Lucene search

CVE-2020-36184

🗓️ 06 Jan 2021 23:13:15Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 6 Media mentions👁 241 Views🌐 WEB

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles serialization gadgets and typing

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 56
Veracode	Arbitrary Code Execution	8 Jan 202106:11	–	veracode
Cvelist	CVE-2020-36184	6 Jan 202122:30	–	cvelist
Github Security Blog	Unsafe Deserialization in jackson-databind	9 Dec 202119:16	–	github
RedhatCVE	CVE-2020-36184	7 Jan 202120:14	–	redhatcve
Atlassian	Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server	9 Apr 202401:53	–	atlassian
Debian CVE	CVE-2020-36184	6 Jan 202123:15	–	debiancve
Prion	Design/Logic Flaw	6 Jan 202123:15	–	prion
UbuntuCve	CVE-2020-36184	6 Jan 202100:00	–	ubuntucve
OSV	Unsafe Deserialization in jackson-databind	9 Dec 202119:16	–	osv
OSV	CVE-2020-36184	6 Jan 202123:15	–	osv

Nvd

Node

netapp cloud_backupMatch-

netapp service_level_managerMatch-

Node

debian debian_linuxMatch9.0

Node

oracle agile_plmMatch9.3.6

oracle application_testing_suiteMatch13.3.0.1

oracle autovue_for_agile_product_lifecycle_managementMatch21.0.2

oracle banking_corporate_lending_process_managementMatch14.2

oracle banking_corporate_lending_process_managementMatch14.3

oracle banking_corporate_lending_process_managementMatch14.5

oracle banking_credit_facilities_process_managementMatch14.2

oracle banking_credit_facilities_process_managementMatch14.3

oracle banking_credit_facilities_process_managementMatch14.5

oracle banking_extensibility_workbenchMatch14.2

oracle banking_extensibility_workbenchMatch14.3

oracle banking_extensibility_workbenchMatch14.5

oracle banking_supply_chain_financeMatch14.2

oracle banking_supply_chain_financeMatch14.3

oracle banking_supply_chain_financeMatch14.5

oracle banking_treasury_managementMatch4.4

oracle banking_virtual_account_managementMatch14.2.0

oracle banking_virtual_account_managementMatch14.3.0

oracle banking_virtual_account_managementMatch14.5.0

oracle blockchain_platformRange≤21.1.2

oracle commerce_platformRange11.3.0–11.3.2

oracle commerce_platformMatch11.2.0

oracle communications_billing_and_revenue_managementMatch7.5.0.23.0

oracle communications_billing_and_revenue_managementMatch12.0.0.3.0

oracle communications_cloud_native_core_policyMatch1.14.0

oracle communications_cloud_native_core_unified_data_repositoryMatch1.4.0

oracle communications_convergent_charging_controllerMatch12.0.4.0.0

oracle communications_diameter_signaling_routeRange8.0.0.0–8.5.0.0

oracle communications_element_managerRange8.2.0.0–8.2.4.0

oracle communications_evolved_communications_application_serverMatch7.1

oracle communications_instant_messaging_serverMatch10.0.1.5.0

oracle communications_network_charging_and_controlMatch12.0.4.0.0

oracle communications_offline_mediation_controllerMatch12.0.0.3

oracle communications_policy_managementMatch12.5.0

oracle communications_pricing_design_centerMatch12.0.0.4.0

oracle communications_services_gatekeeperMatch7.0

oracle communications_session_report_managerRange8.0.0.0–8.2.2.1

oracle communications_session_route_managerRange8.2.0.0–8.2.2.1

oracle communications_unified_inventory_managementMatch7.4.1

oracle data_integratorMatch12.2.1.4.0

oracle documakerMatch12.6.0

oracle documakerMatch12.6.3

oracle documakerMatch12.6.4

oracle goldengate_application_adaptersMatch19.1.0.0.0

oracle insurance_policy_administrationRange11.1.0–11.3.0

oracle insurance_policy_administrationMatch11.0.2

oracle insurance_rules_paletteRange11.1.0–11.3.0

oracle insurance_rules_paletteMatch11.0.2

oracle jd_edwards_enterpriseone_orchestratorRange<9.2.5.3

oracle jd_edwards_enterpriseone_toolsRange<9.2.5.3

oracle primavera_gatewayRange17.12.0–17.12.11

oracle primavera_gatewayRange18.8.0–18.8.11

oracle primavera_gatewayRange19.12.0–19.12.10

oracle primavera_gatewayMatch20.12.0

oracle primavera_unifierRange17.7–17.12

oracle primavera_unifierMatch17.2

oracle primavera_unifierMatch18.8

oracle primavera_unifierMatch19.12

oracle primavera_unifierMatch20.12

oracle retail_customer_management_and_segmentation_foundationRange16.0–19.0

oracle retail_merchandising_systemMatch15.0.3

oracle retail_service_backboneMatch14.1.3.2

oracle retail_service_backboneMatch15.0.3.1

oracle retail_service_backboneMatch16.0.3.0

oracle retail_xstore_point_of_serviceMatch16.0.6

oracle retail_xstore_point_of_serviceMatch17.0.4

oracle retail_xstore_point_of_serviceMatch18.0.3

oracle retail_xstore_point_of_serviceMatch19.0.2

oracle webcenter_portalMatch12.2.1.3.0

oracle webcenter_portalMatch12.2.1.4.0

Node

fasterxml jackson-databindRange2.0.0–2.6.7.5

fasterxml jackson-databindRange2.7.0–2.9.10.8

Source	Link
oracle	www.oracle.com/security-alerts/cpuapr2022.html
oracle	www.oracle.com/security-alerts/cpujul2022.html
oracle	www.oracle.com/security-alerts/cpuoct2021.html
oracle	www.oracle.com/security-alerts/cpuApr2021.html
github	www.github.com/FasterXML/jackson-databind/issues/2998
cowtowncoder	www.cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
oracle	www.oracle.com/security-alerts/cpujan2022.html
security	www.security.netapp.com/advisory/ntap-20210205-0005/
lists	www.lists.debian.org/debian-lts-announce/2021/04/msg00025.html
oracle	www.oracle.com//security-alerts/cpujul2021.html

Parameter	Position	Path	Description	CWE
dataSourceName	query param	/Exploit	Vulnerability in Jackson-databind allows for RCE through crafted input targeting PerUserPoolDataSource.	CWE-502

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

06 Jan 2021 23:15Current

7.7High risk

Vulners AI Score7.7

CVSS26.8

CVSS38.1

EPSS0.05061

SSVC

CWE-502