Closed mend-for-github-com[bot] closed 3 years ago
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /tmp/ws-scm/sawmill/sawmill-core/pom.xml
Path to vulnerable library: epository/com/fasterxml/jackson/core/jackson-databind/2.9.10.1/jackson-databind-2.9.10.1.jar
Dependency Hierarchy: - :x: **jackson-databind-2.9.10.1.jar** (Vulnerable Library)
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
Publish Date: 2020-03-02
URL: CVE-2020-9548
Base Score Metrics not available
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9548
Release Date: 2020-03-02
Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.10.3
CVE-2020-9548 - Medium Severity Vulnerability
Vulnerable Library - jackson-databind-2.9.10.1.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /tmp/ws-scm/sawmill/sawmill-core/pom.xml
Path to vulnerable library: epository/com/fasterxml/jackson/core/jackson-databind/2.9.10.1/jackson-databind-2.9.10.1.jar
Dependency Hierarchy: - :x: **jackson-databind-2.9.10.1.jar** (Vulnerable Library)
Vulnerability Details
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
Publish Date: 2020-03-02
URL: CVE-2020-9548
CVSS 2 Score Details (5.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9548
Release Date: 2020-03-02
Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.10.3