CVE-2020-14060

Publication date

2020-06-14 20:46:47

Family

mitre

State

PUBLISHED

Description

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).