CVE-2020-35491 in jackson-databindinfo

Summary

by MITRE • 12/18/2020

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Disclosure

12/18/2020

Moderation

accepted

Entry

VDB-166544

CPE

ready

CWE

CWE-502 (confirmed)

CVSS

6.3 (VulDB)

EPSS

0.09477

KEV

Activities

very low

Sector

Chemical, Energy, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2020-35491
NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-35491
CVE Details	https://www.cvedetails.com/cve/CVE-2020-35491/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!