CVE-2021-20190

NVD

https://nvd.nist.gov/vuln/detail/CVE-2021-20190

Severity

8.1

High

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Description

A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-20190
https://github.com/advisories/GHSA-5949-rw7g-wx7w
https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a%40%3Ccommits.nifi.apache.org%3E
https://bugzilla.redhat.com/show_bug.cgi?id=1916633
https://github.com/FasterXML/jackson-databind/issues/2854
https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
https://security.netapp.com/advisory/ntap-20210219-0008/
https://www.oracle.com//security-alerts/cpujul2021.html

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2021-20190

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company