CVE-2021-20190

Published: Jan 19, 2021

Modified: Aug 27, 2025

PUBLISHED

Description

A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Vendor	Product	Versions
n/a	jackson-databind	affected `jackson-databind 2.9.10.7`

Weaknesses (CWE)

CWE-502

References

https://github.com/FasterXML/jackson-databind/issues/2854

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=1916633

x_refsource_MISC

[nifi-commits] 20210222 svn commit: r1886814 - /nifi/site/trunk/security.html

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update

mailing-list

x_refsource_MLIST

https://www.oracle.com//security-alerts/cpujul2021.html

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20210219-0008/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-20190

Description

Affected Products

Weaknesses (CWE)

References