Description
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
Remediation
References
Related Vulnerabilities
ownCloud Credentials Management Errors Vulnerability (CVE-2012-5607)
ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-9456)
WordPress Plugin Product Size charts for Woocommerce Unspecified Vulnerability (1.0)
WordPress Plugin WooCommerce BuddyPress Integration Security Bypass (3.2.5)