CVE-2020-10968
- Source
- https://cve.org/CVERecord?id=CVE-2020-10968
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10968.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-10968
- Aliases
- Downstream
- Related
- Published
- 2020-03-26T13:15:12.970Z
- Modified
- 2026-02-06T05:17:35.506146Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
- References
-
- https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
- https://github.com/FasterXML/jackson-databind/issues/2662
- https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html
- https://security.netapp.com/advisory/ntap-20200403-0002/
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://github.com/FasterXML/jackson-databind/issues/2662
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html
Affected packages
Git / github.com/fasterxml/jackson-databind
Affected versions
jackson-databind-2.*
jackson-databind-2.10.0
jackson-databind-2.10.0.pr1
jackson-databind-2.10.0.pr2
jackson-databind-2.10.0.pr3
jackson-databind-2.10.1
jackson-databind-2.10.2
jackson-databind-2.10.3
jackson-databind-2.10.4
jackson-databind-2.10.5
jackson-databind-2.10.5.1
jackson-databind-2.11.0
jackson-databind-2.11.0.rc1
jackson-databind-2.11.1
jackson-databind-2.11.2
jackson-databind-2.11.3
jackson-databind-2.11.4
jackson-databind-2.12.0
jackson-databind-2.12.0-rc1
jackson-databind-2.12.0-rc2
jackson-databind-2.12.1
jackson-databind-2.12.2
jackson-databind-2.12.3
jackson-databind-2.12.4
jackson-databind-2.12.5
jackson-databind-2.12.6
jackson-databind-2.12.6.1
jackson-databind-2.12.7
jackson-databind-2.12.7.1
jackson-databind-2.12.7.2
jackson-databind-2.13.0
jackson-databind-2.13.0-rc1
jackson-databind-2.13.0-rc2
jackson-databind-2.13.1
jackson-databind-2.13.2
jackson-databind-2.13.2.1
jackson-databind-2.13.2.2
jackson-databind-2.13.3
jackson-databind-2.13.4
jackson-databind-2.13.4.1
jackson-databind-2.13.4.2
jackson-databind-2.13.5
jackson-databind-2.14.0
jackson-databind-2.14.0-rc1
jackson-databind-2.14.0-rc2
jackson-databind-2.14.0-rc3
jackson-databind-2.14.1
jackson-databind-2.14.2
jackson-databind-2.14.3
jackson-databind-2.15.0
jackson-databind-2.15.0-rc1
jackson-databind-2.15.0-rc2
jackson-databind-2.15.0-rc3
jackson-databind-2.15.1
jackson-databind-2.15.2
jackson-databind-2.15.3
jackson-databind-2.15.4
jackson-databind-2.16.0
jackson-databind-2.16.0-rc1
jackson-databind-2.16.1
jackson-databind-2.16.2
jackson-databind-2.17.0
jackson-databind-2.17.0-rc1
jackson-databind-2.17.1
jackson-databind-2.17.2
jackson-databind-2.17.3
jackson-databind-2.18.0
jackson-databind-2.18.0-rc1
jackson-databind-2.18.1
jackson-databind-2.18.2
jackson-databind-2.18.3
jackson-databind-2.18.4
jackson-databind-2.18.5
jackson-databind-2.19.0
jackson-databind-2.19.0-rc2
jackson-databind-2.19.1
jackson-databind-2.19.2
jackson-databind-2.19.3
jackson-databind-2.19.4
jackson-databind-2.20.0
jackson-databind-2.20.0-rc1
jackson-databind-2.20.1
jackson-databind-2.20.2
jackson-databind-2.21.0
jackson-databind-2.6.7.1
jackson-databind-2.7.9.2
jackson-databind-2.7.9.3
jackson-databind-2.7.9.4
jackson-databind-2.7.9.5
jackson-databind-2.7.9.6
jackson-databind-2.7.9.7
jackson-databind-2.8.10
jackson-databind-2.8.11
jackson-databind-2.8.11.1
jackson-databind-2.8.11.2
jackson-databind-2.8.11.3
jackson-databind-2.8.11.4
jackson-databind-2.8.11.5
jackson-databind-2.8.11.6
jackson-databind-2.9.0
jackson-databind-2.9.1
jackson-databind-2.9.10
jackson-databind-2.9.10.1
jackson-databind-2.9.10.2
jackson-databind-2.9.10.3
jackson-databind-2.9.10.4
jackson-databind-2.9.10.5
jackson-databind-2.9.10.6
jackson-databind-2.9.10.7
jackson-databind-2.9.10.8
jackson-databind-2.9.2
jackson-databind-2.9.3
jackson-databind-2.9.4
jackson-databind-2.9.5
jackson-databind-2.9.6
jackson-databind-2.9.7
jackson-databind-2.9.8
jackson-databind-2.9.9
jackson-databind-2.9.9.1
jackson-databind-2.9.9.2
jackson-databind-2.9.9.3
jackson-databind-3.*
jackson-databind-3.0.0
jackson-databind-3.0.0-rc1
jackson-databind-3.0.0-rc10
jackson-databind-3.0.0-rc2
jackson-databind-3.0.0-rc3
jackson-databind-3.0.0-rc4
jackson-databind-3.0.0-rc5
jackson-databind-3.0.0-rc6
jackson-databind-3.0.0-rc7
jackson-databind-3.0.0-rc8
jackson-databind-3.0.0-rc9
jackson-databind-3.0.1
jackson-databind-3.0.2
jackson-databind-3.0.3
jackson-databind-3.0.4
jackson-databind-3.1.0-rc1