Lucene search
RedHatRHSA-2020:4401HistoryOct 28, 2020 - 9:00 p.m.
(RHSA-2020:4401) Important: Red Hat JBoss Enterprise Application Platform 7.3 security update
2020-10-2821:00:43
access.redhat.com
49
0.004 Low
EPSS
Percentile
72.5%
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8.
Security Fix(es):
- jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (CVE-2020-25649)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 8 | noarch | eap7-jackson-databind | <ย 2.10.4-1.redhat_00002.1.el8eap | eap7-jackson-databind-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm |
| RedHat | 7 | noarch | eap7-jackson-databind | <ย 2.10.4-1.redhat_00002.1.el7eap | eap7-jackson-databind-2.10.4-1.redhat_00002.1.el7eap.noarch.rpm |
| RedHat | 6 | noarch | eap7-jackson-databind | <ย 2.10.4-1.redhat_00002.1.el6eap | eap7-jackson-databind-2.10.4-1.redhat_00002.1.el6eap.noarch.rpm |
Related
debian
debian
[SECURITY] [DLA 2406-1] jackson-databind security update
2020-10-14 10:31:09
[SECURITY] [DLA 2638-1] jackson-databind security update
2021-04-24 20:50:12
atlassian
atlassian
ubuntucve
ubuntucve
CVE-2020-25649
2020-12-03 00:00:00
osv
osv
CVE-2020-25649
2020-12-03 17:15:12
jackson-databind - security update
2020-10-14 00:00:00
XML External Entity (XXE) Injection in Jackson Databind
2021-02-18 20:51:54
ibm
ibm
veracode
veracode
XML External Entity (XXE)
2020-10-15 05:10:32
nessus
nessus
RHEL 7 : rh-maven35-jackson-databind (RHSA-2020:4312)
2023-01-23 00:00:00
debiancve
debiancve
CVE-2020-25649
2020-12-03 17:15:12
cvelist
cvelist
CVE-2020-25649
2020-12-03 16:16:50
redhat
redhat
openvas
openvas
Fedora: Security Advisory for jackson-databind (FEDORA-2021-1d8254899c)
2021-02-10 00:00:00
Debian: Security Advisory (DLA-2406-1)
2020-10-15 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:1678-1)
2022-05-17 00:00:00
cve
cve
CVE-2020-25649
2020-12-03 17:15:12
cgr
cgr
CVE-2020-25649 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2020-25649 vulnerabilities
2024-05-29 03:07:31
nvd
nvd
CVE-2020-25649
2020-12-03 17:15:12
github
github
XML External Entity (XXE) Injection in Jackson Databind
2021-02-18 20:51:54
fedora
fedora
[SECURITY] Fedora 32 Update: jackson-databind-2.10.5.1-1.fc32
2021-02-10 01:30:26
prion
prion
Xxe
2020-12-03 17:15:00
redhatcve
redhatcve
CVE-2020-25649
2020-10-13 20:16:54
suse
suse
threatpost
threatpost
IBM Squashes Critical Remote Code-Execution Flaw
2021-02-23 19:36:32
mageia
mageia
Updated jackson-databind packages fix security vulnerabilities
2021-03-27 17:27:02
hp
hp
HP Device Manager Security Updates
2023-10-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00