CVE-2018-14720: jackson-databind: exfiltration/XXE in some JDK classes

Severity: Critical

CVSS Score: 9.8

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.