TROYANOSYVIRUS
Retour aux CVEs

CVE-2020-24750

HIGH
8.1

Description

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.

Details CVE

Score CVSS v3.18.1
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteHIGH
Privileges requisNONE
Interaction utilisateurNONE
Publie9/17/2020
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0

Produits affectes

debian:debian_linuxfasterxml:jackson-databindoracle:agile_plmoracle:application_testing_suiteoracle:autovue_for_agile_product_lifecycle_managementoracle:banking_corporate_lending_process_managementoracle:banking_credit_facilities_process_managementoracle:banking_liquidity_managementoracle:banking_supply_chain_financeoracle:blockchain_platformoracle:communications_calendar_serveroracle:communications_contacts_serveroracle:communications_diameter_signaling_routeroracle:communications_element_manageroracle:communications_instant_messaging_serveroracle:communications_messaging_serveroracle:communications_offline_mediation_controlleroracle:communications_policy_managementoracle:communications_pricing_design_centeroracle:communications_services_gatekeeperoracle:communications_session_report_manageroracle:communications_session_route_manageroracle:communications_unified_inventory_managementoracle:identity_manager_connectororacle:siebel_core_-_server_frameworkoracle:siebel_ui_framework

Faiblesses (CWE)

CWE-502

References

https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b(cve@mitre.org)
https://github.com/FasterXML/jackson-databind/issues/2798(cve@mitre.org)
https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20201009-0003/(cve@mitre.org)
https://www.oracle.com//security-alerts/cpujul2021.html(cve@mitre.org)
https://www.oracle.com/security-alerts/cpuApr2021.html(cve@mitre.org)
https://www.oracle.com/security-alerts/cpuapr2022.html(cve@mitre.org)
https://www.oracle.com/security-alerts/cpujan2021.html(cve@mitre.org)
https://www.oracle.com/security-alerts/cpujan2022.html(cve@mitre.org)
https://www.oracle.com/security-alerts/cpuoct2021.html(cve@mitre.org)
https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/FasterXML/jackson-databind/issues/2798(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20201009-0003/(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com//security-alerts/cpujul2021.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuApr2021.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuapr2022.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2021.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2022.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuoct2021.html(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.