5 matches found
Unity Linux 20.1060e / 20.1070e Security Update: mybatis (UTSA-2026-016634)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016634 advisory. MyBatis before 3.5.6 mishandles deserialization of object streams. Tenable has extracted the preceding description block directly from the Unity Linux security...
OESA-2021-1292 mybatis security update
The MyBatis data mapper framework makes it easier to use a relational database with object-oriented applications. MyBatis couples objects with stored procedures or SQL statements using a XML descriptor or annotations. Simplicity is the biggest advantage of the MyBatis data mapper over object...
am.ik.blog:blog-mapper (>=4.0.0 <=4.6.0), app.myoss.cloud.mybatis:myoss-mybatis (>=2.0.0.RELEASE <=2.1.7.RELEASE) +8869 more potentially affected by CVE-2020-26945 via org.mybatis:mybatis (>=2.3.5 <=3.5.5)
org.mybatis:mybatis MAVEN version =2.3.5, =4.0.0, =2.0.0.RELEASE, =2.0.0.RELEASE, =1.2.0, =20.3.0, =19.3.0, =20.3.0, =19.3.0, =19.3.0, =23.1.0, =2.23.0, =19.3.0, =19.3.0, =19.3.0, =0.1.0, =1.6.0 and more Source cves: CVE-2020-26945 Source advisory: OSV:GHSA-QQ48-M4JX-XQH8...
CVE-2020-26945
The CVE-2020-26945 entry concerns MyBatis before 3.5.6, where mishandling deserialization of object streams can enable a high-severity impact. The vulnerability affects the MyBatis data mapper/framework’s deserialization path, with CVSS v3.1 base score 8.1 (NETWORK, HIGH complexity, no privileges...
CVE-2020-26945
MyBatis before 3.5.6 mishandles deserialization of object streams...