CVE
CVE-2020-35491
Serialization gadgets exploit in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
Endor Patches
Patch Name
Vulnerabilities fixed
Lines of Code Changed