CVE-2021-20190

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2021-20190

CGA ID

CGA-hg2g-56v7-xgr8

Severity

Unknown

Description

A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

https://images.chainguard.dev/security/CGA-hg2g-56v7-xgr8
https://github.com/advisories/GHSA-5949-rw7g-wx7w
https://security.netapp.com/advisory/ntap-20210219-0008/
https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
https://bugzilla.redhat.com/show_bug.cgi?id=1916633
https://github.com/FasterXML/jackson-databind/issues/2854
https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a%40%3Ccommits.nifi.apache.org%3E
https://www.oracle.com//security-alerts/cpujul2021.html
https://security-tracker.debian.org/tracker/CVE-2021-20190

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2021-20190

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources