Description
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
Remediation
References
Related Vulnerabilities
WordPress Plugin Content Audit Blind SQL Injection (1.6)
Prototype CVE-2008-7220 Vulnerability (CVE-2008-7220)
Oracle JRE CVE-2013-2461 Vulnerability (CVE-2013-2461)
WordPress Plugin iThemes Security (formerly Better WP Security) Cross-Site Scripting (4.6.12)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1000398)