jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.6. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and system availability...