Loading
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).
Use CWE-502, Fasterxml vendor hub and Jackson-Databind product page to widen CVE-2020-14062 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2020-10650, CVE-2021-20190 and CVE-2020-36183 for nearby disclosures in the same product family.