CVE-2021-20190

A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:oracle:commerce_guided_search_and_experience_manager:11.3.2:*:*:*:*:*:*:*

History

07 Nov 2023, 03:28

Type Values Removed Values Added
References
  • {'url': 'https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a@%3Ccommits.nifi.apache.org%3E', 'name': '[nifi-commits] 20210222 svn commit: r1886814 - /nifi/site/trunk/security.html', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • () https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a%40%3Ccommits.nifi.apache.org%3E -

Information

Published : 2021-01-19 17:15

Updated : 2024-02-28 18:08


NVD link : CVE-2021-20190

Mitre link : CVE-2021-20190

CVE.ORG link : CVE-2021-20190


JSON object : View

Products Affected

netapp

  • oncommand_insight
  • service_level_manager
  • active_iq_unified_manager
  • oncommand_api_services

fasterxml

  • jackson-databind

oracle

  • commerce_guided_search_and_experience_manager

apache

  • nifi

debian

  • debian_linux
CWE
CWE-502

Deserialization of Untrusted Data