Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-25649

Опубликовано: 03 дек. 2020
Источник: ubuntu
Приоритет: medium
CVSS2: 5
CVSS3: 7.5

Описание

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
devel

not-affected

2.11.1-1
esm-apps/bionic

needed

esm-apps/focal

needed

esm-apps/jammy

not-affected

2.11.1-1
esm-apps/noble

not-affected

2.11.1-1
esm-apps/xenial

needed

esm-infra-legacy/trusty

needs-triage

focal

ignored

end of standard support, was needed
groovy

not-affected

2.11.1-1

Показывать по

Ссылки на источники

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-25649

CVSS3: 7.5
redhat
больше 5 лет назад

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

nvd логотип

CVE-2020-25649

CVSS3: 7.5
nvd
больше 4 лет назад

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

debian логотип

CVE-2020-25649

CVSS3: 7.5
debian
больше 4 лет назад

A flaw was found in FasterXML Jackson Databind, where it did not have ...

github логотип

GHSA-288c-cq4h-88gq

CVSS3: 7.5
github
больше 4 лет назад

XML External Entity (XXE) Injection in Jackson Databind

fstec логотип

BDU:2022-05602

CVSS3: 7.5
fstec
больше 4 лет назад

Уязвимость компонента DOMDeserializer библиотеки FasterXML jackson-databind, позволяющая нарушителю проводить XXE-атаки

5 Medium

CVSS2

7.5 High

CVSS3