FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
Metrics
Affected Vendors & Products
References
History
Wed, 27 Aug 2025 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-08-27T20:33:46.507Z
Reserved: 2020-12-27T00:00:00.000Z
Link: CVE-2020-35728

Updated: 2024-08-04T17:09:15.179Z

Status : Modified
Published: 2020-12-27T05:15:11.590
Modified: 2025-08-27T21:15:36.093
Link: CVE-2020-35728


No data.