Description

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).

Remediation

References

CVE-2020-9547

Related Vulnerabilities

Cherokee Cryptographic Issues Vulnerability (CVE-2011-2190)

Oracle HTTP Server Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2022-0391)

MySQL CVE-2018-2646 Vulnerability (CVE-2018-2646)

WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Disclosure (1.0.4)

WordPress Plugin WordPress Download Manager Cross-Site Scripting (2.7.94)

Severity

Critical

Classification

CVE-2020-9547 CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities