This repository has been archived by the owner on Jun 6, 2023. It is now read-only.
CVE-2020-8840 (Medium) detected in jackson-databind-2.9.10.1.jar #16
Labels
security vulnerability
Security vulnerability detected by WhiteSource
CVE-2020-8840 - Medium Severity Vulnerability
Vulnerable Library - jackson-databind-2.9.10.1.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /tmp/ws-scm/elasticsearch-benchmark-tool/pom.xml
Path to vulnerable library: epository/com/fasterxml/jackson/core/jackson-databind/2.9.10.1/jackson-databind-2.9.10.1.jar
Dependency Hierarchy:
Vulnerability Details
FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
Publish Date: 2020-02-10
URL: CVE-2020-8840
CVSS 2 Score Details (5.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: FasterXML/jackson-databind#2620
Release Date: 2020-02-10
Fix Resolution: 2.8.115,2.9.10.3
The text was updated successfully, but these errors were encountered: