CVE-2020-36180

Deserialization of Untrusted Data in maven/com.fasterxml.jackson.core/jackson-databind

Identifier

CVE-2020-36180

Package Slug

maven/com.fasterxml.jackson.core/jackson-databind

Vulnerability

Deserialization of Untrusted Data

Description

FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.

Affected Versions

All versions starting from 2.0.0 before 2.9.10.8

Solution

Upgrade to version 2.9.10.8 or above.

Last Modified

2021-01-12

source