Description
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
Remediation
References
Related Vulnerabilities
WordPress Plugin Estatik Real Estate Arbitrary File Upload (2.3.0)
Joomla Other Vulnerability (CVE-2006-4474)
WebLogic CVE-2024-21183 Vulnerability (CVE-2024-21183)
WordPress Plugin 3D Banner Rotator 'upload.php' Arbitrary File Upload (2.1)
WordPress Plugin Checkout Field Editor for WooCommerce (Pro) Arbitrary File Deletion (3.6.2)