Description

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).

Remediation

References

CVE-2020-9548

Related Vulnerabilities

WordPress Plugin CONTUS VBLOG-Video Blogging 'save.php' Arbitrary File Upload (1.0)

WordPress Plugin Floating Tweets Multiple Vulnerabilities (1.0.1)

Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.15)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.29)

Moodle Improper Authentication Vulnerability (CVE-2021-40693)

Severity

Critical

Classification

CVE-2020-9548 CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities