diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-04-08 21:44:06 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-04-08 21:44:06 +0200 |
commit | c3fe7b8146de3c796e3f6bb864b54d5f150f2da1 (patch) | |
tree | fe199674b71a9e3d9c9093a0dd5137c25b2fe70c | |
parent | b5e6b3f504596ed7e18a6ac77c5c068d877c9736 (diff) |
Add CVE-2020-116{19,20}/jackson-databind
-rw-r--r-- | data/CVE/list.2020 | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 82dc6ac3a3..eba5e928d3 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -31,9 +31,15 @@ CVE-2020-11622 CVE-2020-11621 RESERVED CVE-2020-11620 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) - TODO: check + - jackson-databind <unfixed> + NOTE: https://github.com/FasterXML/jackson-databind/issues/2682 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. CVE-2020-11619 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) - TODO: check + - jackson-databind <unfixed> + NOTE: https://github.com/FasterXML/jackson-databind/issues/2680 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. CVE-2020-11618 RESERVED CVE-2020-11617 |