Description
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| EAP-CD 19 Tech Preview | |||
| jackson-databind | cpe:/a:redhat:jboss_enterprise_application_platform_cd:19 | RHSA-2020:2333 | 2020-05-28T00:00:00Z |
| Red Hat Data Grid 7.3.7 | |||
| jackson-databind | cpe:/a:redhat:jboss_data_grid:7.3 | RHSA-2020:3779 | 2020-09-17T00:00:00Z |
| Red Hat Decision Manager 7 | |||
| jackson-databind | cpe:/a:redhat:jboss_enterprise_brms_platform:7.8 | RHSA-2020:3196 | 2020-07-29T00:00:00Z |
| Red Hat Fuse 7.7.0 | |||
| jackson-databind | cpe:/a:redhat:jboss_fuse:7 | RHSA-2020:3192 | 2020-07-28T00:00:00Z |
| Red Hat Process Automation 7 | |||
| jackson-databind | cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8 | RHSA-2020:3197 | 2020-07-29T00:00:00Z |
| Red Hat Single Sign-On 7.4.0 | |||
| jackson-databind | cpe:/a:redhat:red_hat_single_sign_on:7 | RHSA-2020:5625 | 2020-12-17T00:00:00Z |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | |||
| rh-maven35-jackson-databind-0:2.7.6-2.9.el7 | cpe:/a:redhat:rhel_software_collections:3::el7 | RHSA-2020:1523 | 2020-04-21T00:00:00Z |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | |||
| rh-maven35-jackson-databind-0:2.7.6-2.9.el7 | cpe:/a:redhat:rhel_software_collections:3::el7 | RHSA-2020:1523 | 2020-04-21T00:00:00Z |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | |||
| rh-maven35-jackson-databind-0:2.7.6-2.9.el7 | cpe:/a:redhat:rhel_software_collections:3::el7 | RHSA-2020:1523 | 2020-04-21T00:00:00Z |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | |||
| rh-maven35-jackson-databind-0:2.7.6-2.9.el7 | cpe:/a:redhat:rhel_software_collections:3::el7 | RHSA-2020:1523 | 2020-04-21T00:00:00Z |
| Text-Only RHOAR | |||
| cpe:/a:redhat:openshift_application_runtimes:1.0 | RHSA-2020:2067 | 2020-05-18T00:00:00Z | |
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DLA |
DLA-2179-1 | jackson-databind security update |
 EUVD |
EUVD-2020-0444 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). |
 Github GHSA |
GHSA-v3xw-c963-f5hc | jackson-databind mishandles the interaction between serialization gadgets and typing |
 Ubuntu USN |
USN-4813-1 | Jackson Databind vulnerabilities |
References
History
Mon, 23 Feb 2026 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Oracle financial Services Analytical Applications Infrastructure
Oracle financial Services Institutional Performance Analytics Oracle financial Services Price Creation And Discovery Oracle financial Services Retail Customer Analytics Oracle insurance Policy Administration J2ee Oracle retail Service Backbone |
|
| CPEs | cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Oracle financial Services Analytical Applications Infrastructure
Oracle financial Services Institutional Performance Analytics Oracle financial Services Price Creation And Discovery Oracle financial Services Retail Customer Analytics Oracle insurance Policy Administration J2ee Oracle retail Service Backbone |
|
| Metrics |
ssvc
|
Subscriptions
Debian
Subscribe
Debian Linux
Subscribe
Fasterxml
Subscribe
Jackson-databind
Subscribe
Netapp
Subscribe
Steelstore Cloud Integrated Storage
Subscribe
Oracle
Subscribe
Agile Plm
Subscribe
Autovue For Agile Product Lifecycle Management
Subscribe
Banking Digital Experience
Subscribe
Banking Platform
Subscribe
Communications Calendar Server
Subscribe
Communications Contacts Server
Subscribe
Communications Diameter Signaling Router
Subscribe
Communications Element Manager
Subscribe
Communications Evolved Communications Application Server
Subscribe
Communications Instant Messaging Server
Subscribe
Communications Network Charging And Control
Subscribe
Communications Session Report Manager
Subscribe
Communications Session Route Manager
Subscribe
Enterprise Manager Base Platform
Subscribe
Financial Services Analytical Applications Infrastructure
Subscribe
Financial Services Institutional Performance Analytics
Subscribe
Financial Services Price Creation And Discovery
Subscribe
Financial Services Retail Customer Analytics
Subscribe
Global Lifecycle Management Opatch
Subscribe
Insurance Policy Administration J2ee
Subscribe
Jd Edwards Enterpriseone Orchestrator
Subscribe
Jd Edwards Enterpriseone Tools
Subscribe
Primavera Unifier
Subscribe
Retail Merchandising System
Subscribe
Retail Sales Audit
Subscribe
Retail Service Backbone
Subscribe
Retail Xstore Point Of Service
Subscribe
Weblogic Server
Subscribe
Redhat
Subscribe
Jboss Data Grid
Subscribe
Jboss Enterprise Application Platform Cd
Subscribe
Jboss Enterprise Bpms Platform
Subscribe
Jboss Enterprise Brms Platform
Subscribe
Jboss Fuse
Subscribe
Openshift Application Runtimes
Subscribe
Red Hat Single Sign On
Subscribe
Rhel Software Collections
Subscribe
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-04T11:21:14.611Z
Reserved: 2020-03-31T00:00:00.000Z
Link: CVE-2020-11111
Vulnrichment
Updated: 2024-08-04T11:21:14.611Z
NVD
Status : Modified
Published: 2020-03-31T05:15:13.007
Modified: 2024-11-21T04:56:48.703
Link: CVE-2020-11111
Redhat
OpenCVE Enrichment
No data.