CVE-2020-8840

Published: Feb 10, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[druid-commits] 20200219 [GitHub] [druid] ccaominh opened a new pull request #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1

mailing-list

x_refsource_MLIST

[druid-commits] 20200219 [GitHub] [druid] suneet-s commented on issue #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20200220 [SECURITY] [DLA 2111-1] jackson-databind security update

mailing-list

x_refsource_MLIST

[druid-commits] 20200221 [GitHub] [druid] ccaominh merged pull request #9379: Suppress CVE-2020-8840 for htrace-core-4.0.1

mailing-list

x_refsource_MLIST

[zookeeper-issues] 20200222 [jira] [Created] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840

mailing-list

x_refsource_MLIST

[zookeeper-dev] 20200222 [jira] [Created] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840

mailing-list

x_refsource_MLIST

[zookeeper-notifications] 20200223 [GitHub] [zookeeper] eolivelli opened a new pull request #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840

mailing-list

x_refsource_MLIST

[zookeeper-issues] 20200223 [jira] [Updated] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840

mailing-list

x_refsource_MLIST

[zookeeper-issues] 20200223 [jira] [Assigned] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840

mailing-list

x_refsource_MLIST

[zookeeper-notifications] 20200223 [GitHub] [zookeeper] phunt commented on issue #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840

mailing-list

x_refsource_MLIST

[zookeeper-commits] 20200223 [zookeeper] branch master updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840

mailing-list

x_refsource_MLIST

[zookeeper-commits] 20200223 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840

mailing-list

x_refsource_MLIST

[zookeeper-issues] 20200223 [jira] [Resolved] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840

mailing-list

x_refsource_MLIST

[zookeeper-notifications] 20200223 [GitHub] [zookeeper] asfgit closed pull request #1262: ZOOKEEPER-3734 upgrade jackson-databind to address CVE-2020-8840

mailing-list

x_refsource_MLIST

[zookeeper-commits] 20200223 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840

mailing-list

x_refsource_MLIST

[zookeeper-commits] 20200224 [zookeeper] 01/02: ZOOKEEPER-3734: upgrade jackson-databind to address CVE-2020-8840

mailing-list

x_refsource_MLIST

[zookeeper-issues] 20200225 [jira] [Updated] (ZOOKEEPER-3734) upgrade jackson-databind to address CVE-2020-8840

mailing-list

x_refsource_MLIST

[tomee-dev] 20200311 CVE-2020-8840 on TomEE 8.0.1

mailing-list

x_refsource_MLIST

[tomee-dev] 20200311 Re: CVE-2020-8840 on TomEE 8.0.1

mailing-list

x_refsource_MLIST

[tomee-dev] 20200313 Re: CVE-2020-8840 on TomEE 8.0.1

mailing-list

x_refsource_MLIST

[tomee-dev] 20200316 RE: CVE-2020-8840 on TomEE 8.0.1

mailing-list

x_refsource_MLIST

[ranger-dev] 20200330 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)

mailing-list

x_refsource_MLIST

[ranger-dev] 20200330 [jira] [Created] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)

mailing-list

x_refsource_MLIST

[ranger-dev] 20200408 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)

mailing-list

x_refsource_MLIST

[ranger-dev] 20200408 Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)

mailing-list

x_refsource_MLIST

[ranger-dev] 20200415 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)

mailing-list

x_refsource_MLIST

[ranger-dev] 20200416 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)

mailing-list

x_refsource_MLIST

[ranger-dev] 20200416 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)

mailing-list

x_refsource_MLIST

[ranger-dev] 20200417 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)

mailing-list

x_refsource_MLIST

[ranger-dev] 20200417 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)

mailing-list

x_refsource_MLIST

[ranger-dev] 20200427 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)

mailing-list

x_refsource_MLIST

[ranger-dev] 20200427 [jira] [Resolved] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)

mailing-list

x_refsource_MLIST

[ranger-dev] 20200430 Re: Review Request 72332: RANGER-2770 : Upgrade jackson-databind to version 2.9.10.4 [CVE-2020-8840] - (Ranger)

mailing-list

x_refsource_MLIST

[ranger-dev] 20200507 [jira] [Commented] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)

mailing-list

x_refsource_MLIST

[ranger-dev] 20200514 [jira] [Updated] (RANGER-2770) Upgrade jackson-databind to version 2.10.0 [CVE-2020-8840] - (Ranger)

mailing-list

x_refsource_MLIST

[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities

mailing-list

x_refsource_MLIST

[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities

mailing-list

x_refsource_MLIST

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image

mailing-list

x_refsource_MLIST

[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12

mailing-list

x_refsource_MLIST

https://www.oracle.com/security-alerts/cpuoct2020.html

x_refsource_MISC

https://github.com/FasterXML/jackson-databind/issues/2620

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20200327-0002/

x_refsource_CONFIRM

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fastjason-en

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-8840

Description

Affected Products

References