Описание
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| jackson-databind | fixed | 2.11.1-1 | package | |
| jackson-databind | fixed | 2.9.8-3+deb10u2 | buster | package |
| jackson-databind | fixed | 2.8.6-1+deb9u7 | stretch | package |
Примечания
https://github.com/FasterXML/jackson-databind/issues/2642
Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
but still an issue when Default Typing is enabled.
Связанные уязвимости
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
jackson-databind mishandles the interaction between serialization gadgets and typing
Уязвимость библиотеки Jackson-databind проекта FasterXML, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации