Open mend-for-github-com[bot] opened 4 years ago
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /tmp/ws-scm/jmx2graphite/pom.xml
Path to vulnerable library: downloadResource_13441175-5a70-46fd-9bd1-16f58b00e3c3/20200310104446/jackson-databind-2.9.10.3.jar
Dependency Hierarchy: - :x: **jackson-databind-2.9.10.3.jar** (Vulnerable Library)
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
Publish Date: 2020-03-18
URL: CVE-2020-10673
Base Score Metrics: - Exploitability Metrics: - Attack Vector: N/A - Attack Complexity: N/A - Privileges Required: N/A - User Interaction: N/A - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A
CVE-2020-10673 - Medium Severity Vulnerability
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /tmp/ws-scm/jmx2graphite/pom.xml
Path to vulnerable library: downloadResource_13441175-5a70-46fd-9bd1-16f58b00e3c3/20200310104446/jackson-databind-2.9.10.3.jar
Dependency Hierarchy: - :x: **jackson-databind-2.9.10.3.jar** (Vulnerable Library)
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
Publish Date: 2020-03-18
URL: CVE-2020-10673
Base Score Metrics: - Exploitability Metrics: - Attack Vector: N/A - Attack Complexity: N/A - Privileges Required: N/A - User Interaction: N/A - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A
For more information on CVSS3 Scores, click here.