Identifier

CVE-2020-24616

Package Slug

maven/com.fasterxml.jackson.core/jackson-databind

Vulnerability

Deserialization of Untrusted Data

Description

FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).

Affected Versions

All versions starting from 2.0.0 before 2.9.10.6

Solution

Upgrade to version 2.9.10.6 or above.

Last Modified

2020-09-04

source