CVE-2020-25649

March 24, 2021

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

Summary:

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

Reference Links(if available):

  • https://github.com/FasterXML/jackson-databind/issues/2589
  • https://bugzilla.redhat.com/show_bug.cgi?id=1887664
  • https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130@%3Cjira.kafka.apache.org%3E
  • https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda@%3Ccommits.druid.apache.org%3E
  • https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1@%3Cjira.kafka.apache.org%3E

    • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N

    v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    HIBP Banner 1

    Piping Rock – 2,103,100 breached accounts

    April 27, 2024
    CISA Logo

    CISA: CISA Releases Three Industrial Control Systems Advisories

    April 27, 2024
    CISA Logo

    CISA: CISA and Partners Release Advisory on Akira Ransomware

    April 27, 2024
    CISA Logo

    CISA: CISA Releases Four Industrial Control Systems Advisories

    April 27, 2024
    CISA Logo

    CISA: Cisco Releases Security Advisories for Cisco Integrated Management Controller

    April 27, 2024