ByteOS Network

Source-cve@mitre.org

Published At-14 Jun, 2020 | 21:15

Updated At-29 Apr, 2026 | 20:09

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.1

Base score: 8.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 6.8

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:P/A:P

CPE Matches

FasterXML, LLC.

>>jackson-databind>>Versions from 2.0.0(inclusive) to 2.9.10.5(exclusive)

cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*

NetApp, Inc.

>>active_iq_unified_manager>>Versions from 7.3(inclusive)

cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*

NetApp, Inc.

>>active_iq_unified_manager>>Versions from 7.3(inclusive)

cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*

NetApp, Inc.

>>active_iq_unified_manager>>Versions from 9.5(inclusive)

cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*

NetApp, Inc.

>>steelstore_cloud_integrated_storage>>-

cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*

Oracle Corporation

>>agile_plm>>9.3.6

cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*

Oracle Corporation

>>banking_digital_experience>>18.1

cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*

Oracle Corporation

>>banking_digital_experience>>18.2

cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*

Oracle Corporation

>>banking_digital_experience>>18.3

cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*

Oracle Corporation

>>banking_digital_experience>>19.1

cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*

Oracle Corporation

>>banking_digital_experience>>19.2

cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*

Oracle Corporation

>>banking_digital_experience>>20.1

cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*

Oracle Corporation

>>communications_calendar_server>>8.0.0.4.0

cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*

Oracle Corporation

>>communications_contacts_server>>8.0.0.5.0

cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*

Oracle Corporation

>>communications_diameter_signaling_router>>Versions from 8.0.0(inclusive) to 8.2.2(inclusive)

cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*

Oracle Corporation

>>communications_element_manager>>Versions from 8.2.0(inclusive) to 8.2.2(inclusive)

cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*

Oracle Corporation

>>communications_evolved_communications_application_server>>7.1

cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*

Oracle Corporation

>>communications_session_report_manager>>Versions from 8.2.0(inclusive) to 8.2.2(inclusive)

cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*

Oracle Corporation

>>communications_session_route_manager>>Versions from 8.2.0(inclusive) to 8.2.2(inclusive)

cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-502	Primary	nvd@nist.gov

CWE ID: CWE-502

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://github.com/FasterXML/jackson-databind/issues/2688	cve@mitre.org	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html	cve@mitre.org	Mailing List Third Party Advisory
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062	cve@mitre.org	Third Party Advisory
https://security.netapp.com/advisory/ntap-20200702-0003/	cve@mitre.org	Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html	cve@mitre.org	Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html	cve@mitre.org	Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html	cve@mitre.org	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html	cve@mitre.org	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	cve@mitre.org	Third Party Advisory
https://github.com/FasterXML/jackson-databind/issues/2688	af854a3a-2127-422b-91ae-364da2661108	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://security.netapp.com/advisory/ntap-20200702-0003/	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory