6.8
CVSSv2

CVE-2020-10673

Published: 18/03/2020 Updated: 03/04/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

FasterXML jackson-databind 2.x prior to 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).

Vulnerability Trend

Affected Products

Vendor Product Versions
FasterxmlJackson-databind2.0.0, 2.0.1, 2.0.2, 2.0.4, 2.0.5, 2.0.6, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.4.0, 2.4.1, 2.4.1.1, 2.4.1.2, 2.4.1.3, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.5.1, 2.4.6, 2.4.6.1, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.7.1, 2.6.7.2, 2.6.7.3, 2.7.0, 2.7.1, 2.7.1-1, 2.7.2, 2.7.3, 2.7.4, 2.7.5, 2.7.6, 2.7.7, 2.7.8, 2.7.9, 2.7.9.1, 2.7.9.2, 2.7.9.3, 2.7.9.4, 2.7.9.5, 2.7.9.6, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.8.6, 2.8.7, 2.8.8, 2.8.8.1, 2.8.9, 2.8.10, 2.8.11, 2.8.11.1, 2.8.11.2, 2.8.11.3, 2.8.11.4, 2.8.11.5, 2.9.0, 2.9.1, 2.9.2, 2.9.3, 2.9.4, 2.9.5, 2.9.6, 2.9.7, 2.9.8, 2.9.9, 2.9.9.1, 2.9.9.2, 2.9.9.3, 2.9.9.4, 2.9.10, 2.9.10.1, 2.9.10.2
DebianDebian Linux8.0

Github Repositories

CVE-2020-10673