Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-288c-cq4h-88gq

Опубликовано: 18 фев. 2021
Источник: github
Github: Прошло ревью
CVSS3: 7.5

Описание

XML External Entity (XXE) Injection in Jackson Databind

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

Ссылки

Пакеты

Наименование

com.fasterxml.jackson.core:jackson-databind

maven
Затронутые версииВерсия исправления

>= 2.6.0, <= 2.6.7.3

2.6.7.4

Наименование

com.fasterxml.jackson.core:jackson-databind

maven
Затронутые версииВерсия исправления

>= 2.7.0.0, <= 2.9.10.6

2.9.10.7

Наименование

com.fasterxml.jackson.core:jackson-databind

maven
Затронутые версииВерсия исправления

>= 2.10.0.0, <= 2.10.5.0

2.10.5.1

EPSS

Процентиль: 1%
0.00011
Низкий

7.5 High

CVSS3

CVE ID

CVE-2020-25649

Дефекты

CWE-611

Связанные уязвимости

ubuntu логотип

CVE-2020-25649

CVSS3: 7.5
ubuntu
почти 5 лет назад

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

redhat логотип

CVE-2020-25649

CVSS3: 7.5
redhat
почти 6 лет назад

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

nvd логотип

CVE-2020-25649

CVSS3: 7.5
nvd
почти 5 лет назад

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

debian логотип

CVE-2020-25649

CVSS3: 7.5
debian
почти 5 лет назад

A flaw was found in FasterXML Jackson Databind, where it did not have ...

fstec логотип

BDU:2022-05602

CVSS3: 7.5
fstec
почти 5 лет назад

Уязвимость компонента DOMDeserializer библиотеки FasterXML jackson-databind, позволяющая нарушителю проводить XXE-атаки

EPSS

Процентиль: 1%
0.00011
Низкий

7.5 High

CVSS3

CVE ID

CVE-2020-25649

Дефекты

CWE-611