Skip to main content
CVE-2020-14060 HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Apache Deserialization Jackson Databind Active Iq Unified Manager Steelstore Cloud Integrated Storage +9
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
8.7%
CVE-2020-14062 HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Apache Deserialization Jackson Databind Active Iq Unified Manager Steelstore Cloud Integrated Storage +10
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
7.3%
CVE-2020-14061 HIGH PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Oracle Deserialization Jackson Databind Active Iq Unified Manager Steelstore Cloud Integrated Storage +12
NVD GitHub
CVSS 3.1
8.1
EPSS
4.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy