Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-25649

Опубликовано: 03 дек. 2020
Источник: debian

Описание

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
jackson-databindfixed2.11.1-1package
jackson-databindfixed2.9.8-3+deb10u3busterpackage

Примечания

  • https://github.com/FasterXML/jackson-databind/issues/2589

  • https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59 (jackson-databind-2.11.0.rc1)

Связанные уязвимости

ubuntu логотип

CVE-2020-25649

CVSS3: 7.5
ubuntu
больше 4 лет назад

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

redhat логотип

CVE-2020-25649

CVSS3: 7.5
redhat
больше 5 лет назад

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

nvd логотип

CVE-2020-25649

CVSS3: 7.5
nvd
больше 4 лет назад

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

github логотип

GHSA-288c-cq4h-88gq

CVSS3: 7.5
github
больше 4 лет назад

XML External Entity (XXE) Injection in Jackson Databind

fstec логотип

BDU:2022-05602

CVSS3: 7.5
fstec
больше 4 лет назад

Уязвимость компонента DOMDeserializer библиотеки FasterXML jackson-databind, позволяющая нарушителю проводить XXE-атаки