Description
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.
Remediation
References
Related Vulnerabilities
PleskLin URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-24044)
WordPress Plugin WooCommerce Multi Currency-Currency Switcher Security Bypass (2.1.17)
SharePoint Improper Input Validation Vulnerability (CVE-2019-0594)
Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2022-0538)
WordPress Plugin LBstopattack Cross-Site Request Forgery (1.1.2)