CVE-2020-26945 – MyBatis before 3.5.6 mishandles deserialization of object streams.

MyBatis before 3.5.6 mishandles deserialization of object streams.

 

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26945

Reference (s):

• https://github.com/mybatis/mybatis-3/compare/mybatis-3.5.5 mybatis-3.5.6
• https://github.com/mybatis/mybatis-3/pull/2079