jackson-databind new CVEs

book

Article ID: 207203

calendar_today

Updated On:

Products

CA Application Performance Management (APM / Wily / Introscope)

Issue/Introduction

 

Latest scan has revealed ten new CVEs related to FasterXML jackson-databind 2.9.10.7.

Since seven of them have CVSS score 9.8, this is a critical issue.

The ten CVEs are:

https://nvd.nist.gov/vuln/detail/CVE-2020-35490
https://nvd.nist.gov/vuln/detail/CVE-2020-35491
https://nvd.nist.gov/vuln/detail/CVE-2020-35728
https://nvd.nist.gov/vuln/detail/CVE-2020-36183
https://nvd.nist.gov/vuln/detail/CVE-2020-36184
https://nvd.nist.gov/vuln/detail/CVE-2020-36185
https://nvd.nist.gov/vuln/detail/CVE-2020-36186
https://nvd.nist.gov/vuln/detail/CVE-2020-36187
https://nvd.nist.gov/vuln/detail/CVE-2020-36188
https://nvd.nist.gov/vuln/detail/CVE-2020-36189

 

Environment

Release : 10.7.0

Component : Introscope

Resolution

 

Jackson-databind library has been updated to version 2.9.10.8 in 10.7 hotfix 77