Anfälligkeitssuche        Suche in 191973 CVE Beschreibungen
und 86218 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.892179
Kategorie:Debian Local Security Checks
Titel:Debian LTS: Security Advisory for jackson-databind (DLA-2179-1)
Zusammenfassung:The remote host is missing an update for the 'jackson-databind'; package(s) announced via the DLA-2179-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'jackson-databind'
package(s) announced via the DLA-2179-1 advisory.

Vulnerability Insight:
Following CVEs were reported against the jackson-databind source package
:

CVE-2020-10968

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interaction between serialization gadgets and typing, related
to org.aoju.bus.proxy.provider.remoting.RmiProvider
(aka bus-proxy).

CVE-2020-10969

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interaction between serialization gadgets and typing, related
to javax.swing.JEditorPane.

CVE-2020-11111

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interaction between serialization gadgets and typing, related
to org.apache.activemq.* (aka activemq-jms, activemq-core,
activemq-pool, and activemq-pool-jms).

CVE-2020-11112

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interaction between serialization gadgets and typing, related
to org.apache.commons.proxy.provider.remoting.RmiProvider
(aka apache/commons-proxy).

CVE-2020-11113

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interaction between serialization gadgets and typing, related
to org.apache.openjpa.ee.WASRegistryManagedRuntime
(aka openjpa).

CVE-2020-11619

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interaction between serialization gadgets and typing, related
to org.springframework.aop.config.MethodLocatingFactoryBean
(aka spring-aop).

CVE-2020-11620

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interaction between serialization gadgets and typing, related
to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).

Affected Software/OS:
'jackson-databind' package(s) on Debian Linux.

Solution:
For Debian 8 'Jessie', these problems have been fixed in version
2.4.2-2+deb8u14.

We recommend that you upgrade your jackson-databind packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2020-10968
Common Vulnerability Exposure (CVE) ID: CVE-2020-10969
Common Vulnerability Exposure (CVE) ID: CVE-2020-11111
Common Vulnerability Exposure (CVE) ID: CVE-2020-11112
Common Vulnerability Exposure (CVE) ID: CVE-2020-11113
Common Vulnerability Exposure (CVE) ID: CVE-2020-11619
Common Vulnerability Exposure (CVE) ID: CVE-2020-11620
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 86218 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.