Description
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
Remediation
References
Related Vulnerabilities
Oracle Application Server Other Vulnerability (CVE-2006-5353)
Liferay DXP CVE-2024-25148 Vulnerability (CVE-2024-25148)
Mailman Other Vulnerability (CVE-2003-0992)
WordPress Plugin WP Legal Pages Cross-Site Scripting (1.0.1)
WordPress Plugin Limit Login Attempts Reloaded Cross-Site Scripting (2.15.2)