CVE-2018-14720

Summary:

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

Published:

Wednesday, January 2, 2019 - 13:29

cvss: