Description
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
Remediation
References
Related Vulnerabilities
WordPress 3.7.x PHP Object Injection (3.7 - 3.7.35)
MySQL Other Vulnerability (CVE-2006-4226)
WordPress Plugin Frontend Uploader Cross-Site Scripting (0.9.2)
WordPress Plugin Rise Blocks-A Complete Gutenberg Page Builder Unspecified Vulnerability (1.0.0)
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-1551)