← Voltar para CVEs
CVE-2020-35491
HIGH8.1
Descricao
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
Detalhes CVE
Pontuacao CVSS v3.18.1
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeHIGH
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado12/17/2020
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
debian:debian_linuxfasterxml:jackson-databindnetapp:service_level_manageroracle:agile_plmoracle:application_testing_suiteoracle:autovue_for_agile_product_lifecycle_managementoracle:banking_platformoracle:banking_treasury_managementoracle:banking_virtual_account_managementoracle:blockchain_platformoracle:communications_cloud_native_core_policyoracle:communications_cloud_native_core_unified_data_repositoryoracle:communications_diameter_signaling_routeoracle:communications_evolved_communications_application_serveroracle:communications_instant_messaging_serveroracle:communications_offline_mediation_controlleroracle:communications_pricing_design_centeroracle:communications_services_gatekeeperoracle:communications_unified_inventory_managementoracle:documakeroracle:insurance_policy_administration_j2eeoracle:retail_customer_management_and_segmentation_foundationoracle:retail_merchandising_systemoracle:retail_xstore_point_of_serviceoracle:sd-wan_edgeoracle:webcenter_portal
Fraquezas (CWE)
CWE-502
Referencias
https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062(cve@mitre.org)
https://github.com/FasterXML/jackson-databind/issues/2986(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20210122-0005/(cve@mitre.org)
https://www.oracle.com//security-alerts/cpujul2021.html(cve@mitre.org)
https://www.oracle.com/security-alerts/cpuApr2021.html(cve@mitre.org)
https://www.oracle.com/security-alerts/cpuapr2022.html(cve@mitre.org)
https://www.oracle.com/security-alerts/cpujan2022.html(cve@mitre.org)
https://www.oracle.com/security-alerts/cpujul2022.html(cve@mitre.org)
https://www.oracle.com/security-alerts/cpuoct2021.html(cve@mitre.org)
https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/FasterXML/jackson-databind/issues/2986(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20210122-0005/(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com//security-alerts/cpujul2021.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuApr2021.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuapr2022.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2022.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujul2022.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuoct2021.html(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.