|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-12-20 | |
| Rule Name: | FasterXML Jackson-databind Remote Code Execution Vulnerability (CVE-2020-11113) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://github.com/FasterXML/jackson-databind/issues/2670 https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 https://security.netapp.com/advisory/ntap-20200403-0002/ |
|
| Solutions |
|---|
| The vendor has released upgrade patches to fix vulnerabilities, please visit: https://github.com/FasterXML/jackson-databind/issues/2670 |