CVE-2019-17267: jackson-databind: Serialization gadgets in classes of the ehcache package

Severity: Critical

CVSS Score: 9.8

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.