| Max CVSS | 7.5 | Min CVSS | 6.8 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-10969 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
|
03-07-2024 - 01:36 | 26-03-2020 - 13:15 | |
| CVE-2020-10968 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
|
03-07-2024 - 01:36 | 26-03-2020 - 13:15 | |
| CVE-2020-9548 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
|
13-09-2023 - 14:57 | 02-03-2020 - 04:15 | |
| CVE-2020-9547 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
|
13-09-2023 - 14:57 | 02-03-2020 - 04:15 | |
| CVE-2019-20330 | 7.5 |
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
|
13-09-2023 - 14:55 | 03-01-2020 - 04:15 | |
| CVE-2020-8840 | 7.5 |
FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
|
08-06-2023 - 17:54 | 10-02-2020 - 21:56 | |
| CVE-2020-9546 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
|
02-12-2021 - 21:22 | 02-03-2020 - 04:15 | |
| CVE-2020-14062 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).
|
17-11-2021 - 20:21 | 14-06-2020 - 20:15 | |
| CVE-2020-14195 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
|
17-11-2021 - 20:20 | 16-06-2020 - 16:15 | |
| CVE-2020-14060 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).
|
17-11-2021 - 20:20 | 14-06-2020 - 21:15 | |
| CVE-2020-14061 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, o
|
17-11-2021 - 16:56 | 14-06-2020 - 20:15 | |
| CVE-2020-11619 | 6.8 |
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
|
22-02-2021 - 21:29 | 07-04-2020 - 23:15 |