability in maven package org.jenkins-ci.plugins:matrix-project
CVE-2021-23353 Vulnerability in maven package org.webjars.bower:jspdf