CVE-2020-36183 @ Maven-com.fasterxml.jackson.core:jackson-databind-2.8.9 #83

margaritalm · 2022-12-25T11:20:36Z

Checkmarx (SCA): Vulnerable Package
Vulnerability: Read More about CVE-2020-36183
Checkmarx Project: margaritalm/BookStore_Small_CLI_small
Repository URL: https://github.com/margaritalm/BookStore_Small_CLI_small
Branch: master
Scan ID: 79dde67e-447e-480d-9f9e-f0bfb2e3e6f8

FasterXML jackson-databind prior to 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.

Additional Info
Attack vector: NETWORK
Attack complexity: HIGH
Confidentiality impact: HIGH
Availability impact: HIGH
Remediation Upgrade Recommendation: 2.8.11.3-redhat-00001

margaritalm closed this as completed Sep 27, 2023

margaritalm reopened this Sep 27, 2023

margaritalm added project:margaritalm/BookStore_Small_CLI_small SCA and removed CxSCA labels Sep 27, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2020-36183 @ Maven-com.fasterxml.jackson.core:jackson-databind-2.8.9 #83

CVE-2020-36183 @ Maven-com.fasterxml.jackson.core:jackson-databind-2.8.9 #83

margaritalm commented Dec 25, 2022 •

edited

CVE-2020-36183 @ Maven-com.fasterxml.jackson.core:jackson-databind-2.8.9 #83

CVE-2020-36183 @ Maven-com.fasterxml.jackson.core:jackson-databind-2.8.9 #83

Comments

margaritalm commented Dec 25, 2022 • edited

margaritalm commented Dec 25, 2022 •

edited