Description
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).
Remediation
References
Related Vulnerabilities
WordPress Plugin NextGEN Gallery-WordPress Gallery Cross-Site Scripting (2.2.10)
WordPress Plugin uTubeVideo Gallery Unspecified Vulnerability (2.0.4)
WordPress Plugin You Shang Cross-Site Scripting (1.0.1)
WordPress Plugin Videos on Admin Dashboard Cross-Site Scripting (1.1.3)
MySQL Improper Input Validation Vulnerability (CVE-2009-4028)