Description
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.
Remediation
References
Related Vulnerabilities
WordPress Plugin Newsletter Manager PHP Object Injection (1.5.1)
Joomla! Core 1.5.x Open Redirect (1.5.0 - 1.5.6)
Oracle Database Server CVE-2007-5505 Vulnerability (CVE-2007-5505)
WordPress Plugin myLinksDump 'url' Parameter SQL Injection (1.2)
Django URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-14574)