Description
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).
Remediation
References
Related Vulnerabilities
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-7570)
Atlassian Confluence CVE-2023-22505 Vulnerability (CVE-2023-22505)
WordPress Plugin Login by Auth0 Cross-Site Scripting (3.11.2)
Artifactory Improper Input Validation Vulnerability (CVE-2016-6501)
WordPress Plugin MAZ Loader-Preloader Builder for WordPress SQL Injection (1.3.2)