CVE-2018-14719: jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes

Severity: Critical

CVSS Score: 9.8

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.