CVE-2020-35491 @ Maven-com.fasterxml.jackson.core:jackson-databind-2.9.10.7

**Vulnerable Package** issue exists @ **Maven\-com.fasterxml.jackson.core:jackson\-databind\-2.9.10.7** in branch **main**

FasterXML jackson-databind prior to 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.

**Namespace:** cxronen
**Repository:** BookStore
**Repository Url:** https://github.com/cxronen/BookStore
**CxAST\-Project:** cxronen/BookStore
**CxAST platform scan:** [207c1944\-f9e8\-4bbb\-a51e\-1235c29a4b44](https://ast.checkmarx.net/projects/68c297ba-386f-491c-a20f-f31fa83b386a/scans?id=207c1944-f9e8-4bbb-a51e-1235c29a4b44&branch=main)
**Branch:** main
**Application:** BookStore
**Severity:** HIGH
**State:** NOT_IGNORED
**Status:** RECURRENT
**CWE:** CWE-502


----
**Additional Info**
**Attack vector:** NETWORK
**Attack complexity:** HIGH
**Confidentiality impact:** HIGH
**Availability impact:** HIGH
**Remediation Upgrade Recommendation:** 2.9.10.8


----
**References**
[Advisory](https://github.com/advisories/GHSA-r3gr-cxrf-hg25)
[Advisory](https://security.netapp.com/advisory/ntap-20210122-0005/)
[Issue](https://github.com/FasterXML/jackson-databind/issues/2986)
[Commit](https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2020-35491 @ Maven-com.fasterxml.jackson.core:jackson-databind-2.9.10.7 #789

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CVE-2020-35491 @ Maven-com.fasterxml.jackson.core:jackson-databind-2.9.10.7 #789

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions