There are two potential remote code execution (RCE) vulnerabilities in jackson-databind before 2.9.6. Note, this version (2.9.6) ships bundled with pycharm-community-2018.3.3 (https://github.com/FasterXML/jackson-databind/issues/2052): CVE-2018-12022: Block polymorphic deserialization of types from Jodd-db library (https://github.com/FasterXML/jackson-databind/issues/2058): CVE-2018-12023: Block polymorphic deserialization of types from Oracle JDBC driver Gentoo Security Padawan (domhnall)
Package removed from the Portage tree. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6599dc1625a0840c6280b60cc6cacf388fc8d049