[Checkmarx][OSA] CVE-2020-8840 - Score 9.8 - com.fasterxml.jackson.core:jackson-databind:2.10.2
miguelfreitas93 opened this issue · comments
** Library Details **
Library ID: 76F59F68DE2C8064E535A70E5874405EC654031E
Library Name: com.fasterxml.jackson.core:jackson-databind
Library Version: 2.10.2
Library Source File Name:
Library Confidence Level: 100
** Library Severity Details **
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
** CVE Details **
CVE Name: CVE-2020-8840
CVE Score: 9.8
Severity: High
State: NOT_EXPLOITABLE
CVE Publish Date: 2020-02-10T21:56:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2020-8840
CVE Description: FasterXML jackson-databind 2.x before 2.7.9.7, 2.8.x before 2.8.11.5, 2.9.x before 2.9.10.3 and 2.10.x before 2.10.3 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
** Recommendations **
Library Newest Version: 2.10.4
Library Newest Version Release Date: 2020-05-02T22:37:28
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 2.10.4
** Library Details **
Library ID: 76F59F68DE2C8064E535A70E5874405EC654031E
Library Name: com.fasterxml.jackson.core:jackson-databind
Library Version: 2.10.2
Library Source File Name:
Library Confidence Level: 100
** Library Severity Details **
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
** CVE Details **
CVE Name: CVE-2020-8840
CVE Score: 9.8
Severity: High
State: NOT_EXPLOITABLE
CVE Publish Date: 2020-02-10T21:56:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2020-8840
CVE Description: FasterXML jackson-databind 2.x before 2.7.9.7, 2.8.x before 2.8.11.5, 2.9.x before 2.9.10.3 and 2.10.x before 2.10.3 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
** Recommendations **
Library Newest Version: 2.10.4
Library Newest Version Release Date: 2020-05-02T22:37:28
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 2.10.4
Library Details
Library ID: 76F59F68DE2C8064E535A70E5874405EC654031E
Library Name: com.fasterxml.jackson.core:jackson-databind
Library Version: 2.10.2
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2020-8840
CVE Score: 9.8
Severity: High
State: NOT_EXPLOITABLE
CVE Publish Date: 2020-02-10T21:56:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2020-8840
CVE Description: FasterXML jackson-databind 2.x before 2.7.9.7, 2.8.x before 2.8.11.5, 2.9.x before 2.9.10.3 and 2.10.x before 2.10.3 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
Recommendations
Library Newest Version: 2.10.4
Library Newest Version Release Date: 2020-05-02T22:37:28
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 2.10.4
Library Details
Library ID: 76F59F68DE2C8064E535A70E5874405EC654031E
Library Name: com.fasterxml.jackson.core:jackson-databind
Library Version: 2.10.2
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2020-8840
CVE Score: 9.8
Severity: High
State: NOT_EXPLOITABLE
CVE Publish Date: 2020-02-10T21:56:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2020-8840
CVE Description: FasterXML jackson-databind 2.x before 2.7.9.7, 2.8.x before 2.8.11.5, 2.9.x before 2.9.10.3 and 2.10.x before 2.10.3 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
Recommendations
Library Newest Version: 2.10.4
Library Newest Version Release Date: 2020-05-02T22:37:28
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 2.10.4
Library Details
Library ID: 76F59F68DE2C8064E535A70E5874405EC654031E
Library Name: com.fasterxml.jackson.core:jackson-databind
Library Version: 2.10.2
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2020-8840
CVE Score: 9.8
Severity: High
State: NOT_EXPLOITABLE
CVE Publish Date: 2020-02-10T21:56:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2020-8840
CVE Description: FasterXML jackson-databind 2.x before 2.7.9.7, 2.8.x before 2.8.11.5, 2.9.x before 2.9.10.3 and 2.10.x before 2.10.3 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
Recommendations
Library Newest Version: 2.10.4
Library Newest Version Release Date: 2020-05-02T22:37:28
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 2.10.4
Library Details
Library ID: 76F59F68DE2C8064E535A70E5874405EC654031E
Library Name: com.fasterxml.jackson.core:jackson-databind
Library Version: 2.10.2
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2020-8840
CVE Score: 9.8
Severity: High
State: NOT_EXPLOITABLE
CVE Publish Date: 2020-02-10T21:56:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2020-8840
CVE Description: FasterXML jackson-databind 2.x before 2.7.9.7, 2.8.x before 2.8.11.5, 2.9.x before 2.9.10.3 and 2.10.x before 2.10.3 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
Recommendations
Library Newest Version: 2.10.4
Library Newest Version Release Date: 2020-05-02T22:37:28
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 2.10.4
Library Details
Library ID: 76F59F68DE2C8064E535A70E5874405EC654031E
Library Name: com.fasterxml.jackson.core:jackson-databind
Library Version: 2.10.2
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2020-8840
CVE Score: 9.8
Severity: High
State: NOT_EXPLOITABLE
CVE Publish Date: 2020-02-10T21:56:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2020-8840
CVE Description: FasterXML jackson-databind 2.x before 2.7.9.7, 2.8.x before 2.8.11.5, 2.9.x before 2.9.10.3 and 2.10.x before 2.10.3 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
Recommendations
Library Newest Version: 2.10.4
Library Newest Version Release Date: 2020-05-02T22:37:28
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 2.10.4
Library Details
Library ID: 76F59F68DE2C8064E535A70E5874405EC654031E
Library Name: com.fasterxml.jackson.core:jackson-databind
Library Version: 2.10.2
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2020-8840
CVE Score: 9.8
Severity: High
State: NOT_EXPLOITABLE
CVE Publish Date: 2020-02-10T21:56:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2020-8840
CVE Description: FasterXML jackson-databind 2.x before 2.7.9.7, 2.8.x before 2.8.11.5, 2.9.x before 2.9.10.3 and 2.10.x before 2.10.3 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
Recommendations
Library Newest Version: 2.10.4
Library Newest Version Release Date: 2020-05-02T22:37:28
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 2.10.4
Library Details
Library ID: 76F59F68DE2C8064E535A70E5874405EC654031E
Library Name: com.fasterxml.jackson.core:jackson-databind
Library Version: 2.10.2
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2020-8840
CVE Score: 9.8
Severity: High
State: NOT_EXPLOITABLE
CVE Publish Date: 2020-02-10T21:56:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2020-8840
CVE Description: FasterXML jackson-databind 2.x before 2.7.9.7, 2.8.x before 2.8.11.5, 2.9.x before 2.9.10.3 and 2.10.x before 2.10.3 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
Recommendations
Library Newest Version: 2.10.4
Library Newest Version Release Date: 2020-05-02T22:37:28
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 2.10.4
Library Details
Library ID: 76F59F68DE2C8064E535A70E5874405EC654031E
Library Name: com.fasterxml.jackson.core:jackson-databind
Library Version: 2.10.2
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2020-8840
CVE Score: 9.8
Severity: High
State: NOT_EXPLOITABLE
CVE Publish Date: 2020-02-10T21:56:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2020-8840
CVE Description: FasterXML jackson-databind 2.x before 2.7.9.7, 2.8.x before 2.8.11.5, 2.9.x before 2.9.10.3 and 2.10.x before 2.10.3 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
Recommendations
Library Newest Version: 2.10.4
Library Newest Version Release Date: 2020-05-02T22:37:28
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 2.10.4
Library Details
Library ID: 76F59F68DE2C8064E535A70E5874405EC654031E
Library Name: com.fasterxml.jackson.core:jackson-databind
Library Version: 2.10.2
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2020-8840
CVE Score: 9.8
Severity: High
State: NOT_EXPLOITABLE
CVE Publish Date: 2020-02-10T21:56:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2020-8840
CVE Description: FasterXML jackson-databind 2.x before 2.7.9.7, 2.8.x before 2.8.11.5, 2.9.x before 2.9.10.3 and 2.10.x before 2.10.3 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
Recommendations
Library Newest Version: 2.10.4
Library Newest Version Release Date: 2020-05-02T22:37:28
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 2.10.4
Library Details
Library ID: 76F59F68DE2C8064E535A70E5874405EC654031E
Library Name: com.fasterxml.jackson.core:jackson-databind
Library Version: 2.10.2
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2020-8840
CVE Score: 9.8
Severity: High
State: NOT_EXPLOITABLE
CVE Publish Date: 2020-02-10T21:56:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2020-8840
CVE Description: FasterXML jackson-databind 2.x before 2.7.9.7, 2.8.x before 2.8.11.5, 2.9.x before 2.9.10.3 and 2.10.x before 2.10.3 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
Recommendations
Library Newest Version: 2.10.4
Library Newest Version Release Date: 2020-05-02T22:37:28
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 2.10.4