Vulnerabilities > CVE-2020-36179 - Deserialization of Untrusted Data vulnerability in multiple products

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL

Summary

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.

Vulnerable Configurations

Part Description Count
Application
Fasterxml
27
Application
Netapp
2
Application
Oracle
125
OS
Debian
1

Common Weakness Enumeration (CWE)