CVE-2020-10969

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-10969

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10969.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-10969

Aliases

GHSA-758m-v56v-grj4

Related

Published

2020-03-26T13:15:13Z

Modified

2024-09-18T03:06:24.862753Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.

References

Affected packages

Debian:11 / jackson-databind

Package

Name: jackson-databind
Purl: pkg:deb/debian/jackson-databind?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.11.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / jackson-databind

Package

Name: jackson-databind
Purl: pkg:deb/debian/jackson-databind?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.11.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / jackson-databind

Package

Name: jackson-databind
Purl: pkg:deb/debian/jackson-databind?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.11.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/fasterxml/jackson-databind

Affected ranges

Type: GIT
Repo: https://github.com/fasterxml/jackson-databind
Events: Introduced

50791cc7856376949287e0be3e96147665ab8f68

Fixed

e8697cdbf415028b171f9b7698f3308eda00a3c7

Affected versions

jackson-databind-2.*

jackson-databind-2.6.5

jackson-databind-2.6.6

jackson-databind-2.6.7

jackson-databind-2.6.7.1

jackson-databind-2.7.0

jackson-databind-2.7.1

jackson-databind-2.7.1-1

jackson-databind-2.7.2

jackson-databind-2.7.3

jackson-databind-2.7.4

jackson-databind-2.7.5

jackson-databind-2.7.6

jackson-databind-2.7.7

jackson-databind-2.7.8

jackson-databind-2.7.9

jackson-databind-2.7.9.1

jackson-databind-2.7.9.2

jackson-databind-2.7.9.3

jackson-databind-2.7.9.4

jackson-databind-2.7.9.5

jackson-databind-2.7.9.6