Back to search
CVE-2020-25649
Published: Dec 3, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
| Vendor | Product | Versions |
|---|---|---|
n/a | jackson-databind | affected jackson-databind-2.11.0 |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=1887664
x_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2589
x_refsource_MISC
[kafka-users] 20201215 Re: [VOTE] 2.7.0 RC5
mailing-list
x_refsource_MLIST
[kafka-dev] 20201215 Re: [VOTE] 2.7.0 RC5
mailing-list
x_refsource_MLIST
[zookeeper-issues] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1
mailing-list
x_refsource_MLIST
[zookeeper-issues] 20210105 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1
mailing-list
x_refsource_MLIST
[zookeeper-dev] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1
mailing-list
x_refsource_MLIST
[kafka-dev] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3
mailing-list
x_refsource_MLIST
[kafka-users] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3
mailing-list
x_refsource_MLIST
[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1
mailing-list
x_refsource_MLIST
[tomee-commits] 20210127 [jira] [Created] (TOMEE-2965) CVE-2020-25649 - Update jackson databind
mailing-list
x_refsource_MLIST
FEDORA-2021-1d8254899c
vendor-advisory
x_refsource_FEDORA
[hive-issues] 20210223 [jira] [Assigned] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649
mailing-list
x_refsource_MLIST
[hive-dev] 20210223 [jira] [Created] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649
mailing-list
x_refsource_MLIST
[hive-issues] 20210223 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649
mailing-list
x_refsource_MLIST
[iotdb-notifications] 20210324 [jira] [Created] (IOTDB-1256) Jackson have loopholes CVE-2020-25649
mailing-list
x_refsource_MLIST
[knox-dev] 20210601 [jira] [Created] (KNOX-2614) Upgrade Jackson due to CVE-2020-25649
mailing-list
x_refsource_MLIST
[knox-dev] 20210601 [jira] [Updated] (KNOX-2614) Upgrade jackson-databind to 2.10.5 due to CVE-2020-25649
mailing-list
x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuApr2021.html
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20210108-0007/
x_refsource_CONFIRM
[spark-user] 20210621 Re: CVEs
mailing-list
x_refsource_MLIST
https://www.oracle.com//security-alerts/cpujul2021.html
x_refsource_MISC
[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image
mailing-list
x_refsource_MLIST
[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image
mailing-list
x_refsource_MLIST
[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image
mailing-list
x_refsource_MLIST
[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image
mailing-list
x_refsource_MLIST
[hive-issues] 20211012 [jira] [Resolved] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649
mailing-list
x_refsource_MLIST
[hive-issues] 20211012 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649
mailing-list
x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2021.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2022.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now