8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.005 Low
EPSS
Percentile
75.8%
The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class ignite-jta
.
CPE | Name | Operator | Version |
---|---|---|---|
com.fasterxml.jackson.core:jackson-databind | le | 2.9.10.3 |
github.com/advisories/GHSA-rpr3-cw39-3pxh
github.com/FasterXML/jackson-databind/commit/a424c038ba0c0d65e579e22001dec925902ac0ef
github.com/FasterXML/jackson-databind/issues/2658
github.com/FasterXML/jackson-databind/pull/2864
github.com/luisgarciacheckmarx/LGV_onefile/issues/19
lists.debian.org/debian-lts-announce/2023/04/msg00032.html
medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
nvd.nist.gov/vuln/detail/CVE-2020-10650
security.netapp.com/advisory/ntap-20230818-0007/
www.oracle.com/security-alerts/cpujan2021.html
www.oracle.com/security-alerts/cpuoct2022.html