Description
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2010-0852 Vulnerability (CVE-2010-0852)
Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-19205)
Apache HTTP Server Other Vulnerability (CVE-2000-1204)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-0218)