Serialization Vulnerability in Jackson Databind by FasterXML
CVE-2020-36182

8.1HIGH

Key Information:

Vendor

Fasterxml

Status
Jackson-databind
Vendor
CVE Published:
7 January 2021

What is CVE-2020-36182?

The vulnerability in FasterXML's jackson-databind library arises from the improper handling of serialization gadgets and types, specifically concerning the interaction with org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. This issue could potentially be exploited in scenarios where untrusted data is serialized and deserialized, leading to various security issues. Developers using versions earlier than 2.9.10.8 should consider updating to mitigate associated risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://cowtowncoder.medium.com/on-jackson-cves-dont-pani...
x_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/3004
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2021/04/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.