First published: Fri Jul 15 2022(Updated: )
The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
FasterXML jackson-databind | <=2.9.10.4 | |
Oracle Retail Merchandising System | =15.0 | |
Oracle Retail Sales Audit | =14.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-10650 is a vulnerability found in the com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4.
The severity of CVE-2020-10650 is high with a CVSS score of 8.1.
CVE-2020-10650 is a deserialization flaw that allows an unauthenticated user to perform code execution via certain classes.
The affected software includes com.fasterxml.jackson.core:jackson-databind version up to 2.9.10.3, FasterXML jackson-databind up to 2.9.10.4, Oracle Retail Merchandising System version 15.0, and Oracle Retail Sales Audit version 14.1.
To fix CVE-2020-10650, you should upgrade the affected library or software to version 2.9.10.4 or later.