Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Block 2 more gadget types (commons-dbcp2, CVE-2020-35490/CVE-2020-35491) #2986

Closed
cowtowncoder opened this issue Dec 14, 2020 · 0 comments
Closed
Labels
CVE Issues related to public CVEs (security vuln reports)
Milestone

Comments

@cowtowncoder
Copy link
Member

cowtowncoder commented Dec 14, 2020

Another gadget type(s) reported regarding class(es) of org.apache.commons:commons-dbcp2. library.
See https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 for description of the general problem.

Reporter(s): Al1ex@knownsec
Mitre ids:
* CVE-2020-35490
* CVE-2020-35491

Fix is included in:

@cowtowncoder cowtowncoder added to-evaluate Issue that has been received but not yet evaluated CVE Issues related to public CVEs (security vuln reports) and removed to-evaluate Issue that has been received but not yet evaluated labels Dec 14, 2020
@cowtowncoder cowtowncoder changed the title Block one more gadget type (-, CVE-xxxx-xxx) Block 2 more gadget types (-, CVE-xxxx-xxx) Dec 16, 2020
cowtowncoder added a commit that referenced this issue Dec 16, 2020
@cowtowncoder cowtowncoder added this to the 2.9.10.8 milestone Dec 16, 2020
@cowtowncoder cowtowncoder changed the title Block 2 more gadget types (-, CVE-xxxx-xxx) Block 2 more gadget types (commons-dbcp2, CVE-xxxx-xxx) Dec 16, 2020
@cowtowncoder cowtowncoder changed the title Block 2 more gadget types (commons-dbcp2, CVE-xxxx-xxx) Block 2 more gadget types (commons-dbcp2, CVE-2020-35490/CVE-2020-35491) Dec 18, 2020
cowtowncoder added a commit that referenced this issue Dec 18, 2020
This was referenced Dec 18, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
CVE Issues related to public CVEs (security vuln reports)
Projects
None yet
Development

No branches or pull requests

1 participant