fasterxml jackson-databind CVE-2020-35490 vulnerability in FasterXML and Other Products
Published on December 17, 2020

product logo product logo product logo product logo
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.

NVD


Products Associated with CVE-2020-35490

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-35490 are published in these products:

FasterXML Jackson Databind
 
NetApp Service Level Manager
 
Debian Linux
 
Oracle Application Testing Suite
 
Oracle Autovue Agile Product Lifecycle Management
 
Oracle Banking Platform
 
Oracle Banking Treasury Management
 
Oracle Banking Virtual Account Management
 
Oracle Communications Cloud Native Core Unified Data Repository
 
Oracle Communications Diameter Signaling Router
 
Oracle Communications Evolved Communications Application Server
 
Oracle Communications Interactive Session Recorder
 
Oracle Communications Services Gatekeeper
 
Oracle Communications Unified Inventory Management
 
Oracle Documaker
 
Oracle Insurance Policy Administration J2ee
 
Oracle Retail Merchandising System
 
Oracle Retail Xstore Point Of Service
 
Oracle Communications Cloud Native Core Policy
 
Oracle Communications Instant Messaging Server
 
Oracle Communications Offline Mediation Controller
 
Oracle Communications Pricing Design Center
 
Oracle Webcenter Portal
 
Oracle Blockchain Platform
 
Oracle Agile Plm
 

Exploit Probability

EPSS
3.92%
Percentile
88.02%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.