Lucene search
Veracode Vulnerability DatabaseVERACODE:25696HistoryJun 17, 2020 - 4:31 a.m.
Remote Code Execution
2020-06-1704:31:35
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
25
EPSS
0.034
Percentile
91.5%
jackson-databind is vulnerable to remote code execution. It was possible to use the org.jsecurity gadget type as a serialization gadget through polymorphic typing and execute arbitrary code on the system.
References
github.com/FasterXML/jackson-databind/issues/2765
lists.debian.org/debian-lts-announce/2020/07/msg00001.html
medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
security.netapp.com/advisory/ntap-20200702-0003/
www.oracle.com//security-alerts/cpujul2021.html
www.oracle.com/security-alerts/cpuApr2021.html
www.oracle.com/security-alerts/cpujan2021.html
www.oracle.com/security-alerts/cpuoct2020.html
www.oracle.com/security-alerts/cpuoct2021.html
Related
redhatcve
redhatcve
CVE-2020-14195
2020-06-19 11:56:28
ubuntucve
ubuntucve
CVE-2020-14195
2020-06-16 00:00:00
osv
osv
CVE-2020-14195
2020-06-16 16:15:11
Deserialization of untrusted data in Jackson Databind
2020-06-18 14:44:43
jackson-databind - security update
2020-07-01 00:00:00
nvd
nvd
CVE-2020-14195
2020-06-16 16:15:11
prion
prion
Information disclosure
2020-06-16 16:15:00
debiancve
debiancve
CVE-2020-14195
2020-06-16 16:15:11
cvelist
cvelist
CVE-2020-14195
2020-06-16 15:07:11
ibm
ibm
cve
cve
CVE-2020-14195
2020-06-16 16:15:11
github
github
Deserialization of untrusted data in Jackson Databind
2020-06-18 14:44:43
debian
debian
[SECURITY] [DLA 2270-1] jackson-databind security update
2020-07-01 12:28:47
nessus
nessus
Debian DLA-2270-1 : jackson-databind security update
2020-07-02 00:00:00
FreeBSD : puppetdb -- Multiple vulnerabilities (10e3ed8a-db7f-11ea-8bdf-643150d3111d)
2020-08-11 00:00:00
RHEL 8 : opendaylight (Unpatched Vulnerability)
2024-06-03 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-2270-1)
2020-07-02 00:00:00
Mageia: Security Advisory (MGASA-2021-0153)
2022-01-28 00:00:00
Ubuntu: Security Advisory (USN-4813-1)
2023-01-27 00:00:00
freebsd
freebsd
puppetdb -- Multiple vulnerabilities
2020-07-23 00:00:00
redhat
redhat
(RHSA-2020:4366) Important: Satellite 6.8 release
2020-10-27 12:45:25
(RHSA-2020:3192) Important: Red Hat Fuse 7.7.0 release and security update
2020-07-28 15:50:16
mageia
mageia
Updated jackson-databind packages fix security vulnerabilities
2021-03-27 17:27:02
ubuntu
ubuntu
Jackson Databind vulnerabilities
2021-03-15 00:00:00
hp
hp
HP Device Manager Security Updates
2023-10-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00