CVE-2020-9548: jackson-databind: Serialization gadgets in anteros-core

Severity: Critical

CVSS Score: 9.8

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).