CVE-2020-9547: jackson-databind: Serialization gadgets in ibatis-sqlmap

Severity: Critical

CVSS Score: 9.8

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).