diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2021-01-07 09:36:06 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-01-07 09:36:06 +0100 |
| commit | 8bac6fe2fcb809cfc16b7d0d156213cadbfc98b6 (patch) | |
| tree | b1c9d018fefb9899f9ec788fcffa970bbb8cfbbe /data | |
| parent | 04fbd010d21f9a7491e6a48c6d3fde3c09cbde38 (diff) | |
Update some jackson-databind issues
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list | 66 |
1 files changed, 55 insertions, 11 deletions
diff --git a/data/CVE/list b/data/CVE/list index 4148d48ca4..6ad8708284 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1031,27 +1031,71 @@ CVE-2021-22698 CVE-2021-22697 RESERVED CVE-2020-36189 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...) - TODO: check + - jackson-databind <unfixed> + [buster] - jackson-databind <no-dsa> (Minor issue) + NOTE: https://github.com/FasterXML/jackson-databind/issues/2996 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. CVE-2020-36188 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...) - TODO: check + - jackson-databind <unfixed> + [buster] - jackson-databind <no-dsa> (Minor issue) + NOTE: https://github.com/FasterXML/jackson-databind/issues/2996 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. CVE-2020-36187 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...) - TODO: check + - jackson-databind <unfixed> + [buster] - jackson-databind <no-dsa> (Minor issue) + NOTE: https://github.com/FasterXML/jackson-databind/issues/2997 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. CVE-2020-36186 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...) - TODO: check + - jackson-databind <unfixed> + [buster] - jackson-databind <no-dsa> (Minor issue) + NOTE: https://github.com/FasterXML/jackson-databind/issues/2997 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. CVE-2020-36185 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...) - TODO: check + - jackson-databind <unfixed> + [buster] - jackson-databind <no-dsa> (Minor issue) + NOTE: https://github.com/FasterXML/jackson-databind/issues/2998 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. CVE-2020-36184 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...) - TODO: check + - jackson-databind <unfixed> + [buster] - jackson-databind <no-dsa> (Minor issue) + NOTE: https://github.com/FasterXML/jackson-databind/issues/2998 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. CVE-2020-36183 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...) - TODO: check + - jackson-databind <unfixed> + [buster] - jackson-databind <no-dsa> (Minor issue) + NOTE: https://github.com/FasterXML/jackson-databind/issues/3003 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. CVE-2020-36182 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...) - TODO: check + - jackson-databind <unfixed> + [buster] - jackson-databind <no-dsa> (Minor issue) + NOTE: https://github.com/FasterXML/jackson-databind/issues/3004 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. CVE-2020-36181 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...) - TODO: check + - jackson-databind <unfixed> + [buster] - jackson-databind <no-dsa> (Minor issue) + NOTE: https://github.com/FasterXML/jackson-databind/issues/3004 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. CVE-2020-36180 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...) - TODO: check + - jackson-databind <unfixed> + [buster] - jackson-databind <no-dsa> (Minor issue) + NOTE: https://github.com/FasterXML/jackson-databind/issues/3004 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. CVE-2020-36179 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...) - TODO: check + - jackson-databind <unfixed> + [buster] - jackson-databind <no-dsa> (Minor issue) + NOTE: https://github.com/FasterXML/jackson-databind/issues/3004 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. CVE-2020-36178 (oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 d ...) TODO: check CVE-2021-3029 |