CVE-2021-20190

A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*

Configuration 3 (hide)

cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:oracle:commerce_guided_search_and_experience_manager:11.3.2:*:*:*:*:*:*:*

Information

Published : 2021-01-19 09:15

Updated : 2022-06-03 06:07


NVD link : CVE-2021-20190

Mitre link : CVE-2021-20190


JSON object : View

CWE
CWE-502

Deserialization of Untrusted Data

Advertisement

dedicated server usa

Products Affected

fasterxml

  • jackson-databind

apache

  • nifi

netapp

  • service_level_manager
  • oncommand_insight
  • active_iq_unified_manager
  • oncommand_api_services

oracle

  • commerce_guided_search_and_experience_manager

debian

  • debian_linux