diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-01-19 07:30:44 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-01-19 07:30:44 +0100 |
commit | ad4f89c3b60e0262fbd47c4e48c401a54efe81a9 (patch) | |
tree | d65dad4a895ff4e3a61635879b98691d955b1866 | |
parent | df034a7f69609cad21fd1e81ff4a1138acaf94be (diff) |
Add CVE-2021-20190/jackson-databind
-rw-r--r-- | data/CVE/list | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index 90dadb7fd3..0da572357b 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -11967,6 +11967,12 @@ CVE-2021-20191 NOTE: https://github.com/ansible-collections/cisco.nxos/pull/227 CVE-2021-20190 RESERVED + - jackson-databind 2.12.1-1 + [buster] - jackson-databind <no-dsa> (Minor issue) + NOTE: https://github.com/FasterXML/jackson-databind/issues/2854 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. + NOTE: https://github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a CVE-2021-20189 REJECTED CVE-2021-20188 |