CVE-2020-24616

Beschreibung:
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).

CWE: CWE-94

CVSS-Bewertung
CVSS 2: MEDIUM – 6.8 (Version: 2.0)
CVSS 3: HIGH – 8.1 (Version: 3.1)

Links:

NVD – CVE-2020-24616
CVE – CVE-2020-24616

Link (max. 20) Quelle Tags
https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 MISC Exploit Third Party Advisory Third Party Advisory
https://github.com/FasterXML/jackson-databind/issues/2814 MISC Issue Tracking Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20200904-0006/ CONFIRM Third Party Advisory Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html MISC Third Party Advisory VDB Entry Third Party Advisory
[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update MLIST Mailing List Third Party Advisory
[ambari-dev] 20201019 [GitHub] [ambari] dlysnichenko merged pull request #3246: AMBARI-25571. Vulnerable Spring components in Ambari – CVE-2020-5398, CVE-2020-5421 MLIST Mailing List Vendor Advisory Third Party Advisory
[ambari-issues] 20201021 [jira] [Resolved] (AMBARI-25571) Vulnerable Spring components in Ambari – CVE-2020-5398, CVE-2020-5421 MLIST Mailing List Third Party Advisory
[hive-dev] 20201022 [jira] [Created] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421 MLIST Mailing List Third Party Advisory
[hive-issues] 20201022 [jira] [Updated] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421 MLIST Mailing List Third Party Advisory
[hive-issues] 20201022 [jira] [Assigned] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421 MLIST Third Party Advisory
[pulsar-commits] 20201022 [GitHub] [pulsar] Ghatage opened a new pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421 MLIST Mailing List Third Party Advisory
[pulsar-commits] 20201023 [GitHub] [pulsar] Ghatage commented on pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421 MLIST Mailing List Third Party Advisory
[pulsar-commits] 20201026 [GitHub] [pulsar] wolfstudy commented on pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421 MLIST Mailing List Third Party Advisory
[pulsar-commits] 20201028 [GitHub] [pulsar] merlimat merged pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421 MLIST Mailing List Third Party Advisory
[ignite-user] 20201117 Query on CVE-2020-5421 MLIST Mailing List Third Party Advisory
[ignite-user] 20201119 Re: Query on CVE-2020-5421 MLIST Mailing List Third Party Advisory
[hive-issues] 20210107 [jira] [Resolved] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421 MLIST Mailing List Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html MISC Mailing List Third Party Advisory
[zookeeper-notifications] 20201123 [GitHub] [zookeeper] eolivelli commented on pull request #1549: ZOOKEEPER-4017. Owasp check failing – Jetty 9.4.32 – CVE-2020-27216 MLIST Mailing List Third Party Advisory
[zookeeper-notifications] 20201124 [GitHub] [zookeeper] anmolnar commented on pull request #1549: ZOOKEEPER-4017. Owasp check failing – Jetty 9.4.32 – CVE-2020-27216 MLIST Mailing List Third Party Advisory

Quelle: NVD – CVE-2020-24616
Datum Veröffentlichung: 2020-08-25T18:15Z, Datum letzte Änderung: 2021-05-05T13:22Z