[Checkmarx][OSA] CVE-2020-11112 - Score 9.8 - com.fasterxml.jackson.core:jackson-databind:2.10.2
miguelfreitas93 opened this issue · comments
** Library Details **
Library ID: 76F59F68DE2C8064E535A70E5874405EC654031E
Library Name: com.fasterxml.jackson.core:jackson-databind
Library Version: 2.10.2
Library Source File Name:
Library Confidence Level: 100
** Library Severity Details **
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
** CVE Details **
CVE Name: CVE-2020-11112
CVE Score: 9.8
Severity: High
State: TO_VERIFY
CVE Publish Date: 2020-03-31T05:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2020-11112
CVE Description: FasterXML jackson-databind 2.x before 2.9.10.4, 2.10.x before 2.10.4, 2.11.x before 2.11.0 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
** Recommendations **
Library Newest Version: 2.10.4
Library Newest Version Release Date: 2020-05-02T22:37:28
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 2.10.4
** Library Details **
Library ID: 76F59F68DE2C8064E535A70E5874405EC654031E
Library Name: com.fasterxml.jackson.core:jackson-databind
Library Version: 2.10.2
Library Source File Name:
Library Confidence Level: 100
** Library Severity Details **
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
** CVE Details **
CVE Name: CVE-2020-11112
CVE Score: 9.8
Severity: High
State: TO_VERIFY
CVE Publish Date: 2020-03-31T05:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2020-11112
CVE Description: FasterXML jackson-databind 2.x before 2.9.10.4, 2.10.x before 2.10.4, 2.11.x before 2.11.0 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
** Recommendations **
Library Newest Version: 2.10.4
Library Newest Version Release Date: 2020-05-02T22:37:28
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 2.10.4
Library Details
Library ID: 76F59F68DE2C8064E535A70E5874405EC654031E
Library Name: com.fasterxml.jackson.core:jackson-databind
Library Version: 2.10.2
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2020-11112
CVE Score: 9.8
Severity: High
State: TO_VERIFY
CVE Publish Date: 2020-03-31T05:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2020-11112
CVE Description: FasterXML jackson-databind 2.x before 2.9.10.4, 2.10.x before 2.10.4, 2.11.x before 2.11.0 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
Recommendations
Library Newest Version: 2.10.4
Library Newest Version Release Date: 2020-05-02T22:37:28
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 2.10.4
Library Details
Library ID: 76F59F68DE2C8064E535A70E5874405EC654031E
Library Name: com.fasterxml.jackson.core:jackson-databind
Library Version: 2.10.2
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2020-11112
CVE Score: 9.8
Severity: High
State: TO_VERIFY
CVE Publish Date: 2020-03-31T05:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2020-11112
CVE Description: FasterXML jackson-databind 2.x before 2.9.10.4, 2.10.x before 2.10.4, 2.11.x before 2.11.0 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
Recommendations
Library Newest Version: 2.10.4
Library Newest Version Release Date: 2020-05-02T22:37:28
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 2.10.4
Library Details
Library ID: 76F59F68DE2C8064E535A70E5874405EC654031E
Library Name: com.fasterxml.jackson.core:jackson-databind
Library Version: 2.10.2
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2020-11112
CVE Score: 9.8
Severity: High
State: TO_VERIFY
CVE Publish Date: 2020-03-31T05:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2020-11112
CVE Description: FasterXML jackson-databind 2.x before 2.9.10.4, 2.10.x before 2.10.4, 2.11.x before 2.11.0 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
Recommendations
Library Newest Version: 2.10.4
Library Newest Version Release Date: 2020-05-02T22:37:28
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 2.10.4
Library Details
Library ID: 76F59F68DE2C8064E535A70E5874405EC654031E
Library Name: com.fasterxml.jackson.core:jackson-databind
Library Version: 2.10.2
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2020-11112
CVE Score: 9.8
Severity: High
State: TO_VERIFY
CVE Publish Date: 2020-03-31T05:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2020-11112
CVE Description: FasterXML jackson-databind 2.x before 2.9.10.4, 2.10.x before 2.10.4, 2.11.x before 2.11.0 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
Recommendations
Library Newest Version: 2.10.4
Library Newest Version Release Date: 2020-05-02T22:37:28
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 2.10.4
Library Details
Library ID: 76F59F68DE2C8064E535A70E5874405EC654031E
Library Name: com.fasterxml.jackson.core:jackson-databind
Library Version: 2.10.2
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2020-11112
CVE Score: 9.8
Severity: High
State: TO_VERIFY
CVE Publish Date: 2020-03-31T05:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2020-11112
CVE Description: FasterXML jackson-databind 2.x before 2.9.10.4, 2.10.x before 2.10.4, 2.11.x before 2.11.0 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
Recommendations
Library Newest Version: 2.10.4
Library Newest Version Release Date: 2020-05-02T22:37:28
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 2.10.4
Library Details
Library ID: 76F59F68DE2C8064E535A70E5874405EC654031E
Library Name: com.fasterxml.jackson.core:jackson-databind
Library Version: 2.10.2
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2020-11112
CVE Score: 9.8
Severity: High
State: TO_VERIFY
CVE Publish Date: 2020-03-31T05:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2020-11112
CVE Description: FasterXML jackson-databind 2.x before 2.9.10.4, 2.10.x before 2.10.4, 2.11.x before 2.11.0 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
Recommendations
Library Newest Version: 2.10.4
Library Newest Version Release Date: 2020-05-02T22:37:28
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 2.10.4
Library Details
Library ID: 76F59F68DE2C8064E535A70E5874405EC654031E
Library Name: com.fasterxml.jackson.core:jackson-databind
Library Version: 2.10.2
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2020-11112
CVE Score: 9.8
Severity: High
State: TO_VERIFY
CVE Publish Date: 2020-03-31T05:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2020-11112
CVE Description: FasterXML jackson-databind 2.x before 2.9.10.4, 2.10.x before 2.10.4, 2.11.x before 2.11.0 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
Recommendations
Library Newest Version: 2.10.4
Library Newest Version Release Date: 2020-05-02T22:37:28
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 2.10.4
Library Details
Library ID: 76F59F68DE2C8064E535A70E5874405EC654031E
Library Name: com.fasterxml.jackson.core:jackson-databind
Library Version: 2.10.2
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2020-11112
CVE Score: 9.8
Severity: High
State: TO_VERIFY
CVE Publish Date: 2020-03-31T05:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2020-11112
CVE Description: FasterXML jackson-databind 2.x before 2.9.10.4, 2.10.x before 2.10.4, 2.11.x before 2.11.0 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
Recommendations
Library Newest Version: 2.10.4
Library Newest Version Release Date: 2020-05-02T22:37:28
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 2.10.4
Library Details
Library ID: 76F59F68DE2C8064E535A70E5874405EC654031E
Library Name: com.fasterxml.jackson.core:jackson-databind
Library Version: 2.10.2
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2020-11112
CVE Score: 9.8
Severity: High
State: TO_VERIFY
CVE Publish Date: 2020-03-31T05:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2020-11112
CVE Description: FasterXML jackson-databind 2.x before 2.9.10.4, 2.10.x before 2.10.4, 2.11.x before 2.11.0 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
Recommendations
Library Newest Version: 2.10.4
Library Newest Version Release Date: 2020-05-02T22:37:28
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 2.10.4
Library Details
Library ID: 76F59F68DE2C8064E535A70E5874405EC654031E
Library Name: com.fasterxml.jackson.core:jackson-databind
Library Version: 2.10.2
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2020-11112
CVE Score: 9.8
Severity: High
State: TO_VERIFY
CVE Publish Date: 2020-03-31T05:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2020-11112
CVE Description: FasterXML jackson-databind 2.x before 2.9.10.4, 2.10.x before 2.10.4, 2.11.x before 2.11.0 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
Recommendations
Library Newest Version: 2.10.4
Library Newest Version Release Date: 2020-05-02T22:37:28
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 2.10.4
Vulnerability does not exist anymore
Vulnerability does not exist anymore