jackson-databind vulnerable to unsafe deserialization

GHSA-rpr3-cw39-3pxh · CVE-2020-10650

Published Jul 15, 2022 · Modified Mar 13, 2026

Description

The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class ignite-jta.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-10650
WEB https://github.com/FasterXML/jackson-databind/issues/2658
WEB https://github.com/luisgarciacheckmarx/LGV_onefile/issues/19
WEB https://github.com/FasterXML/jackson-databind/pull/2864
WEB https://github.com/FasterXML/jackson-databind/commit/a424c038ba0c0d65e579e22001dec925902ac0ef
PACKAGE https://github.com/FasterXML/jackson-databind
WEB https://lists.debian.org/debian-lts-announce/2023/04/msg00032.html
WEB https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
WEB https://security.netapp.com/advisory/ntap-20230818-0007
WEB https://www.oracle.com/security-alerts/cpujan2021.html
WEB https://www.oracle.com/security-alerts/cpuoct2022.html

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes