Block one more gadget type (weblogic/oracle-aqjms, CVE-2020-14061)

[cowtowncoder]

Another gadget type(s) reported regarding class(es) of aqapi.jar library, included in Weblogic (for Oracle AQ/JMS support).

See https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 for description of the general problem.

Mitre id: CVE-2020-14061
Reporter(s): Fangrun Li (Cloud Security Team at Qihoo 360)

Fix will be included in:

• 2.9.10.5
• Not considered valid CVE for Jackson 2.10.0 and later (see https://medium.com/@cowtowncoder/jackson-2-10-safe-default-typing-2d018f0ce2ba)