Description
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
Remediation
References
Related Vulnerabilities
PHP Improper Access Control Vulnerability (CVE-2015-8838)
WordPress Plugin Comments-wpDiscuz Cross-Site Request Forgery (3.2.8)
WordPress Plugin Simple Photo Gallery Cross-Site Scripting (1.8.0)
WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.30)
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1599)