A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.debian.org/security/2017/dsa-4004
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
https://security.netapp.com/advisory/ntap-20171214-0002/
https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html
https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html
https://github.com/FasterXML/jackson-databind/issues/1723
https://github.com/FasterXML/jackson-databind/issues/1599
https://cwiki.apache.org/confluence/display/WW/S2-055
https://bugzilla.redhat.com/show_bug.cgi?id=1462702
https://access.redhat.com/errata/RHSA-2019:3149
https://access.redhat.com/errata/RHSA-2019:2858
https://access.redhat.com/errata/RHSA-2019:0910
https://access.redhat.com/errata/RHSA-2018:1450
https://access.redhat.com/errata/RHSA-2018:1449
https://access.redhat.com/errata/RHSA-2018:0342
https://access.redhat.com/errata/RHSA-2018:0294
https://access.redhat.com/errata/RHSA-2017:3458
https://access.redhat.com/errata/RHSA-2017:3456
https://access.redhat.com/errata/RHSA-2017:3455
https://access.redhat.com/errata/RHSA-2017:3454
https://access.redhat.com/errata/RHSA-2017:3141
https://access.redhat.com/errata/RHSA-2017:2638
https://access.redhat.com/errata/RHSA-2017:2637
https://access.redhat.com/errata/RHSA-2017:2636
https://access.redhat.com/errata/RHSA-2017:2635
https://access.redhat.com/errata/RHSA-2017:2633
https://access.redhat.com/errata/RHSA-2017:2547
https://access.redhat.com/errata/RHSA-2017:2546
https://access.redhat.com/errata/RHSA-2017:2477
https://access.redhat.com/errata/RHSA-2017:1840
https://access.redhat.com/errata/RHSA-2017:1839
https://access.redhat.com/errata/RHSA-2017:1837
https://access.redhat.com/errata/RHSA-2017:1836
https://access.redhat.com/errata/RHSA-2017:1835
https://access.redhat.com/errata/RHSA-2017:1834
http://www.securitytracker.com/id/1040360
http://www.securitytracker.com/id/1039947
http://www.securitytracker.com/id/1039744
http://www.securityfocus.com/bid/99623
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html