CVE-2020-25649

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-25649
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25649.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-25649
Aliases
Downstream
Related
Published
2020-12-03T17:15:12.503Z
Modified
2026-03-15T21:45:05.570558Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

References

Affected packages

Git / github.com/FasterXML/jackson-databind

Affected ranges

Type
GIT
Repo
https://github.com/FasterXML/jackson-databind
Events
Introduced
21f90cf247018c1286cc20544029782450dc270a
Fixed
fe5805bb27111c6fd010b04e7dc92a7536869301
Introduced
e969f0a31b781f5dfb74e16ddd5ee4b4fa36e8d8
Fixed
d0e9952ea70d1af5c512322a32456f237afb9e9b
Introduced
a1eedfdeea46f2a8da0ed23f06e7e1d39050499b
Fixed
94484ca0177dd02c3ed83a5a5bbbcffc07a44d03
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3739d9dfbf24b6822b90274ba346ad209eb289fd
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
50791cc7856376949287e0be3e96147665ab8f68
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ce9dc07af83f77568a613fd45a86f58c93ba1a02
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
81929fad84189ce59ef82e7a6d0df795eb0c7cdb
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e969f0a31b781f5dfb74e16ddd5ee4b4fa36e8d8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a1eedfdeea46f2a8da0ed23f06e7e1d39050499b
Database specific 
{
    "versions": [
        {
            "introduced": "2.6.0"
        },
        {
            "fixed": "2.6.7.4"
        },
        {
            "introduced": "2.9.0"
        },
        {
            "fixed": "2.9.10.7"
        },
        {
            "introduced": "2.10.0"
        },
        {
            "fixed": "2.10.5.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.6.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.7.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.7.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.8.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.9.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.10.0"
        }
    ]
}
Type
GIT
Repo
https://github.com/apache/iotdb
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
06adff7fad83c324aaeb90160766ecfd0bd2b84a
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.12.0"
        }
    ]
}
Type
GIT
Repo
https://github.com/quarkusio/quarkus
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
76871146a2f242c252fc43676f43756adca218e2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
dc364b898175400962224393f9eb82d3e0ab2efb
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
78c7b1ddd04d9cc2c2a939dbeed9e8c8e223435a
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.4.0"
        }
    ]
}

Affected versions

jackson-databind-2.*
jackson-databind-2.5.5
jackson-databind-2.6.0
jackson-databind-2.6.1
jackson-databind-2.6.2
jackson-databind-2.6.3
jackson-databind-2.6.4
jackson-databind-2.6.5
jackson-databind-2.6.6
jackson-databind-2.6.7
jackson-databind-2.6.7.1
jackson-databind-2.6.7.2
jackson-databind-2.6.7.3
jackson-databind-2.7.0
jackson-databind-2.7.0-rc1
jackson-databind-2.7.0-rc2
jackson-databind-2.7.0-rc3
jackson-databind-2.7.1
jackson-databind-2.7.1-1
jackson-databind-2.7.2
jackson-databind-2.7.3
jackson-databind-2.7.4
jackson-databind-2.7.5
jackson-databind-2.7.6
jackson-databind-2.7.7
jackson-databind-2.7.8
jackson-databind-2.7.9
jackson-databind-2.7.9.1
jackson-databind-2.7.9.2
jackson-databind-2.7.9.3
jackson-databind-2.7.9.4
jackson-databind-2.7.9.5
jackson-databind-2.7.9.6
jackson-databind-2.7.9.7
jackson-databind-2.8.0
jackson-databind-2.8.1
jackson-databind-2.8.10
jackson-databind-2.8.11
jackson-databind-2.8.11.1
jackson-databind-2.8.11.2
jackson-databind-2.8.11.3
jackson-databind-2.8.11.4
jackson-databind-2.8.11.5
jackson-databind-2.8.11.6
jackson-databind-2.8.2
jackson-databind-2.8.3
jackson-databind-2.8.4
jackson-databind-2.8.5
jackson-databind-2.8.6
jackson-databind-2.8.7
jackson-databind-2.8.8
jackson-databind-2.8.8.1
jackson-databind-2.8.9
jackson-databind-2.9.0
jackson-databind-2.9.0.pr1
jackson-databind-2.9.0.pr2
jackson-databind-2.9.0.pr3
jackson-databind-2.9.0.pr4
jackson-databind-2.9.1
jackson-databind-2.9.10
jackson-databind-2.9.10.1
jackson-databind-2.9.10.2
jackson-databind-2.9.10.3
jackson-databind-2.9.10.4
jackson-databind-2.9.10.5
jackson-databind-2.9.10.6
jackson-databind-2.9.2
jackson-databind-2.9.3
jackson-databind-2.9.4
jackson-databind-2.9.5
jackson-databind-2.9.6
jackson-databind-2.9.7
jackson-databind-2.9.8
jackson-databind-2.9.9
jackson-databind-2.9.9.1
jackson-databind-2.9.9.2
jackson-databind-2.9.9.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25649.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "32"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.3.6"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "18.1"
            },
            {
                "last_affected": "18.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "19.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "19.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "20.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "21.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "4.4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "21.1.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.2.1.4.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.1.1.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "11.3.0"
            },
            {
                "last_affected": "11.3.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.2.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.5.0.23.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.0.0.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.0.4.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0.1.5.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.0.4.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.0.0.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.0.0.4.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.4.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "19.1.0.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "11.1.0"
            },
            {
                "last_affected": "11.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.0.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "11.1.0"
            },
            {
                "last_affected": "11.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.0.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "9.2.5.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "9.2.5.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "17.7"
            },
            {
                "last_affected": "17.12"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "17.12.0"
            },
            {
                "last_affected": "17.12.11"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "18.8.0"
            },
            {
                "last_affected": "18.8.11"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "19.12.0"
            },
            {
                "last_affected": "19.12.10"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "20.12.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.1.3.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.0.3.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.0.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.0.6"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "17.0.4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.0.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "19.0.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "20.0.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "4.3.0.5.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "4.3.0.6.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "4.4.0.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "4.4.0.2.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "4.4.0.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.2.1.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.2.1.4.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.1"
            }
        ]
    }
]