Public CVE-2020-35448 disclosure

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).

Link not working? No problem! With VULNMAP you always have guaranteed access to security information thanks to reliable backups.

Our backup links ensure that critical data remains always available, even in case of unavailability of original sites.