CVE-2020-36183
Unsafe Deserialization in jackson-databind
Description
FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
Base CVSS
8.1
EPSS Score
2.42%
Introduced Version
2.0.0-RC1
Fix Available
2.9.10.8,2.6.7.5
Available Patches
Package
CVEs Fixed
Lines of Code Changed