Description

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).

Remediation

References

CVE-2020-11620

Related Vulnerabilities

WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark Security Bypass (2.8.7)

WordPress Plugin Super Logos Showcase for WordPress Arbitrary File Upload (2.2)

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10268)

Atlassian Jira Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-41307)

WordPress Plugin WP jPlayer Cross-Site Scripting (0.1)

Severity

High

Classification

CVE-2020-11620 CWE-502 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities