Description

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).

Remediation

References

CVE-2020-10673

Related Vulnerabilities

Artifactory Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10321)

Drupal Core 4.7.x Denial of Service (4.7.0 - 4.7.4)

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-5394)

Jboss EAP Improper Authentication Vulnerability (CVE-2011-4085)

WordPress Plugin Responsive Logo Slideshow Cross-Site Scripting (1.0)

Severity

High

Classification

CVE-2020-10673 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities