CVE-2021-20190
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Se encontró un fallo en jackson-databind versiones anteriores a 2.9.10.7. FasterXML maneja inapropiadamente la interacción entre los gadgets de serialización y escritura. La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, así como la disponibilidad del sistema
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-17 CVE Reserved
- 2021-01-19 CVE Published
- 2023-11-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a%40%3Ccommits.nifi.apache.org%3E | Mailing List | |
https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html | Mailing List | |
https://security.netapp.com/advisory/ntap-20210219-0008 | Third Party Advisory | |
https://www.oracle.com//security-alerts/cpujul2021.html | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1916633 | 2021-05-06 | |
https://github.com/FasterXML/jackson-databind/issues/2854 | 2023-11-07 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2021-20190 | 2021-05-06 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Fasterxml Search vendor "Fasterxml" | Jackson-databind Search vendor "Fasterxml" for product "Jackson-databind" | < 2.6.7.5 Search vendor "Fasterxml" for product "Jackson-databind" and version " < 2.6.7.5" | - |
Affected
| ||||||
Fasterxml Search vendor "Fasterxml" | Jackson-databind Search vendor "Fasterxml" for product "Jackson-databind" | >= 2.7.0 < 2.9.10.7 Search vendor "Fasterxml" for product "Jackson-databind" and version " >= 2.7.0 < 2.9.10.7" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | linux |
Affected
| ||||||
Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | windows |
Affected
| ||||||
Netapp Search vendor "Netapp" | Oncommand Api Services Search vendor "Netapp" for product "Oncommand Api Services" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Oncommand Insight Search vendor "Netapp" for product "Oncommand Insight" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Service Level Manager Search vendor "Netapp" for product "Service Level Manager" | - | - |
Affected
| ||||||
Apache Search vendor "Apache" | Nifi Search vendor "Apache" for product "Nifi" | >= 1.7.0 <= 1.12.1 Search vendor "Apache" for product "Nifi" and version " >= 1.7.0 <= 1.12.1" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Commerce Guided Search And Experience Manager Search vendor "Oracle" for product "Commerce Guided Search And Experience Manager" | 11.3.2 Search vendor "Oracle" for product "Commerce Guided Search And Experience Manager" and version "11.3.2" | - |
Affected
|