Mybatis Team · Mybatis · CVE-2020-26945
**Name of the Vulnerable Software and Affected Versions**
MyBatis versions prior to 3.5.6
**Description**
The issue is related to the mishandling of deserialization of object streams, which can lead to potential cache poisoning. This could potentially allow for remote code execution.
**Recommendations**
For versions prior to 3.5.6, update to version 3.5.6 or later to resolve the issue. As a temporary workaround, consider restricting deserialization of object streams to minimize the risk of exploitation.