Block two more gadget types (ehcache/JNDI - CVE-2019-20330)

[cowtowncoder]

Another 2 gadget (*) types reported related to JNDI access.
See https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 for description of the general problem.

Mitre id: CVE-2019-20330
Original discoverer: UltramanGaia

Fixed in:

• 2.9.10.2 (jackson-bom version 2.9.10.20200223)
• 2.8.11.5 (jackson-bom version 2.8.11.20200210)
• 2.7.9.7
• does not affect 2.10.0 and later

[cowtowncoder]

2.9.10.2 was released, along with jackson-bom of 2.9.10.20200103.

[cowtowncoder]

I think Mitre allocated id is: CVE-2019-20330

(but haven't seen confirmation, possibly due to email issues wrt fasterxml.org)

[rabiihlioui]

I think Mitre allocated id is: CVE-2019-20330

(but haven't seen confirmation, possibly due to email issues wrt fasterxml.org)

2.9.10.2 was released, along with jackson-bom of 2.9.10.20200103.

Jackson-databind is not getting downloaded from maven after changing the version to 2.9.10.2 in my project's pom.xml.