View all vulnerabilities

CVE-2020-10650

jackson-databind vulnerable to unsafe deserialization

The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
8.1
Score Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Versions
com.fasterxml.jackson.core:jackson-databind < 2.9.10.4
Severity
High
Ecosystem
Publish Date
July 15, 2022
Modified Date
April 14, 2025