CVE-2020-36183

Deserialization of Untrusted Data in maven/com.fasterxml.jackson.core/jackson-databind

Identifier

CVE-2020-36183

Package Slug

maven/com.fasterxml.jackson.core/jackson-databind

Vulnerability

Deserialization of Untrusted Data

Description

FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.

Affected Versions

All versions starting from 2.0.0 before 2.9.10.8

Solution

Upgrade to version 2.9.10.8 or above.

Last Modified

2021-01-12

source