CVE-2021-20190

A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

Affected packages

Git / github.com/fasterxml/jackson-databind

Affected ranges

Type: GIT
Repo: https://github.com/fasterxml/jackson-databind
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e19c557b789113f900018208d87446c34ae4fab3

Affected versions

2.*

2.2.0c

2.6.0-rc3b

jackson-databind-2.*

jackson-databind-2.0.0

jackson-databind-2.0.0-RC1

jackson-databind-2.0.0-RC2

jackson-databind-2.0.0-RC3

jackson-databind-2.0.1

jackson-databind-2.0.2

jackson-databind-2.0.4

jackson-databind-2.1.0

jackson-databind-2.1.1

jackson-databind-2.2.0

jackson-databind-2.2.0-rc1

jackson-databind-2.2.1

jackson-databind-2.2.2

jackson-databind-2.3.0

jackson-databind-2.3.0-rc1

jackson-databind-2.3.1

jackson-databind-2.4.0

jackson-databind-2.4.0-rc1

jackson-databind-2.4.0-rc2

jackson-databind-2.4.0-rc3

jackson-databind-2.4.1

jackson-databind-2.4.1.1

jackson-databind-2.4.1.2

jackson-databind-2.4.1.3

jackson-databind-2.4.2

jackson-databind-2.4.3

jackson-databind-2.4.4

jackson-databind-2.4.5

jackson-databind-2.4.5.1

jackson-databind-2.4.6

jackson-databind-2.5.0

jackson-databind-2.5.0-rc1

jackson-databind-2.5.1

jackson-databind-2.5.2

jackson-databind-2.5.3

jackson-databind-2.5.4

jackson-databind-2.5.5

jackson-databind-2.6.0

jackson-databind-2.6.0-rc1

jackson-databind-2.6.0-rc2

jackson-databind-2.6.0-rc4

jackson-databind-2.6.1

jackson-databind-2.6.2

jackson-databind-2.6.3

jackson-databind-2.6.4

jackson-databind-2.6.5

jackson-databind-2.6.6

jackson-databind-2.6.7

jackson-databind-2.6.7.1

jackson-databind-2.6.7.2

jackson-databind-2.6.7.3

jackson-databind-2.6.7.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-20190.json"