FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
07 Nov 2023, 03:26
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2020-03-02 04:15
Updated : 2024-02-28 17:28
NVD link : CVE-2020-9548
Mitre link : CVE-2020-9548
CVE.ORG link : CVE-2020-9548
JSON object : View
Products Affected
oracle
- communications_session_report_manager
- communications_evolved_communications_application_server
- banking_digital_experience
- communications_instant_messaging_server
- communications_element_manager
- enterprise_manager_base_platform
- retail_xstore_point_of_service
- retail_merchandising_system
- retail_sales_audit
- communications_session_route_manager
- communications_contacts_server
- communications_network_charging_and_control
- jd_edwards_enterpriseone_tools
- agile_plm
- communications_calendar_server
- banking_platform
- primavera_unifier
- jd_edwards_enterpriseone_orchestrator
- autovue_for_agile_product_lifecycle_management
- weblogic_server
- global_lifecycle_management_opatch
- communications_diameter_signaling_router
netapp
- active_iq_unified_manager
debian
- debian_linux
fasterxml
- jackson-databind
CWE
CWE-502
Deserialization of Untrusted Data