CGA-hg2g-56v7-xgr8

Published

Last updated

https://images.chainguard.dev/security/CGA-hg2g-56v7-xgr8

Package

hadoop-fips-3.3.6

Repository

Chainguard

Latest Update

Fix not planned

Aliases

CVE-2021-20190
GHSA-5949-rw7g-wx7w

Severity

Unknown

Summary

Deserialization of untrusted data in jackson-databind

Description

A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-20190
https://github.com/advisories/GHSA-5949-rw7g-wx7w
https://github.com/FasterXML/jackson-databind/issues/2854
https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88
https://github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a
https://bugzilla.redhat.com/show_bug.cgi?id=1916633
https://github.com/FasterXML/jackson-databind
https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a@%3Ccommits.nifi.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
https://security.netapp.com/advisory/ntap-20210219-0008
https://www.oracle.com//security-alerts/cpujul2021.html

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-hg2g-56v7-xgr8

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources