Block one more gadget type (org.docx4j.org.apache:xalan-interpretive, CVE-2020-36183)

[cowtowncoder]

Another gadget type(s) reported regarding class(es) of org.docx4j.org.apache:xalan-interpretive library.
See https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 for description of the general problem.

Reporter(s): differ (of Zorelworld iLab team)
Mitre id: CVE-2020-36183

Note: derivative of #2469 (embedded Xalan)

Fix is included in:

• 2.9.10.8
• 2.6.7.5
• Not considered valid CVE for Jackson 2.10.0 and later (see https://medium.com/@cowtowncoder/jackson-2-10-safe-default-typing-2d018f0ce2ba)

[abergmann]

CVE-2020-36183 has been assigned to this issue.