CVE-2020-36181
Deserialization of Untrusted Data in maven/com.fasterxml.jackson.core/jackson-databind
Identifiers
CVE-2020-36181
Package Slug
maven/com.fasterxml.jackson.core/jackson-databind
Vulnerability
Deserialization of Untrusted Data
Description
FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
Affected Versions
All versions starting from 2.9.0 before 2.9.10.8
Solution
Upgrade to version 2.9.10.8 or above.
Last Modified
2021-01-12
| source |