CVE-2020-35490

FasterXML/jackson-databind

on github

Published

December 17, 2020

Severity

CVSS v3:

8.1 HIGH

CVSS v2:

6.8 MEDIUM

Description

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.

References

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:fasterxml:jackson-databind::::::::	2.0.0 (including)	2.9.10.8	*
cpe:2.3:a:netapp:service_level_manager:-:::::::*	n/a	n/a	-
cpe:2.3:o:debian:debian_linux:9.0:::::::*	n/a	n/a	9.0
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::*	n/a	n/a	12.2.1.3.0
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:::::::*	n/a	n/a	13.3.0.1
cpe:2.3:a:oracle:banking_platform:2.6.2:::::::*	n/a	n/a	2.6.2
cpe:2.3:a:oracle:agile_plm:9.3.6:::::::*	n/a	n/a	9.3.6
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*	n/a	n/a	12.2.1.4.0
cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:::::::*	n/a	n/a	7.0
cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:::::::*	n/a	n/a	15.0.3
cpe:2.3:a:oracle:banking_platform:2.7.0:::::::*	n/a	n/a	2.7.0
cpe:2.3:a:oracle:banking_platform:2.7.1:::::::*	n/a	n/a	2.7.1
cpe:2.3:a:oracle:banking_platform:2.9.0:::::::*	n/a	n/a	2.9.0
cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:::::::*	n/a	n/a	7.1
cpe:2.3:a:oracle:banking_platform:2.8.0:::::::*	n/a	n/a	2.8.0
cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:::::::*	n/a	n/a	14.3.0
cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0:::::::*	n/a	n/a	11.2.0
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:::::::*	n/a	n/a	6.3
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:::::::*	n/a	n/a	6.4
cpe:2.3:a:oracle:communications_diameter_signaling_router::::::::	8.0.0 (including)	8.5.0 (including)	*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*	n/a	n/a	7.4.1
cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:::::::*	n/a	n/a	16.0.6
cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:::::::*	n/a	n/a	17.0.4
cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:::::::*	n/a	n/a	18.0.3
cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:::::::*	n/a	n/a	19.0.2
cpe:2.3:a:oracle:banking_platform:2.10.0:::::::*	n/a	n/a	2.10.0
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:::::::*	n/a	n/a	1.4.0
cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:::::::*	n/a	n/a	21.0.2
cpe:2.3:a:oracle:documaker:12.6.3:::::::*	n/a	n/a	12.6.3
cpe:2.3:a:oracle:documaker:12.6.4:::::::*	n/a	n/a	12.6.4
cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:::::::*	n/a	n/a	14.2.0
cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:::::::*	n/a	n/a	14.5.0
cpe:2.3:a:oracle:banking_treasury_management:14.4:::::::*	n/a	n/a	14.4
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:::::::*	n/a	n/a	12.0.0.4.0
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:::::::*	n/a	n/a	1.14.0
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:::::::*	n/a	n/a	10.0.1.5.0
cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:::::::*	n/a	n/a	12.0.0.3
cpe:2.3:a:oracle:blockchain_platform::::::::	n/a	21.1.2 (including)	*

External Links

NVD - CVE-2020-35490