Summary: FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.Published: Wednesday, January 2, 2019 - 13:29cvss: