summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2020-04-08 21:44:06 +0200
committerSalvatore Bonaccorso <carnil@debian.org>2020-04-08 21:44:06 +0200
commita752986b5305dd4e8e7094b213996b8f640a8e4f (patch)
tree0531b983d67372d6f4df85080d888aa6b47202fa
parent79eb71694ca6d4ece2cdcffc948330816fa0715d (diff)
Add CVE-2020-116{19,20}/jackson-databind
Diffstat
-rw-r--r--data/CVE/list10
1 files changed, 8 insertions, 2 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 747087703d..9c466f1279 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -31,9 +31,15 @@ CVE-2020-11622
CVE-2020-11621
RESERVED
CVE-2020-11620 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
- TODO: check
+ - jackson-databind <unfixed>
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/2682
+ NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
+ NOTE: but still an issue when Default Typing is enabled.
CVE-2020-11619 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
- TODO: check
+ - jackson-databind <unfixed>
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/2680
+ NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
+ NOTE: but still an issue when Default Typing is enabled.
CVE-2020-11618
RESERVED
CVE-2020-11617

© 2014-2024 Faster IT GmbH | imprint | privacy policy