Description
MyBatis before 3.5.6 mishandles deserialization of object streams.
Remediation
References
https://github.com/mybatis/mybatis-3/compare/mybatis-3.5.5...mybatis-3.5.6
https://github.com/mybatis/mybatis-3/pull/2079
Related Vulnerabilities
CVE-2019-1010206 Vulnerability in maven package com.github.kevinsawicki:http-request
CVE-2023-47322 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web
CVE-2022-35949 Vulnerability in maven package org.webjars.npm:undici
CVE-2022-21830 Vulnerability in npm package @rocket.chat/livechat