Debian 8: DLA-2179-1 critical: jackson-databind DoS Risk
debian lts
April 18, 2020
Following CVEs were reported against the jackson-databind source package :
Topics Covered
Summary
Following CVEs were reported against the jackson-databind source package
:
CVE-2020-10968
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interaction between serialization gadgets and typing, related
to org.aoju.bus.proxy.provider.remoting.RmiProvider
(aka bus-proxy).
CVE-2020-10969
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interaction between serialization gadgets and typing, related
to javax.swing.JEditorPane.
CVE-2020-11111
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interaction between serialization gadgets and typing, related
to org.apache.activemq.* (aka activemq-jms, activemq-core,
activemq-pool, and activemq-pool-jms).
CVE-2020-11112
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interaction between serialization gadgets and typing, related
to org.apache.commons.proxy.provider.remoting.RmiProvider
(aka apache/commons-proxy).
CVE-2020-11113
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Package: jackson-databind
Version: 2.4.2-2+deb8u14
CVE ID: CVE-2020-10968 CVE-2020-10969 CVE-2020-11111
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!