CVE List

CVE-2020-24750

Critical 9.8

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.

Published September 17, 2020.

Affected software

Fasterxml Jackson-databind

Reference links

Sign Up for Alerts