CVE-2020-36183

Publication date

2021-01-06 22:30:15

Family

mitre

State

PUBLISHED

Description

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.