CVE-2020-35491

Publication date

2020-12-17 18:43:41

Family

mitre

State

PUBLISHED

Description

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.