8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:P/I:P/A:C
0.004 Low
EPSS
Percentile
74.4%
A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CPE | Name | Operator | Version |
---|---|---|---|
com.fasterxml.jackson.core:jackson-databind | lt | 2.6.7.5 | |
com.fasterxml.jackson.core:jackson-databind | lt | 2.9.10.7 |
bugzilla.redhat.com/show_bug.cgi?id=1916633
github.com/advisories/GHSA-5949-rw7g-wx7w
github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88
github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a
github.com/FasterXML/jackson-databind/issues/2854
lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a@%3Ccommits.nifi.apache.org%3E
lists.debian.org/debian-lts-announce/2021/04/msg00025.html
nvd.nist.gov/vuln/detail/CVE-2021-20190
security.netapp.com/advisory/ntap-20210219-0008
www.oracle.com//security-alerts/cpujul2021.html
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:P/I:P/A:C
0.004 Low
EPSS
Percentile
74.4%