Lucene search

CVE-2020-36179

🗓️ 07 Jan 2021 00:14:15Reported by [email protected]Type

FasterXML jackson-databind 2.x before 2.9.10.8 serialization mishandl

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 57
Cvelist	CVE-2020-36179	6 Jan 202122:30	–	cvelist
Github Security Blog	Unsafe Deserialization in jackson-databind	9 Dec 202119:15	–	github
OSV	CVE-2020-36179	7 Jan 202100:15	–	osv
OSV	GHSA-9GPH-22XH-8X98 Unsafe Deserialization in jackson-databind	9 Dec 202119:15	–	osv
OSV	DLA-2638-1 jackson-databind - security update	25 Apr 202100:00	–	osv
Atlassian	Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server	9 Apr 202401:52	–	atlassian
Check Point Advisories	FasterXML jackson-databind Insecure Deserialization (CVE-2020-36179)	17 Jan 202100:00	–	checkpoint_advisories
Vulnrichment	CVE-2020-36179	6 Jan 202122:30	–	vulnrichment
CVE	CVE-2020-36179	7 Jan 202100:15	–	cve
Debian CVE	CVE-2020-36179	7 Jan 202100:15	–	debiancve

Nvd

Node

netapp cloud_backupMatch-

netapp service_level_managerMatch-

Node

debian debian_linuxMatch9.0

Node

oracle agile_plmMatch9.3.6

oracle application_testing_suiteMatch13.3.0.1

oracle autovue_for_agile_product_lifecycle_managementMatch21.0.2

oracle banking_corporate_lending_process_managementMatch14.2

oracle banking_corporate_lending_process_managementMatch14.3

oracle banking_corporate_lending_process_managementMatch14.5

oracle banking_credit_facilities_process_managementMatch14.2

oracle banking_credit_facilities_process_managementMatch14.3

oracle banking_credit_facilities_process_managementMatch14.5

oracle banking_supply_chain_financeMatch14.2

oracle banking_supply_chain_financeMatch14.3

oracle banking_supply_chain_financeMatch14.5

oracle banking_treasury_managementMatch14.4

oracle banking_virtual_account_managementMatch14.2.0

oracle banking_virtual_account_managementMatch14.3.0

oracle banking_virtual_account_managementMatch14.5.0

oracle blockchain_platformRange≤21.1.2

oracle commerce_platformRange11.3.0–11.3.2

oracle commerce_platformMatch11.2.0

oracle communications_billing_and_revenue_managementMatch7.5.0.23.0

oracle communications_billing_and_revenue_managementMatch12.0.0.3.0

oracle communications_cloud_native_core_policyMatch1.14.0

oracle communications_cloud_native_core_unified_data_repositoryMatch1.4.0

oracle communications_convergent_charging_controllerMatch12.0.4.0.0

oracle communications_diameter_signaling_routeRange8.0.0.0–8.5.0.0

oracle communications_element_managerRange8.2.0.0–8.2.4.0

oracle communications_evolved_communications_application_serverMatch7.1

oracle communications_instant_messaging_serverMatch10.0.1.5.0

oracle communications_network_charging_and_controlMatch12.0.4.0.0

oracle communications_offline_mediation_controllerMatch12.0.0.3

oracle communications_policy_managementMatch12.5.0

oracle communications_pricing_design_centerMatch12.0.0.4.0

oracle communications_services_gatekeeperMatch7.0

oracle communications_session_report_managerRange8.0.0.0–8.2.2.1

oracle communications_session_route_managerRange8.2.0–8.2.2.1

oracle communications_unified_inventory_managementMatch7.4.1

oracle data_integratorMatch12.2.1.4.0

oracle goldengate_application_adaptersMatch19.1.0.0.0

oracle insurance_policy_administrationRange11.1.0–11.3.0

oracle insurance_policy_administrationMatch11.0.2

oracle insurance_rules_paletteRange11.1.0–11.3.0

oracle insurance_rules_paletteMatch11.0.2

oracle jd_edwards_enterpriseone_orchestratorRange<9.2.5.3

oracle jd_edwards_enterpriseone_toolsRange<9.2.5.3

oracle primavera_gatewayRange17.12.0–17.12.11

oracle primavera_gatewayRange18.8.0–18.8.11

oracle primavera_gatewayRange19.12.0–19.12.10

oracle primavera_gatewayMatch20.12.0

oracle primavera_unifierRange17.7–17.12

oracle primavera_unifierMatch18.8

oracle primavera_unifierMatch19.12

oracle primavera_unifierMatch20.12

oracle retail_customer_management_and_segmentation_foundationRange16.0–19.0

oracle retail_merchandising_systemMatch15.0.3

oracle retail_service_backboneMatch14.1.3.2

oracle retail_service_backboneMatch15.0.3.1

oracle retail_service_backboneMatch16.0.3.0

oracle retail_xstore_point_of_serviceMatch16.0.6

oracle retail_xstore_point_of_serviceMatch17.0.4

oracle retail_xstore_point_of_serviceMatch18.0.3

oracle retail_xstore_point_of_serviceMatch19.0.2

oracle webcenter_portalMatch12.2.1.3.0

oracle webcenter_portalMatch12.2.1.4.0

Node

fasterxml jackson-databindRange2.0.0–2.6.7.5

fasterxml jackson-databindRange2.7.0–2.9.10.8

Source	Link
oracle	www.oracle.com/security-alerts/cpuApr2021.html
lists	www.lists.debian.org/debian-lts-announce/2021/04/msg00025.html
oracle	www.oracle.com/security-alerts/cpuapr2022.html
oracle	www.oracle.com//security-alerts/cpujul2021.html
cowtowncoder	www.cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
github	www.github.com/FasterXML/jackson-databind/issues/3004
oracle	www.oracle.com/security-alerts/cpuoct2021.html
security	www.security.netapp.com/advisory/ntap-20210205-0005/
oracle	www.oracle.com/security-alerts/cpujan2022.html
oracle	www.oracle.com/security-alerts/cpujul2022.html

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

07 Jan 2021 00:15Current

8.7High risk

Vulners AI Score8.7

CVSS26.8

CVSS38.1

EPSS0.61296

CWE-502

fasterxml jackson-databind serialization mishandle interaction runtime-gadget oadd apache-commons dbcp cpdsadapter driveradaptercpds vulnerability cve-2020-36179