All vulnerabilities
CVE-2020-8840
Deserialization of Untrusted Data in jackson-databind
Description
FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
Patch Available
Fix available through Seal Security.
No upgrade required, protect your application instantly.
Fix without upgrading
Score
Severity
Ecosystem
Java
Publish Date
March 4, 2020
Modified Date
March 16, 2024
Score Vector
Affected Versions
