Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2020-24750

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.

CVSS v3:

  • Severity: High
  • Score: 8.1
  • AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
oracle / application_testing_suite 13.3.0.1 13.3.0.1.x
oracle / agile_plm 9.3.6 9.3.6.x
oracle / communications_policy_management 12.5.0 12.5.0.x
oracle / communications_diameter_signaling_router 8.0.0 8.2.2.x
oracle / communications_offline_mediation_controller 12.0.0.3.0 12.0.0.3.0.x
oracle / communications_services_gatekeeper 7.0 7.0.x
oracle / communications_contacts_server 8.0.0.5.0 8.0.0.5.0.x
oracle / communications_calendar_server 8.0.0.4.0 8.0.0.4.0.x
oracle / banking_credit_facilities_process_management 14.3.0 14.3.0.x
oracle / banking_corporate_lending_process_management 14.3.0 14.3.0.x
oracle / siebel_core_-_server_framework - 21.5.x
oracle / communications_unified_inventory_management 7.4.1 7.4.1.x
oracle / communications_element_manager 8.2.0 8.2.4.0.x
oracle / autovue_for_agile_product_lifecycle_management 21.0.2 21.0.2.x
oracle / banking_supply_chain_finance 14.2.0 14.2.0.x
oracle / banking_credit_facilities_process_management 14.2.0 14.2.0.x
oracle / banking_credit_facilities_process_management 14.5.0 14.5.0.x
oracle / banking_corporate_lending_process_management 14.2.0 14.2.0.x
oracle / banking_corporate_lending_process_management 14.5.0 14.5.0.x
oracle / banking_supply_chain_finance 14.5.0 14.5.0.x
oracle / banking_supply_chain_finance 14.3.0 14.3.0.x
oracle / communications_messaging_server 8.1 8.1.x
oracle / siebel_ui_framework - 21.2.x
oracle / identity_manager_connector 11.1.1.5.0 11.1.1.5.0.x
oracle / communications_contacts_server 8.0 8.0.x
oracle / communications_calendar_server 8.0 8.0.x
oracle / banking_liquidity_management 14.3 14.3.x
oracle / banking_liquidity_management 14.5 14.5.x
oracle / banking_liquidity_management 14.2 14.2.x
oracle / communications_session_route_manager 8.2.0 8.2.2.1.x
oracle / communications_session_report_manager 8.0.0.0 8.2.2.1.x
oracle / communications_pricing_design_center 12.0.0.4.0 12.0.0.4.0.x
oracle / communications_instant_messaging_server 10.0.1.5.0 10.0.1.5.0.x
oracle / blockchain_platform - 21.1.2
debian / debian_linux 9.0 9.0.x
com.fasterxml.jackson.core / jackson-databind 2.0 2.6.7.5
com.fasterxml.jackson.core / jackson-databind 2.7.0 2.9.10.6
fasterxml / jackson-databind 2.0.0 2.6.7.5
fasterxml / jackson-databind 2.7.0 2.9.10.6