FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Information
Published : 2020-03-01 20:15
Updated : 2021-12-02 13:22
NVD link : CVE-2020-9546
Mitre link : CVE-2020-9546
JSON object : View
CWE
CWE-502
Deserialization of Untrusted Data
Products Affected
oracle
- insurance_policy_administration_j2ee
- communications_session_route_manager
- communications_network_charging_and_control
- communications_session_report_manager
- primavera_unifier
- retail_sales_audit
- communications_evolved_communications_application_server
- communications_diameter_signaling_router
- financial_services_analytical_applications_infrastructure
- financial_services_price_creation_and_discovery
- communications_contacts_server
- weblogic_server
- jd_edwards_enterpriseone_orchestrator
- communications_instant_messaging_server
- communications_element_manager
- enterprise_manager_base_platform
- global_lifecycle_management_opatch
- financial_services_retail_customer_analytics
- retail_service_backbone
- banking_platform
- financial_services_institutional_performance_analytics
- jd_edwards_enterpriseone_tools
- communications_calendar_server
- agile_plm
- retail_xstore_point_of_service
- retail_merchandising_system
- banking_digital_experience
- autovue_for_agile_product_lifecycle_management
netapp
- active_iq_unified_manager
fasterxml
- jackson-databind
debian
- debian_linux