Another gadget type reported regarding a class of apache-log4j-extras package.
See https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 for description of the general problem.

Mitre id: CVE-2019-17531
Reporter: 张先辉 Zhangxianhui

Fix will be included in:

• 2.9.10.1
• 2.8.11.5
• 2.6.7.3
• does not affect 2.10.0 and later