jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver
A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Oracle JDBC classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...