CVE-2018-14720



FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *