cbcvebase.
CVE-2020-10969
published 2020-03-26

CVE-2020-10969: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.

high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.

Affected

61 ranges· showing 25
VendorProductVersion rangeFixed in
debiandebian_linux
debianjackson-databind< jackson-databind 2.11.1-1 (bookworm)jackson-databind 2.11.1-1 (bookworm)
fasterxmljackson-databind>= 0 < 2.11.1-12.11.1-1
fasterxmljackson-databind>= 0 < 2.11.1-12.11.1-1
fasterxmljackson-databind>= 0 < 2.11.1-12.11.1-1
fasterxmljackson-databind>= 0 < 2.11.1-12.11.1-1
fasterxmljackson-databind>= 0 < 2.4.2-3ubuntu0.1~esm22.4.2-3ubuntu0.1~esm2
fasterxmljackson-databind>= 2.7.0 < 2.7.9.72.7.9.7
fasterxmljackson-databind>= 2.8.0 < 2.8.11.62.8.11.6
fasterxmljackson-databind>= 2.9.0 < 2.9.10.42.9.10.4
oracleagile_plm
oracleautovue_for_agile_product_lifecycle_management
oraclebanking_digital_experience
oraclebanking_digital_experience
oraclebanking_digital_experience
oraclebanking_digital_experience
oraclebanking_digital_experience
oraclebanking_digital_experience
oraclebanking_platform2.4.0 – 2.9.0
oraclecommunications_calendar_server
oraclecommunications_contacts_server
oraclecommunications_contacts_server
oraclecommunications_diameter_signaling_router8.0.0 – 8.2.2
oraclecommunications_element_manager8.2.0 – 8.2.2
oraclecommunications_evolved_communications_application_server

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv9.8CRITICAL