TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2020-24750

HIGH
8.1

Beschreibung

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.

CVE Details

CVSS v3.1 Bewertung8.1
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatHIGH
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht9/17/2020
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

debian:debian_linuxfasterxml:jackson-databindoracle:agile_plmoracle:application_testing_suiteoracle:autovue_for_agile_product_lifecycle_managementoracle:banking_corporate_lending_process_managementoracle:banking_credit_facilities_process_managementoracle:banking_liquidity_managementoracle:banking_supply_chain_financeoracle:blockchain_platformoracle:communications_calendar_serveroracle:communications_contacts_serveroracle:communications_diameter_signaling_routeroracle:communications_element_manageroracle:communications_instant_messaging_serveroracle:communications_messaging_serveroracle:communications_offline_mediation_controlleroracle:communications_policy_managementoracle:communications_pricing_design_centeroracle:communications_services_gatekeeperoracle:communications_session_report_manageroracle:communications_session_route_manageroracle:communications_unified_inventory_managementoracle:identity_manager_connectororacle:siebel_core_-_server_frameworkoracle:siebel_ui_framework

Schwachen (CWE)

CWE-502

Referenzen

https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b(cve@mitre.org)
https://github.com/FasterXML/jackson-databind/issues/2798(cve@mitre.org)
https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20201009-0003/(cve@mitre.org)
https://www.oracle.com//security-alerts/cpujul2021.html(cve@mitre.org)
https://www.oracle.com/security-alerts/cpuApr2021.html(cve@mitre.org)
https://www.oracle.com/security-alerts/cpuapr2022.html(cve@mitre.org)
https://www.oracle.com/security-alerts/cpujan2021.html(cve@mitre.org)
https://www.oracle.com/security-alerts/cpujan2022.html(cve@mitre.org)
https://www.oracle.com/security-alerts/cpuoct2021.html(cve@mitre.org)
https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/FasterXML/jackson-databind/issues/2798(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20201009-0003/(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com//security-alerts/cpujul2021.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuApr2021.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuapr2022.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2021.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2022.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuoct2021.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.