Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

CVE-2020-10969 @ Maven-com.fasterxml.jackson.core:jackson-databind-2.8.9 #88

Open
margaritalm opened this issue Dec 25, 2022 · 0 comments
Open

CVE-2020-10969 @ Maven-com.fasterxml.jackson.core:jackson-databind-2.8.9 #88

margaritalm opened this issue Dec 25, 2022 · 0 comments
Labels
branch:master Checkmarx project:margaritalm/BookStore_Small_CLI_small SCA

Comments

@margaritalm
Copy link
Owner

margaritalm commented Dec 25, 2022
edited
Loading

Checkmarx (SCA): Vulnerable Package
Vulnerability: Read More about CVE-2020-10969
Checkmarx Project: margaritalm/BookStore_Small_CLI_small
Repository URL: https://github.com/margaritalm/BookStore_Small_CLI_small
Branch: master
Scan ID: 79dde67e-447e-480d-9f9e-f0bfb2e3e6f8

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.

Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: HIGH
Availability impact: HIGH
Remediation Upgrade Recommendation: 2.8.11.3-redhat-00001
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
branch:master Checkmarx project:margaritalm/BookStore_Small_CLI_small SCA
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@margaritalm