Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2020-11620

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).

CVSS v3:

  • Severity: High
  • Score: 8.1
  • AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
fasterxml / jackson-databind 2.9.0 2.9.10.4
debian / debian_linux 8.0 8.0.x
netapp / active_iq_unified_manager 7.3 7.3.x
netapp / active_iq_unified_manager 9.5 9.5.x
oracle / retail_xstore_point_of_service 15.0 15.0.x
oracle / primavera_unifier 16.2 16.2.x
oracle / primavera_unifier 16.1 16.1.x
oracle / weblogic_server 12.2.1.3.0 12.2.1.3.0.x
oracle / retail_xstore_point_of_service 16.0 16.0.x
oracle / primavera_unifier 18.8 18.8.x
oracle / primavera_unifier 17.7 17.12.x
oracle / retail_merchandising_system 15.0 15.0.x
oracle / weblogic_server 12.2.1.4.0 12.2.1.4.0.x
oracle / enterprise_manager_base_platform 13.3.0.0 13.3.0.0.x
oracle / primavera_unifier 19.12 19.12.x
oracle / enterprise_manager_base_platform 13.4.0.0 13.4.0.0.x
oracle / communications_instant_messaging_server 10.0.1.4.0 10.0.1.4.0.x
oracle / retail_xstore_point_of_service 17.0 17.0.x
oracle / retail_xstore_point_of_service 18.0 18.0.x
oracle / retail_xstore_point_of_service 19.0 19.0.x
oracle / retail_sales_audit 14.1 14.1.x
oracle / communications_evolved_communications_application_server 7.1 7.1.x
oracle / communications_network_charging_and_control 6.0.1 6.0.1.x
oracle / jd_edwards_enterpriseone_tools - 9.2.4.2
oracle / jd_edwards_enterpriseone_orchestrator - 9.2.4.2
oracle / communications_network_charging_and_control 12.0.0 12.0.3.x
oracle / banking_platform 2.4.0 2.9.0.x
oracle / communications_contacts_server 8.0.0.4.0 8.0.0.4.0.x
oracle / global_lifecycle_management_opatch - 12.2.0.1.20
com.fasterxml.jackson.core / jackson-databind 2.9.0 2.9.10.4