CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2021/01/06 10:29 p.m.•277 views

CVE-2020-36186

CVE-2020-36186 affects FasterXML jackson-databind 2.x up to before 2.9.10.8, where serialization gadgets and typing handling interact incorrectly in the presence of PerUserPoolDataSource (org.apache.tomcat.dbcp.dbcp.datasources). This deserialization-related flaw can impact confidentiality, integ...

8.1CVSS7.7AI score0.02413EPSS

Cvelist•added 2021/01/06 10:29 p.m.•22 views

CVE-2020-36186

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource...

8.7AI score0.02413EPSS

Debian CVE•added 2021/01/06 10:29 p.m.•31 views

CVE-2020-36186

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource...

8.1CVSS8.1AI score0.02413EPSS

Debian CVE•added 2021/01/06 10:29 p.m.•24 views

CVE-2020-36187

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource...

8.1CVSS8.1AI score0.02147EPSS

CVE•added 2021/01/06 10:29 p.m.•269 views

CVE-2020-36187

CVE-2020-36187 affects FasterXML jackson-databind 2.x before 2.9.10.8. The root cause is a mishandling of the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. The connected Astra Linux bulletin mirrors this description....

8.1CVSS7.7AI score0.02147EPSS

Cvelist•added 2021/01/06 10:29 p.m.•25 views

CVE-2020-36187

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource...

8.7AI score0.02147EPSS

Cvelist•added 2021/01/06 10:29 p.m.•31 views

CVE-2020-36188

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource...

8.7AI score0.0944EPSS

CVE•added 2021/01/06 10:29 p.m.•278 views

CVE-2020-36188

The CVE-2020-36188 issue affects FasterXML jackson-databind 2.x prior to 2.9.10.8, caused by mis-handling serialization gadgets in combination with typing (notably involving com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource). The vulnerability is described across multiple source...

8.1CVSS7.7AI score0.0944EPSS

Debian CVE•added 2021/01/06 10:29 p.m.•33 views

CVE-2020-36188

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource...

8.1CVSS8.7AI score0.0944EPSS

Cvelist•added 2021/01/06 10:29 p.m.•21 views

CVE-2020-36189

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource...

8.7AI score0.03941EPSS

CVE•added 2021/01/06 10:29 p.m.•285 views

CVE-2020-36189

CVE-2020-36189 affects FasterXML jackson-databind 2.x before 2.9.10.8. The issue is a deserialization/serialization typing interaction with gadgets (e.g., logback, MySQL/commons proxies) that can lead to arbitrary code execution, data exfiltration or integrity/availability impacts as described in...

8.1CVSS7.7AI score0.03941EPSS

Debian CVE•added 2021/01/06 10:29 p.m.•24 views

CVE-2020-36189

8.1CVSS8.7AI score0.03941EPSS