summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2021-01-19 07:30:44 +0100
committerSalvatore Bonaccorso <carnil@debian.org>2021-01-19 07:30:44 +0100
commitad4f89c3b60e0262fbd47c4e48c401a54efe81a9 (patch)
treed65dad4a895ff4e3a61635879b98691d955b1866
parentdf034a7f69609cad21fd1e81ff4a1138acaf94be (diff)
Add CVE-2021-20190/jackson-databind
-rw-r--r--data/CVE/list6
1 files changed, 6 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 90dadb7fd3..0da572357b 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -11967,6 +11967,12 @@ CVE-2021-20191
NOTE: https://github.com/ansible-collections/cisco.nxos/pull/227
CVE-2021-20190
RESERVED
+ - jackson-databind 2.12.1-1
+ [buster] - jackson-databind <no-dsa> (Minor issue)
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/2854
+ NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
+ NOTE: but still an issue when Default Typing is enabled.
+ NOTE: https://github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a
CVE-2021-20189
REJECTED
CVE-2021-20188

© 2014-2024 Faster IT GmbH | imprint | privacy policy