CVE-2020-9548
jackson-databind mishandles the interaction between serialization gadgets and typing
Description
FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
Base CVSS
9.8
EPSS Score
13.94%
Introduced Version
2.0.0-RC1
Fix Available
2.8.11.6,2.9.10.4,2.6.7.4,2.7.9.7
Available Patches
Package
CVEs Fixed
Lines of Code Changed