Description
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
Remediation
References
Related Vulnerabilities
Apache Tomcat Improper Certificate Validation Vulnerability (CVE-2025-66614)
Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-8235)
WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker SQL Injection (7.1.11)
XWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-7223)