Description
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.
Remediation
References
Related Vulnerabilities
WordPress Plugin Vuukle Comments, Reactions, Share Bar, Revenue Unspecified Vulnerability (4.0.2)
Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.9.25)
WordPress Plugin Bricks Remote Code Execution (1.9.6)
MySQL CVE-2019-2802 Vulnerability (CVE-2019-2802)
WordPress Plugin Kento Post View Counter Multiple Vulnerabilities (2.8)