Search

Find a vulnerability

Search criteria

    20 vulnerabilities found for financial_services_institutional_performance_analytics by oracle

    CVE-2020-11022 (GCVE-0-2020-11022)

    Vulnerability from nvd – Published: 2020-04-29 00:00 – Updated: 2026-04-13 13:53
    VLAI
    Title
    jQuery has a potential XSS vulnerability
    Summary
    In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    URL Tags
    https://github.com/jquery/jquery/security/advisor… x_refsource_CONFIRM
    https://github.com/maximebf/php-debugbar/issues/447 x_refsource_MISC
    https://github.com/jquery/jquery/commit/1d61fd940… x_refsource_MISC
    https://github.com/maximebf/php-debugbar/commit/8… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    https://lists.opensuse.org/opensuse-security-anno… x_refsource_MISC
    https://lists.opensuse.org/opensuse-security-anno… x_refsource_MISC
    https://lists.opensuse.org/opensuse-security-anno… x_refsource_MISC
    https://packetstormsecurity.com/files/162159/jQue… x_refsource_MISC
    https://security.gentoo.org/glsa/202007-03 x_refsource_MISC
    https://www.debian.org/security/2020/dsa-4693 x_refsource_MISC
    https://www.drupal.org/sa-core-2020-002 x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuApr2021.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuapr2022.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujan2021.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujan2022.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujul2020.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujul2021.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujul2022.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuoct2020.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuoct2021.html x_refsource_MISC
    https://www.tenable.com/security/tns-2020-10 x_refsource_MISC
    https://www.tenable.com/security/tns-2020-11 x_refsource_MISC
    https://www.tenable.com/security/tns-2021-02 x_refsource_MISC
    https://www.tenable.com/security/tns-2021-10 x_refsource_MISC
    https://blog.jquery.com/2020/04/10/jquery-3-5-0-r… x_refsource_MISC
    https://github.com/jquery/jquery/releases/tag/3.5.0 x_refsource_MISC
    https://github.com/rubysec/ruby-advisory-db/blob/… x_refsource_MISC
    https://jquery.com/upgrade-guide/3.5 x_refsource_MISC
    https://lists.apache.org/thread.html/r0483ba00727… x_refsource_MISC
    https://lists.apache.org/thread.html/r49ce4243b47… x_refsource_MISC
    https://lists.apache.org/thread.html/r54565a8f025… x_refsource_MISC
    https://lists.apache.org/thread.html/r564585d97bc… x_refsource_MISC
    https://lists.apache.org/thread.html/r706cfbc0984… x_refsource_MISC
    https://lists.apache.org/thread.html/r8f70b0f65d6… x_refsource_MISC
    https://lists.apache.org/thread.html/rbb448222ba6… x_refsource_MISC
    https://lists.apache.org/thread.html/rdf44341677c… x_refsource_MISC
    https://lists.apache.org/thread.html/re4ae96fa5c1… x_refsource_MISC
    https://lists.apache.org/thread.html/rede9cfaa756… x_refsource_MISC
    https://lists.apache.org/thread.html/ree3bd8ddb23… x_refsource_MISC
    https://lists.debian.org/debian-lts-announce/2021… x_refsource_MISC
    https://lists.debian.org/debian-lts-announce/2023… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    http://security.netapp.com/advisory/ntap-20200511-0006 x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://jquery.com/upgrade-guide/3.5/ x_transferred
    https://blog.jquery.com/2020/04/10/jquery-3-5-0-r… x_transferred
    https://security.netapp.com/advisory/ntap-2020051… x_transferred
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_transferred
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_transferred
    https://lists.apache.org/thread.html/rdf44341677c… mailing-listx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.apache.org/thread.html/r706cfbc0984… mailing-listx_transferred
    https://lists.apache.org/thread.html/rbb448222ba6… mailing-listx_transferred
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_transferred
    https://lists.apache.org/thread.html/r49ce4243b47… mailing-listx_transferred
    https://lists.apache.org/thread.html/r8f70b0f65d6… mailing-listx_transferred
    https://lists.apache.org/thread.html/r564585d97bc… mailing-listx_transferred
    https://lists.apache.org/thread.html/ree3bd8ddb23… mailing-listx_transferred
    https://lists.apache.org/thread.html/rede9cfaa756… mailing-listx_transferred
    https://lists.apache.org/thread.html/r54565a8f025… mailing-listx_transferred
    https://lists.apache.org/thread.html/re4ae96fa5c1… mailing-listx_transferred
    http://packetstormsecurity.com/files/162159/jQuer… x_transferred
    https://www.oracle.com//security-alerts/cpujul2021.html x_transferred
    https://lists.apache.org/thread.html/r0483ba00727… mailing-listx_transferred
    Impacted products
    Vendor Product Version
    jquery jQuery Affected: >= 1.12.0, < 3.5.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:21:14.453Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4693",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4693"
              },
              {
                "name": "FEDORA-2020-11be4b36d4",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/"
              },
              {
                "name": "FEDORA-2020-36d2db5f51",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jquery.com/upgrade-guide/3.5/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200511-0006/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/sa-core-2020-002"
              },
              {
                "name": "openSUSE-SU-2020:1060",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"
              },
              {
                "name": "GLSA-202007-03",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202007-03"
              },
              {
                "name": "openSUSE-SU-2020:1106",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
              },
              {
                "name": "[airflow-commits] 20200820 [GitHub] [airflow] breser opened a new issue #10429: jquery dependency needs to be updated to 3.5.0 or newer",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "FEDORA-2020-fbb94073a1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/"
              },
              {
                "name": "FEDORA-2020-0b32a59b54",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/"
              },
              {
                "name": "FEDORA-2020-fe94df8c34",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "name": "[flink-issues] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-dev] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E"
              },
              {
                "name": "openSUSE-SU-2020:1888",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"
              },
              {
                "name": "[flink-issues] 20201129 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2020-11"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2020-10"
              },
              {
                "name": "[flink-issues] 20210209 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20210209 [jira] [Comment Edited] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[debian-lts-announce] 20210326 [SECURITY] [DLA 2608-1] jquery security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"
              },
              {
                "name": "[flink-issues] 20210422 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20210422 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20210429 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20210429 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-10"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-02"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "name": "[flink-issues] 20211031 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jQuery",
              "vendor": "jquery",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.12.0, \u003c 3.5.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-13T13:53:08.239Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2"
            },
            {
              "name": "https://github.com/maximebf/php-debugbar/issues/447",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/maximebf/php-debugbar/issues/447"
            },
            {
              "name": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77"
            },
            {
              "name": "https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W"
            },
            {
              "name": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"
            },
            {
              "name": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
            },
            {
              "name": "https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"
            },
            {
              "name": "https://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html"
            },
            {
              "name": "https://security.gentoo.org/glsa/202007-03",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.gentoo.org/glsa/202007-03"
            },
            {
              "name": "https://www.debian.org/security/2020/dsa-4693",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4693"
            },
            {
              "name": "https://www.drupal.org/sa-core-2020-002",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.drupal.org/sa-core-2020-002"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2021.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2020-10",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/tns-2020-10"
            },
            {
              "name": "https://www.tenable.com/security/tns-2020-11",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/tns-2020-11"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-02",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/tns-2021-02"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-10",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/tns-2021-10"
            },
            {
              "name": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released"
            },
            {
              "name": "https://github.com/jquery/jquery/releases/tag/3.5.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/jquery/jquery/releases/tag/3.5.0"
            },
            {
              "name": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11022.yml",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11022.yml"
            },
            {
              "name": "https://jquery.com/upgrade-guide/3.5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jquery.com/upgrade-guide/3.5"
            },
            {
              "name": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"
            },
            {
              "name": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B"
            },
            {
              "name": "http://security.netapp.com/advisory/ntap-20200511-0006",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://security.netapp.com/advisory/ntap-20200511-0006"
            }
          ],
          "source": {
            "advisory": "GHSA-gxr4-xjj5-5px2",
            "discovery": "UNKNOWN"
          },
          "title": "jQuery has a potential XSS vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2020-11022",
        "datePublished": "2020-04-29T00:00:00.000Z",
        "dateReserved": "2020-03-30T00:00:00.000Z",
        "dateUpdated": "2026-04-13T13:53:08.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-9488 (GCVE-0-2020-9488)

    Vulnerability from nvd – Published: 2020-04-27 15:36 – Updated: 2026-05-29 16:07
    VLAI
    Summary
    Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper Validation of Certificate with Host Mismatch
    • CWE-295 - Improper Certificate Validation
    Assigner
    References
    URL Tags
    https://lists.apache.org/thread.html/r8c001b9a95c… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r2f209d27134… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r7641ee788e1… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rd8e87c4d69d… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r4285398e558… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r0df3d7a5acb… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r7e739f29617… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r9a79175c393… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rbc45eb0f53f… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rec34b1cccf9… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r48efc7cb5ae… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rd55f65c6822… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rc6b81c01361… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r7e5c10534ed… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r8e96c340004… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rf1c2a81a080… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r0a2699f7241… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r48bcd06049c… mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpujul2020.html x_refsource_MISC
    https://issues.apache.org/jira/browse/LOG4J2-2819 x_refsource_CONFIRM
    https://security.netapp.com/advisory/ntap-2020050… x_refsource_CONFIRM
    https://lists.apache.org/thread.html/r393943de452… mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpuoct2020.html x_refsource_MISC
    https://lists.apache.org/thread.html/r1fc73f0e16e… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/ra632b329b2a… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r4ed1f49616a… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r4db540cafc5… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r9776e71e3c6… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r65578f3761a… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rd0e44e8ef71… mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpujan2021.html x_refsource_MISC
    https://lists.apache.org/thread.html/re024d86dffa… x_refsource_MISC
    https://lists.apache.org/thread.html/rbc7642b9800… x_refsource_MISC
    https://lists.apache.org/thread.html/r3d1d00441c5… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rc2dbc4633a6… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rd5d58088812… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r33864a0fc17… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r4d5dc9f3520… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r22a56beb76d… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r5a68258e5ab… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/ra051e07a0ee… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rf9fa47ab664… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r45916179811… mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpuApr2021.html x_refsource_MISC
    https://lists.apache.org/thread.html/r2721aba31a8… mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpuoct2021.html x_refsource_MISC
    https://www.debian.org/security/2021/dsa-5020 vendor-advisoryx_refsource_DEBIAN
    https://lists.debian.org/debian-lts-announce/2021… mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpuapr2022.html x_refsource_MISC
    Impacted products
    Vendor Product Version
    Apache Apache Log4j Affected: log4j-core 2.13.0
    Affected: log4j-core , < 2.12.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:26:16.370Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[zookeeper-issues] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-dev] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6%40%3Cdev.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200504 [jira] [Assigned] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200504 [jira] [Commented] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-dev] 20200504 log4j SmtpAppender related CVE",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05%40%3Cdev.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat opened a new pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5%40%3Cnotifications.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200504 [jira] [Updated] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3%40%3Ccommits.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f%40%3Ccommits.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809%40%3Ccommits.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200504 [jira] [Resolved] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat commented on pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701%40%3Cnotifications.zookeeper.apache.org%3E"
              },
              {
                "name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220%40%3Cdev.kafka.apache.org%3E"
              },
              {
                "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1%40%3Cjira.kafka.apache.org%3E"
              },
              {
                "name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20%40%3Cdev.kafka.apache.org%3E"
              },
              {
                "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a%40%3Cjira.kafka.apache.org%3E"
              },
              {
                "name": "[kafka-jira] 20200515 [jira] [Commented] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463%40%3Cjira.kafka.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.apache.org/jira/browse/LOG4J2-2819"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200504-0003/"
              },
              {
                "name": "[db-torque-dev] 20200715 Build failed in Jenkins: Torque4-trunk #685",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4%40%3Ctorque-dev.db.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "name": "[hive-issues] 20201207 [jira] [Work started] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20201207 [jira] [Assigned] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20201207 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[hive-dev] 20201207 [jira] [Created] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f%40%3Cdev.hive.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20201208 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20201208 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987%40%3Cgitbox.hive.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20210125 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board?",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E"
              },
              {
                "name": "[db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board?",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20210209 [jira] [Resolved] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[hive-dev] 20210216 [jira] [Created] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b%40%3Cdev.hive.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20210216 [jira] [Resolved] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20210216 [jira] [Assigned] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20210218 [jira] [Updated] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20210510 [GitHub] [flink] zentol opened a new pull request #15879: [FLINK-22407][build] Bump log4j to 2.24.1",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a%40%3Cissues.flink.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "name": "[kafka-users] 20210617 vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "name": "DSA-5020",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-5020"
              },
              {
                "name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2852-1] apache-log4j2 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 3.7,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-9488",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T16:07:49.364275Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-295",
                    "description": "CWE-295 Improper Certificate Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T16:07:52.931Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Log4j",
              "vendor": "Apache",
              "versions": [
                {
                  "status": "affected",
                  "version": "log4j-core 2.13.0"
                },
                {
                  "lessThan": "2.12.3",
                  "status": "affected",
                  "version": "log4j-core",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Validation of Certificate with Host Mismatch",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T23:23:40.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "name": "[zookeeper-issues] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6%40%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200504 [jira] [Assigned] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200504 [jira] [Commented] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20200504 log4j SmtpAppender related CVE",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05%40%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat opened a new pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5%40%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200504 [jira] [Updated] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3%40%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f%40%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809%40%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200504 [jira] [Resolved] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat commented on pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701%40%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220%40%3Cdev.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1%40%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20%40%3Cdev.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a%40%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20200515 [jira] [Commented] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463%40%3Cjira.kafka.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.apache.org/jira/browse/LOG4J2-2819"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200504-0003/"
            },
            {
              "name": "[db-torque-dev] 20200715 Build failed in Jenkins: Torque4-trunk #685",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4%40%3Ctorque-dev.db.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "[hive-issues] 20201207 [jira] [Work started] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20201207 [jira] [Assigned] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20201207 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-dev] 20201207 [jira] [Created] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f%40%3Cdev.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20201208 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20201208 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987%40%3Cgitbox.hive.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210125 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board?",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E"
            },
            {
              "name": "[db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board?",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210209 [jira] [Resolved] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-dev] 20210216 [jira] [Created] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b%40%3Cdev.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210216 [jira] [Resolved] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210216 [jira] [Assigned] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210218 [jira] [Updated] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20210510 [GitHub] [flink] zentol opened a new pull request #15879: [FLINK-22407][build] Bump log4j to 2.24.1",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a%40%3Cissues.flink.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "[kafka-users] 20210617 vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "DSA-5020",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2021/dsa-5020"
            },
            {
              "name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2852-1] apache-log4j2 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@apache.org",
              "ID": "CVE-2020-9488",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apache Log4j",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "log4j-core",
                                "version_value": "2.12.3"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "log4j-core",
                                "version_value": "2.13.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apache"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Validation of Certificate with Host Mismatch"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[zookeeper-issues] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-dev] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6@%3Cdev.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695@%3Cnotifications.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200504 [jira] [Assigned] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200504 [jira] [Commented] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-dev] 20200504 log4j SmtpAppender related CVE",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05@%3Cdev.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat opened a new pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5@%3Cnotifications.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200504 [jira] [Updated] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3@%3Ccommits.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f@%3Ccommits.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809@%3Ccommits.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200504 [jira] [Resolved] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat commented on pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701@%3Cnotifications.zookeeper.apache.org%3E"
                },
                {
                  "name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220@%3Cdev.kafka.apache.org%3E"
                },
                {
                  "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1@%3Cjira.kafka.apache.org%3E"
                },
                {
                  "name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20@%3Cdev.kafka.apache.org%3E"
                },
                {
                  "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a@%3Cjira.kafka.apache.org%3E"
                },
                {
                  "name": "[kafka-jira] 20200515 [jira] [Commented] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463@%3Cjira.kafka.apache.org%3E"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://issues.apache.org/jira/browse/LOG4J2-2819",
                  "refsource": "CONFIRM",
                  "url": "https://issues.apache.org/jira/browse/LOG4J2-2819"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200504-0003/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200504-0003/"
                },
                {
                  "name": "[db-torque-dev] 20200715 Build failed in Jenkins: Torque4-trunk #685",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4@%3Ctorque-dev.db.apache.org%3E"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "[hive-issues] 20201207 [jira] [Work started] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20201207 [jira] [Assigned] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20201207 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[hive-dev] 20201207 [jira] [Created] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f@%3Cdev.hive.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20201208 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20201208 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987@%3Cgitbox.hive.apache.org%3E",
                  "refsource": "MISC",
                  "url": "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987@%3Cgitbox.hive.apache.org%3E"
                },
                {
                  "name": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E",
                  "refsource": "MISC",
                  "url": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20210125 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board?",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a@%3Ctorque-dev.db.apache.org%3E"
                },
                {
                  "name": "[db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board?",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604@%3Ctorque-dev.db.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20210209 [jira] [Resolved] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[hive-dev] 20210216 [jira] [Created] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b@%3Cdev.hive.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20210216 [jira] [Resolved] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20210216 [jira] [Assigned] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20210218 [jira] [Updated] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
                },
                {
                  "name": "[flink-issues] 20210510 [GitHub] [flink] zentol opened a new pull request #15879: [FLINK-22407][build] Bump log4j to 2.24.1",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a@%3Cissues.flink.apache.org%3E"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                  "name": "[kafka-users] 20210617 vulnerabilities",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "DSA-5020",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2021/dsa-5020"
                },
                {
                  "name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2852-1] apache-log4j2 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2020-9488",
        "datePublished": "2020-04-27T15:36:10.000Z",
        "dateReserved": "2020-03-01T00:00:00.000Z",
        "dateUpdated": "2026-05-29T16:07:52.931Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-11113 (GCVE-0-2020-11113)

    Vulnerability from nvd – Published: 2020-03-31 04:37 – Updated: 2025-08-27 20:32
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    fasterxml jackson-databind Affected: 0 , < 2.9.10.4 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
    Create a notification for this product.
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-11113",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:43.551763Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T20:32:51.363Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:21:14.618Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2670"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:38:50.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2670"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-11113",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
                },
                {
                  "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2670",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2670"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-11113",
        "datePublished": "2020-03-31T04:37:27.000Z",
        "dateReserved": "2020-03-31T00:00:00.000Z",
        "dateUpdated": "2025-08-27T20:32:51.363Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11112 (GCVE-0-2020-11112)

    Vulnerability from nvd – Published: 2020-03-31 04:37 – Updated: 2024-08-04 11:21
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    fasterxml jackson-databind Affected: 0 , < 2.9.10.4 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
    Create a notification for this product.
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-11112",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:42.504958Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:12:17.235Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:21:14.621Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2666"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:38:49.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2666"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-11112",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
                },
                {
                  "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2666",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2666"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-11112",
        "datePublished": "2020-03-31T04:37:41.000Z",
        "dateReserved": "2020-03-31T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:21:14.621Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-10969 (GCVE-0-2020-10969)

    Vulnerability from nvd – Published: 2020-03-26 12:43 – Updated: 2024-08-04 11:21
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    fasterxml jackson-databind Affected: 2.0.0 , < 2.9.10.4 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.4",
                    "status": "affected",
                    "version": "2.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-10969",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:45.779442Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T19:58:54.159Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:21:13.816Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2642"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:38:44.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2642"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-10969",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
                },
                {
                  "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2642",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2642"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-10969",
        "datePublished": "2020-03-26T12:43:34.000Z",
        "dateReserved": "2020-03-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:21:13.816Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-10968 (GCVE-0-2020-10968)

    Vulnerability from nvd – Published: 2020-03-26 12:43 – Updated: 2024-08-04 11:21
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    fasterxml jackson-databind Affected: 2.0.0 , < 2.9.10.4 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.4",
                    "status": "affected",
                    "version": "2.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-10968",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:46.867668Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T19:57:31.283Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:21:14.276Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2662"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:38:43.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2662"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-10968",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
                },
                {
                  "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2662",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2662"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-10968",
        "datePublished": "2020-03-26T12:43:45.000Z",
        "dateReserved": "2020-03-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:21:14.276Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-10673 (GCVE-0-2020-10673)

    Vulnerability from nvd – Published: 2020-03-18 21:17 – Updated: 2025-08-27 20:32
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    fasterxml jackson-databind Affected: 2.0.0 , < 2.9.10.4 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.4",
                    "status": "affected",
                    "version": "2.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-10673",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:47.873963Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T20:32:51.171Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:06:10.672Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2660"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:38:39.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2660"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-10673",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
                },
                {
                  "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2660",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2660"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-10673",
        "datePublished": "2020-03-18T21:17:26.000Z",
        "dateReserved": "2020-03-18T00:00:00.000Z",
        "dateUpdated": "2025-08-27T20:32:51.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-10672 (GCVE-0-2020-10672)

    Vulnerability from nvd – Published: 2020-03-18 21:17 – Updated: 2024-08-04 11:06
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    fasterxml jackson-databind Affected: 2.0.0 , < 2.9.10.4 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.4",
                    "status": "affected",
                    "version": "2.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-10672",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:48.872316Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T19:56:32.131Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:06:11.143Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2659"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:38:38.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2659"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-10672",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
                },
                {
                  "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2659",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2659"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-10672",
        "datePublished": "2020-03-18T21:17:43.000Z",
        "dateReserved": "2020-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:06:11.143Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-9546 (GCVE-0-2020-9546)

    Vulnerability from nvd – Published: 2020-03-02 03:59 – Updated: 2024-08-04 10:34
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:34:39.829Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
              },
              {
                "name": "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2631"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E"
              },
              {
                "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:40:28.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
            },
            {
              "name": "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2631"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-9546",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
                },
                {
                  "name": "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2631",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2631"
                },
                {
                  "name": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E",
                  "refsource": "MISC",
                  "url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E"
                },
                {
                  "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200904-0006/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-9546",
        "datePublished": "2020-03-02T03:59:18.000Z",
        "dateReserved": "2020-03-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:34:39.829Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11358 (GCVE-0-2019-11358)

    Vulnerability from nvd – Published: 2019-04-19 00:00 – Updated: 2024-11-15 15:11
    VLAI
    Summary
    jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.drupal.org/sa-core-2019-006
    https://www.synology.com/security/advisory/Synolo…
    https://www.debian.org/security/2019/dsa-4434 vendor-advisory
    https://seclists.org/bugtraq/2019/Apr/32 mailing-list
    http://www.securityfocus.com/bid/108023 vdb-entry
    https://lists.apache.org/thread.html/08720ef215ee… mailing-list
    https://lists.apache.org/thread.html/b736d0784cf0… mailing-list
    https://lists.apache.org/thread.html/88fb0362fd40… mailing-list
    https://lists.apache.org/thread.html/5928aa293e39… mailing-list
    https://lists.apache.org/thread.html/6097cdbd6f0a… mailing-list
    https://lists.debian.org/debian-lts-announce/2019… mailing-list
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://seclists.org/bugtraq/2019/May/18 mailing-list
    http://packetstormsecurity.com/files/152787/dotCM…
    http://seclists.org/fulldisclosure/2019/May/11 mailing-list
    http://seclists.org/fulldisclosure/2019/May/10 mailing-list
    http://seclists.org/fulldisclosure/2019/May/13 mailing-list
    https://lists.debian.org/debian-lts-announce/2019… mailing-list
    http://www.openwall.com/lists/oss-security/2019/06/03/2 mailing-list
    http://packetstormsecurity.com/files/153237/Retir…
    https://access.redhat.com/errata/RHSA-2019:1456 vendor-advisory
    https://www.debian.org/security/2019/dsa-4460 vendor-advisory
    https://seclists.org/bugtraq/2019/Jun/12 mailing-list
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://access.redhat.com/errata/RHBA-2019:1570 vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://lists.apache.org/thread.html/ba79cf165874… mailing-list
    https://access.redhat.com/errata/RHSA-2019:2587 vendor-advisory
    https://security.netapp.com/advisory/ntap-2019091…
    https://access.redhat.com/errata/RHSA-2019:3023 vendor-advisory
    https://access.redhat.com/errata/RHSA-2019:3024 vendor-advisory
    https://lists.apache.org/thread.html/b0656d359c7d… mailing-list
    https://lists.apache.org/thread.html/519eb0fd4564… mailing-list
    https://lists.apache.org/thread.html/f9bc3e55f4e2… mailing-list
    https://lists.apache.org/thread.html/bcce5a9c532b… mailing-list
    https://www.tenable.com/security/tns-2019-08
    https://lists.apache.org/thread.html/rca37935d661… mailing-list
    https://lists.debian.org/debian-lts-announce/2020… mailing-list
    http://packetstormsecurity.com/files/156743/Octob…
    https://www.tenable.com/security/tns-2020-02
    https://lists.apache.org/thread.html/r38f0d1aa3c9… mailing-list
    https://lists.apache.org/thread.html/r7aac081cbdd… mailing-list
    https://lists.apache.org/thread.html/rac25da84ecd… mailing-list
    https://lists.apache.org/thread.html/r2041a75d3fc… mailing-list
    https://lists.apache.org/thread.html/r7e8ebccb7c0… mailing-list
    https://lists.apache.org/thread.html/r41b5bfe009c… mailing-list
    https://lists.apache.org/thread.html/r2baacab6e0a… mailing-list
    https://www.oracle.com/security-alerts/cpuapr2020.html
    https://lists.apache.org/thread.html/r7d64895cc4d… mailing-list
    https://www.oracle.com/security-alerts/cpujul2020.html
    https://www.oracle.com/technetwork/security-advis…
    https://www.oracle.com/technetwork/security-advis…
    https://www.oracle.com/security-alerts/cpujan2020.html
    https://backdropcms.org/security/backdrop-sa-core…
    https://blog.jquery.com/2019/04/10/jquery-3-4-0-r…
    https://snyk.io/vuln/SNYK-JS-JQUERY-174006
    https://github.com/jquery/jquery/pull/4333
    https://github.com/jquery/jquery/commit/753d591ae…
    https://www.privacy-wise.com/mitigating-cve-2019-…
    https://www.oracle.com/security-alerts/cpuoct2020.html
    https://kb.pulsesecure.net/articles/Pulse_Securit…
    https://www.oracle.com/security-alerts/cpujan2021.html
    https://www.oracle.com/security-alerts/cpuApr2021.html
    https://www.oracle.com//security-alerts/cpujul2021.html
    https://www.oracle.com/security-alerts/cpuoct2021.html
    https://www.oracle.com/security-alerts/cpujan2022.html
    https://supportportal.juniper.net/s/article/2021-…
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:48:09.199Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/sa-core-2019-006"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
              },
              {
                "name": "DSA-4434",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4434"
              },
              {
                "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Apr/32"
              },
              {
                "name": "108023",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108023"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
              },
              {
                "name": "FEDORA-2019-eba8e44ee6",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
              },
              {
                "name": "FEDORA-2019-1a3edd7e8a",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
              },
              {
                "name": "FEDORA-2019-7eaf0bbe7c",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
              },
              {
                "name": "FEDORA-2019-2a0ce0c58c",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
              },
              {
                "name": "FEDORA-2019-a06dffab1c",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
              },
              {
                "name": "FEDORA-2019-f563e66380",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
              },
              {
                "name": "20190509 dotCMS v5.1.1 Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/May/18"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
              },
              {
                "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/11"
              },
              {
                "name": "20190510 dotCMS v5.1.1 Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/10"
              },
              {
                "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/13"
              },
              {
                "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
              },
              {
                "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
              },
              {
                "name": "RHSA-2019:1456",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:1456"
              },
              {
                "name": "DSA-4460",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4460"
              },
              {
                "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Jun/12"
              },
              {
                "name": "openSUSE-SU-2019:1839",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
              },
              {
                "name": "RHBA-2019:1570",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHBA-2019:1570"
              },
              {
                "name": "openSUSE-SU-2019:1872",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
              },
              {
                "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
              },
              {
                "name": "RHSA-2019:2587",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2587"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
              },
              {
                "name": "RHSA-2019:3023",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3023"
              },
              {
                "name": "RHSA-2019:3024",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3024"
              },
              {
                "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
              },
              {
                "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
              },
              {
                "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
              },
              {
                "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2019-08"
              },
              {
                "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
              },
              {
                "name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2020-02"
              },
              {
                "name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
              },
              {
                "name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
              },
              {
                "name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/pull/4333"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
              },
              {
                "name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-11358",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-20T15:03:16.892088Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T15:11:23.024Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-31T02:06:52.187Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-core-2019-006"
            },
            {
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
            },
            {
              "name": "DSA-4434",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4434"
            },
            {
              "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://seclists.org/bugtraq/2019/Apr/32"
            },
            {
              "name": "108023",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securityfocus.com/bid/108023"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
            },
            {
              "name": "FEDORA-2019-eba8e44ee6",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
            },
            {
              "name": "FEDORA-2019-1a3edd7e8a",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
            },
            {
              "name": "FEDORA-2019-7eaf0bbe7c",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
            },
            {
              "name": "FEDORA-2019-2a0ce0c58c",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
            },
            {
              "name": "FEDORA-2019-a06dffab1c",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
            },
            {
              "name": "FEDORA-2019-f563e66380",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
            },
            {
              "name": "20190509 dotCMS v5.1.1 Vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "https://seclists.org/bugtraq/2019/May/18"
            },
            {
              "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
            },
            {
              "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/11"
            },
            {
              "name": "20190510 dotCMS v5.1.1 Vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/10"
            },
            {
              "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/13"
            },
            {
              "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
            },
            {
              "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
            },
            {
              "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
            },
            {
              "name": "RHSA-2019:1456",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:1456"
            },
            {
              "name": "DSA-4460",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4460"
            },
            {
              "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://seclists.org/bugtraq/2019/Jun/12"
            },
            {
              "name": "openSUSE-SU-2019:1839",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
            },
            {
              "name": "RHBA-2019:1570",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHBA-2019:1570"
            },
            {
              "name": "openSUSE-SU-2019:1872",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
            },
            {
              "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
            },
            {
              "name": "RHSA-2019:2587",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2587"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
            },
            {
              "name": "RHSA-2019:3023",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3023"
            },
            {
              "name": "RHSA-2019:3024",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3024"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
            },
            {
              "url": "https://www.tenable.com/security/tns-2019-08"
            },
            {
              "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
            },
            {
              "url": "https://www.tenable.com/security/tns-2020-02"
            },
            {
              "name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
            },
            {
              "name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
            },
            {
              "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
            },
            {
              "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
            },
            {
              "url": "https://github.com/jquery/jquery/pull/4333"
            },
            {
              "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
            },
            {
              "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
            },
            {
              "name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-11358",
        "datePublished": "2019-04-19T00:00:00.000Z",
        "dateReserved": "2019-04-19T00:00:00.000Z",
        "dateUpdated": "2024-11-15T15:11:23.024Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11022 (GCVE-0-2020-11022)

    Vulnerability from cvelistv5 – Published: 2020-04-29 00:00 – Updated: 2026-04-13 13:53
    VLAI
    Title
    jQuery has a potential XSS vulnerability
    Summary
    In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    URL Tags
    https://github.com/jquery/jquery/security/advisor… x_refsource_CONFIRM
    https://github.com/maximebf/php-debugbar/issues/447 x_refsource_MISC
    https://github.com/jquery/jquery/commit/1d61fd940… x_refsource_MISC
    https://github.com/maximebf/php-debugbar/commit/8… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    https://lists.opensuse.org/opensuse-security-anno… x_refsource_MISC
    https://lists.opensuse.org/opensuse-security-anno… x_refsource_MISC
    https://lists.opensuse.org/opensuse-security-anno… x_refsource_MISC
    https://packetstormsecurity.com/files/162159/jQue… x_refsource_MISC
    https://security.gentoo.org/glsa/202007-03 x_refsource_MISC
    https://www.debian.org/security/2020/dsa-4693 x_refsource_MISC
    https://www.drupal.org/sa-core-2020-002 x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuApr2021.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuapr2022.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujan2021.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujan2022.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujul2020.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujul2021.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujul2022.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuoct2020.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuoct2021.html x_refsource_MISC
    https://www.tenable.com/security/tns-2020-10 x_refsource_MISC
    https://www.tenable.com/security/tns-2020-11 x_refsource_MISC
    https://www.tenable.com/security/tns-2021-02 x_refsource_MISC
    https://www.tenable.com/security/tns-2021-10 x_refsource_MISC
    https://blog.jquery.com/2020/04/10/jquery-3-5-0-r… x_refsource_MISC
    https://github.com/jquery/jquery/releases/tag/3.5.0 x_refsource_MISC
    https://github.com/rubysec/ruby-advisory-db/blob/… x_refsource_MISC
    https://jquery.com/upgrade-guide/3.5 x_refsource_MISC
    https://lists.apache.org/thread.html/r0483ba00727… x_refsource_MISC
    https://lists.apache.org/thread.html/r49ce4243b47… x_refsource_MISC
    https://lists.apache.org/thread.html/r54565a8f025… x_refsource_MISC
    https://lists.apache.org/thread.html/r564585d97bc… x_refsource_MISC
    https://lists.apache.org/thread.html/r706cfbc0984… x_refsource_MISC
    https://lists.apache.org/thread.html/r8f70b0f65d6… x_refsource_MISC
    https://lists.apache.org/thread.html/rbb448222ba6… x_refsource_MISC
    https://lists.apache.org/thread.html/rdf44341677c… x_refsource_MISC
    https://lists.apache.org/thread.html/re4ae96fa5c1… x_refsource_MISC
    https://lists.apache.org/thread.html/rede9cfaa756… x_refsource_MISC
    https://lists.apache.org/thread.html/ree3bd8ddb23… x_refsource_MISC
    https://lists.debian.org/debian-lts-announce/2021… x_refsource_MISC
    https://lists.debian.org/debian-lts-announce/2023… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    http://security.netapp.com/advisory/ntap-20200511-0006 x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://jquery.com/upgrade-guide/3.5/ x_transferred
    https://blog.jquery.com/2020/04/10/jquery-3-5-0-r… x_transferred
    https://security.netapp.com/advisory/ntap-2020051… x_transferred
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_transferred
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_transferred
    https://lists.apache.org/thread.html/rdf44341677c… mailing-listx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.apache.org/thread.html/r706cfbc0984… mailing-listx_transferred
    https://lists.apache.org/thread.html/rbb448222ba6… mailing-listx_transferred
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_transferred
    https://lists.apache.org/thread.html/r49ce4243b47… mailing-listx_transferred
    https://lists.apache.org/thread.html/r8f70b0f65d6… mailing-listx_transferred
    https://lists.apache.org/thread.html/r564585d97bc… mailing-listx_transferred
    https://lists.apache.org/thread.html/ree3bd8ddb23… mailing-listx_transferred
    https://lists.apache.org/thread.html/rede9cfaa756… mailing-listx_transferred
    https://lists.apache.org/thread.html/r54565a8f025… mailing-listx_transferred
    https://lists.apache.org/thread.html/re4ae96fa5c1… mailing-listx_transferred
    http://packetstormsecurity.com/files/162159/jQuer… x_transferred
    https://www.oracle.com//security-alerts/cpujul2021.html x_transferred
    https://lists.apache.org/thread.html/r0483ba00727… mailing-listx_transferred
    Impacted products
    Vendor Product Version
    jquery jQuery Affected: >= 1.12.0, < 3.5.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:21:14.453Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4693",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4693"
              },
              {
                "name": "FEDORA-2020-11be4b36d4",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/"
              },
              {
                "name": "FEDORA-2020-36d2db5f51",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jquery.com/upgrade-guide/3.5/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200511-0006/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/sa-core-2020-002"
              },
              {
                "name": "openSUSE-SU-2020:1060",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"
              },
              {
                "name": "GLSA-202007-03",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202007-03"
              },
              {
                "name": "openSUSE-SU-2020:1106",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
              },
              {
                "name": "[airflow-commits] 20200820 [GitHub] [airflow] breser opened a new issue #10429: jquery dependency needs to be updated to 3.5.0 or newer",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "FEDORA-2020-fbb94073a1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/"
              },
              {
                "name": "FEDORA-2020-0b32a59b54",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/"
              },
              {
                "name": "FEDORA-2020-fe94df8c34",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "name": "[flink-issues] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-dev] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E"
              },
              {
                "name": "openSUSE-SU-2020:1888",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"
              },
              {
                "name": "[flink-issues] 20201129 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2020-11"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2020-10"
              },
              {
                "name": "[flink-issues] 20210209 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20210209 [jira] [Comment Edited] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[debian-lts-announce] 20210326 [SECURITY] [DLA 2608-1] jquery security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"
              },
              {
                "name": "[flink-issues] 20210422 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20210422 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20210429 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20210429 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-10"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-02"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "name": "[flink-issues] 20211031 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jQuery",
              "vendor": "jquery",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.12.0, \u003c 3.5.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-13T13:53:08.239Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2"
            },
            {
              "name": "https://github.com/maximebf/php-debugbar/issues/447",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/maximebf/php-debugbar/issues/447"
            },
            {
              "name": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77"
            },
            {
              "name": "https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W"
            },
            {
              "name": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"
            },
            {
              "name": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
            },
            {
              "name": "https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"
            },
            {
              "name": "https://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html"
            },
            {
              "name": "https://security.gentoo.org/glsa/202007-03",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.gentoo.org/glsa/202007-03"
            },
            {
              "name": "https://www.debian.org/security/2020/dsa-4693",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4693"
            },
            {
              "name": "https://www.drupal.org/sa-core-2020-002",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.drupal.org/sa-core-2020-002"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2021.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2020-10",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/tns-2020-10"
            },
            {
              "name": "https://www.tenable.com/security/tns-2020-11",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/tns-2020-11"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-02",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/tns-2021-02"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-10",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/tns-2021-10"
            },
            {
              "name": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released"
            },
            {
              "name": "https://github.com/jquery/jquery/releases/tag/3.5.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/jquery/jquery/releases/tag/3.5.0"
            },
            {
              "name": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11022.yml",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11022.yml"
            },
            {
              "name": "https://jquery.com/upgrade-guide/3.5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jquery.com/upgrade-guide/3.5"
            },
            {
              "name": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"
            },
            {
              "name": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B"
            },
            {
              "name": "http://security.netapp.com/advisory/ntap-20200511-0006",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://security.netapp.com/advisory/ntap-20200511-0006"
            }
          ],
          "source": {
            "advisory": "GHSA-gxr4-xjj5-5px2",
            "discovery": "UNKNOWN"
          },
          "title": "jQuery has a potential XSS vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2020-11022",
        "datePublished": "2020-04-29T00:00:00.000Z",
        "dateReserved": "2020-03-30T00:00:00.000Z",
        "dateUpdated": "2026-04-13T13:53:08.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-9488 (GCVE-0-2020-9488)

    Vulnerability from cvelistv5 – Published: 2020-04-27 15:36 – Updated: 2026-05-29 16:07
    VLAI
    Summary
    Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper Validation of Certificate with Host Mismatch
    • CWE-295 - Improper Certificate Validation
    Assigner
    References
    URL Tags
    https://lists.apache.org/thread.html/r8c001b9a95c… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r2f209d27134… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r7641ee788e1… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rd8e87c4d69d… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r4285398e558… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r0df3d7a5acb… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r7e739f29617… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r9a79175c393… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rbc45eb0f53f… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rec34b1cccf9… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r48efc7cb5ae… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rd55f65c6822… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rc6b81c01361… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r7e5c10534ed… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r8e96c340004… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rf1c2a81a080… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r0a2699f7241… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r48bcd06049c… mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpujul2020.html x_refsource_MISC
    https://issues.apache.org/jira/browse/LOG4J2-2819 x_refsource_CONFIRM
    https://security.netapp.com/advisory/ntap-2020050… x_refsource_CONFIRM
    https://lists.apache.org/thread.html/r393943de452… mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpuoct2020.html x_refsource_MISC
    https://lists.apache.org/thread.html/r1fc73f0e16e… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/ra632b329b2a… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r4ed1f49616a… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r4db540cafc5… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r9776e71e3c6… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r65578f3761a… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rd0e44e8ef71… mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpujan2021.html x_refsource_MISC
    https://lists.apache.org/thread.html/re024d86dffa… x_refsource_MISC
    https://lists.apache.org/thread.html/rbc7642b9800… x_refsource_MISC
    https://lists.apache.org/thread.html/r3d1d00441c5… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rc2dbc4633a6… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rd5d58088812… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r33864a0fc17… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r4d5dc9f3520… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r22a56beb76d… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r5a68258e5ab… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/ra051e07a0ee… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rf9fa47ab664… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r45916179811… mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpuApr2021.html x_refsource_MISC
    https://lists.apache.org/thread.html/r2721aba31a8… mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpuoct2021.html x_refsource_MISC
    https://www.debian.org/security/2021/dsa-5020 vendor-advisoryx_refsource_DEBIAN
    https://lists.debian.org/debian-lts-announce/2021… mailing-listx_refsource_MLIST
    https://www.oracle.com/security-alerts/cpuapr2022.html x_refsource_MISC
    Impacted products
    Vendor Product Version
    Apache Apache Log4j Affected: log4j-core 2.13.0
    Affected: log4j-core , < 2.12.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:26:16.370Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[zookeeper-issues] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-dev] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6%40%3Cdev.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200504 [jira] [Assigned] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200504 [jira] [Commented] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-dev] 20200504 log4j SmtpAppender related CVE",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05%40%3Cdev.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat opened a new pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5%40%3Cnotifications.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200504 [jira] [Updated] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3%40%3Ccommits.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f%40%3Ccommits.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809%40%3Ccommits.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200504 [jira] [Resolved] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat commented on pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701%40%3Cnotifications.zookeeper.apache.org%3E"
              },
              {
                "name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220%40%3Cdev.kafka.apache.org%3E"
              },
              {
                "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1%40%3Cjira.kafka.apache.org%3E"
              },
              {
                "name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20%40%3Cdev.kafka.apache.org%3E"
              },
              {
                "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a%40%3Cjira.kafka.apache.org%3E"
              },
              {
                "name": "[kafka-jira] 20200515 [jira] [Commented] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463%40%3Cjira.kafka.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.apache.org/jira/browse/LOG4J2-2819"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200504-0003/"
              },
              {
                "name": "[db-torque-dev] 20200715 Build failed in Jenkins: Torque4-trunk #685",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4%40%3Ctorque-dev.db.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "name": "[hive-issues] 20201207 [jira] [Work started] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20201207 [jira] [Assigned] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20201207 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[hive-dev] 20201207 [jira] [Created] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f%40%3Cdev.hive.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20201208 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20201208 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987%40%3Cgitbox.hive.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20210125 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board?",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E"
              },
              {
                "name": "[db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board?",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20210209 [jira] [Resolved] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[hive-dev] 20210216 [jira] [Created] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b%40%3Cdev.hive.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20210216 [jira] [Resolved] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20210216 [jira] [Assigned] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[hive-issues] 20210218 [jira] [Updated] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75%40%3Cissues.hive.apache.org%3E"
              },
              {
                "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20210510 [GitHub] [flink] zentol opened a new pull request #15879: [FLINK-22407][build] Bump log4j to 2.24.1",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a%40%3Cissues.flink.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "name": "[kafka-users] 20210617 vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "name": "DSA-5020",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-5020"
              },
              {
                "name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2852-1] apache-log4j2 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 3.7,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-9488",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-29T16:07:49.364275Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-295",
                    "description": "CWE-295 Improper Certificate Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-29T16:07:52.931Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Log4j",
              "vendor": "Apache",
              "versions": [
                {
                  "status": "affected",
                  "version": "log4j-core 2.13.0"
                },
                {
                  "lessThan": "2.12.3",
                  "status": "affected",
                  "version": "log4j-core",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Validation of Certificate with Host Mismatch",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-19T23:23:40.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "name": "[zookeeper-issues] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6%40%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200504 [jira] [Assigned] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200504 [jira] [Commented] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20200504 log4j SmtpAppender related CVE",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05%40%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat opened a new pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5%40%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200504 [jira] [Updated] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3%40%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f%40%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809%40%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200504 [jira] [Resolved] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat commented on pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701%40%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220%40%3Cdev.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1%40%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20%40%3Cdev.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a%40%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20200515 [jira] [Commented] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463%40%3Cjira.kafka.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.apache.org/jira/browse/LOG4J2-2819"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200504-0003/"
            },
            {
              "name": "[db-torque-dev] 20200715 Build failed in Jenkins: Torque4-trunk #685",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4%40%3Ctorque-dev.db.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "[hive-issues] 20201207 [jira] [Work started] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20201207 [jira] [Assigned] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20201207 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-dev] 20201207 [jira] [Created] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f%40%3Cdev.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20201208 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20201208 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987%40%3Cgitbox.hive.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210125 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board?",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E"
            },
            {
              "name": "[db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board?",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210209 [jira] [Resolved] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-dev] 20210216 [jira] [Created] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b%40%3Cdev.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210216 [jira] [Resolved] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210216 [jira] [Assigned] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20210218 [jira] [Updated] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75%40%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20210510 [GitHub] [flink] zentol opened a new pull request #15879: [FLINK-22407][build] Bump log4j to 2.24.1",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a%40%3Cissues.flink.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "[kafka-users] 20210617 vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "DSA-5020",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2021/dsa-5020"
            },
            {
              "name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2852-1] apache-log4j2 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@apache.org",
              "ID": "CVE-2020-9488",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apache Log4j",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "log4j-core",
                                "version_value": "2.12.3"
                              },
                              {
                                "version_affected": "=",
                                "version_name": "log4j-core",
                                "version_value": "2.13.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apache"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Validation of Certificate with Host Mismatch"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[zookeeper-issues] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-dev] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6@%3Cdev.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695@%3Cnotifications.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200504 [jira] [Assigned] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200504 [jira] [Commented] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-dev] 20200504 log4j SmtpAppender related CVE",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05@%3Cdev.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat opened a new pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5@%3Cnotifications.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200504 [jira] [Updated] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3@%3Ccommits.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f@%3Ccommits.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809@%3Ccommits.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200504 [jira] [Resolved] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat commented on pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701@%3Cnotifications.zookeeper.apache.org%3E"
                },
                {
                  "name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220@%3Cdev.kafka.apache.org%3E"
                },
                {
                  "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1@%3Cjira.kafka.apache.org%3E"
                },
                {
                  "name": "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20@%3Cdev.kafka.apache.org%3E"
                },
                {
                  "name": "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a@%3Cjira.kafka.apache.org%3E"
                },
                {
                  "name": "[kafka-jira] 20200515 [jira] [Commented] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463@%3Cjira.kafka.apache.org%3E"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://issues.apache.org/jira/browse/LOG4J2-2819",
                  "refsource": "CONFIRM",
                  "url": "https://issues.apache.org/jira/browse/LOG4J2-2819"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200504-0003/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200504-0003/"
                },
                {
                  "name": "[db-torque-dev] 20200715 Build failed in Jenkins: Torque4-trunk #685",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4@%3Ctorque-dev.db.apache.org%3E"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "[hive-issues] 20201207 [jira] [Work started] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20201207 [jira] [Assigned] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20201207 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[hive-dev] 20201207 [jira] [Created] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f@%3Cdev.hive.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20201208 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20201208 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987@%3Cgitbox.hive.apache.org%3E",
                  "refsource": "MISC",
                  "url": "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987@%3Cgitbox.hive.apache.org%3E"
                },
                {
                  "name": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E",
                  "refsource": "MISC",
                  "url": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20210125 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board?",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a@%3Ctorque-dev.db.apache.org%3E"
                },
                {
                  "name": "[db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board?",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604@%3Ctorque-dev.db.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20210209 [jira] [Resolved] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[hive-dev] 20210216 [jira] [Created] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b@%3Cdev.hive.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20210216 [jira] [Resolved] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20210216 [jira] [Assigned] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[hive-issues] 20210218 [jira] [Updated] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75@%3Cissues.hive.apache.org%3E"
                },
                {
                  "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
                },
                {
                  "name": "[flink-issues] 20210510 [GitHub] [flink] zentol opened a new pull request #15879: [FLINK-22407][build] Bump log4j to 2.24.1",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a@%3Cissues.flink.apache.org%3E"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                  "name": "[kafka-users] 20210617 vulnerabilities",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                  "name": "DSA-5020",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2021/dsa-5020"
                },
                {
                  "name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2852-1] apache-log4j2 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2020-9488",
        "datePublished": "2020-04-27T15:36:10.000Z",
        "dateReserved": "2020-03-01T00:00:00.000Z",
        "dateUpdated": "2026-05-29T16:07:52.931Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-11112 (GCVE-0-2020-11112)

    Vulnerability from cvelistv5 – Published: 2020-03-31 04:37 – Updated: 2024-08-04 11:21
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    fasterxml jackson-databind Affected: 0 , < 2.9.10.4 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
    Create a notification for this product.
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-11112",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:42.504958Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:12:17.235Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:21:14.621Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2666"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:38:49.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2666"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-11112",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
                },
                {
                  "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2666",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2666"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-11112",
        "datePublished": "2020-03-31T04:37:41.000Z",
        "dateReserved": "2020-03-31T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:21:14.621Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11113 (GCVE-0-2020-11113)

    Vulnerability from cvelistv5 – Published: 2020-03-31 04:37 – Updated: 2025-08-27 20:32
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    fasterxml jackson-databind Affected: 0 , < 2.9.10.4 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
    Create a notification for this product.
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-11113",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:43.551763Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T20:32:51.363Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:21:14.618Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2670"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:38:50.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2670"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-11113",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
                },
                {
                  "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2670",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2670"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-11113",
        "datePublished": "2020-03-31T04:37:27.000Z",
        "dateReserved": "2020-03-31T00:00:00.000Z",
        "dateUpdated": "2025-08-27T20:32:51.363Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-10968 (GCVE-0-2020-10968)

    Vulnerability from cvelistv5 – Published: 2020-03-26 12:43 – Updated: 2024-08-04 11:21
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    fasterxml jackson-databind Affected: 2.0.0 , < 2.9.10.4 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.4",
                    "status": "affected",
                    "version": "2.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-10968",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:46.867668Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T19:57:31.283Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:21:14.276Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2662"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:38:43.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2662"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-10968",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
                },
                {
                  "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2662",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2662"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-10968",
        "datePublished": "2020-03-26T12:43:45.000Z",
        "dateReserved": "2020-03-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:21:14.276Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-10969 (GCVE-0-2020-10969)

    Vulnerability from cvelistv5 – Published: 2020-03-26 12:43 – Updated: 2024-08-04 11:21
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    fasterxml jackson-databind Affected: 2.0.0 , < 2.9.10.4 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.4",
                    "status": "affected",
                    "version": "2.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-10969",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:45.779442Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T19:58:54.159Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:21:13.816Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2642"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:38:44.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2642"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-10969",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
                },
                {
                  "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2642",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2642"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-10969",
        "datePublished": "2020-03-26T12:43:34.000Z",
        "dateReserved": "2020-03-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:21:13.816Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-10672 (GCVE-0-2020-10672)

    Vulnerability from cvelistv5 – Published: 2020-03-18 21:17 – Updated: 2024-08-04 11:06
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    fasterxml jackson-databind Affected: 2.0.0 , < 2.9.10.4 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.4",
                    "status": "affected",
                    "version": "2.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-10672",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:48.872316Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T19:56:32.131Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:06:11.143Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2659"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:38:38.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2659"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-10672",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
                },
                {
                  "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2659",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2659"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-10672",
        "datePublished": "2020-03-18T21:17:43.000Z",
        "dateReserved": "2020-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:06:11.143Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-10673 (GCVE-0-2020-10673)

    Vulnerability from cvelistv5 – Published: 2020-03-18 21:17 – Updated: 2025-08-27 20:32
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    debian debian_linux Affected: 8.0
        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Create a notification for this product.
    netapp steelstore_cloud_integrated_storage Affected: *
        cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle agile_plm Affected: 9.3.6
        cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle autovue_for_agile_product_lifecycle_management Affected: 21.0.2
        cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle banking_digital_experience Affected: 18.1 , ≤ 18.3 (custom)
    Affected: 19.1 , ≤ 19.2 (custom)
    Affected: 20.1
    Affected: 2.4.0 , ≤ 2.9.0 (custom)
        cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_calendar_server Affected: 8.0.0.4.0 , ≤ 8.0.0.5.0 (custom)
        cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_diameter_signaling_router Affected: 8.0.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_element_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_evolved_communications_application_server Affected: 7.1
        cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_instant_messaging_server Affected: 10.0.1.4.0
        cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 6.0.1
        cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_network_charging_and_control Affected: 12.0.0 , ≤ 12.0.3 (custom)
        cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle communications_session_route_manager Affected: 8.2.0 , ≤ 8.2.2 (custom)
        cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle enterprise_manager_base_platform Affected: 13.3.0.0 , ≤ 13.4.0.0 (custom)
        cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_analytical_applications_infrastructure Affected: 8.0.6 , ≤ 8.1.0 (custom)
        cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_institutional_performance_analytics Affected: 8.0.6
    Affected: 8.0.7
    Affected: 8.1.0
        cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_price_creation_and_discovery Affected: 8.0.6 , ≤ 8.0.7 (custom)
        cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle financial_services_retail_customer_analytics Affected: 8.0.6
        cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle global_lifecycle_management_opatch Affected: 0 , ≤ 12.2.0.1.20 (custom)
        cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle insurance_policy_administration_j2ee Affected: 11.0.2.25 , < 11.1.0.15 (custom)
        cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle jd_edwards_enterpriseone_orchestrator Affected: 0 , ≤ 9.2.4.2 (custom)
        cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle primavera_unifier Affected: 16.1
    Affected: 16.2
    Affected: 17.7 , ≤ 17.12 (custom)
    Affected: 18.8
    Affected: 19.12
        cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_merchandising_system Affected: 15.0
        cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_sales_audit Affected: 14.1
        cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_service_backbone Affected: 14.1
    Affected: 15.0
    Affected: 16.0
        cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle retail_xstore_point_of_service Affected: 15.0 , ≤ 19.0 (custom)
        cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
    Create a notification for this product.
    oracle weblogic_server Affected: 12.2.1.3.0 , ≤ 12.2.1.4.0 (custom)
        cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    fasterxml jackson-databind Affected: 2.0.0 , < 2.9.10.4 (custom)
        cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "debian_linux",
                "vendor": "debian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "steelstore_cloud_integrated_storage",
                "vendor": "netapp",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "agile_plm",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "9.3.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "autovue_for_agile_product_lifecycle_management",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "21.0.2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "banking_digital_experience",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "18.3",
                    "status": "affected",
                    "version": "18.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "19.2",
                    "status": "affected",
                    "version": "19.1",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "20.1"
                  },
                  {
                    "lessThanOrEqual": "2.9.0",
                    "status": "affected",
                    "version": "2.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_calendar_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.0.5.0",
                    "status": "affected",
                    "version": "8.0.0.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_diameter_signaling_router",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_element_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_evolved_communications_application_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_instant_messaging_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0.1.4.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.0.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_network_charging_and_control",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.3",
                    "status": "affected",
                    "version": "12.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "communications_session_route_manager",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.2",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_manager_base_platform",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "13.4.0.0",
                    "status": "affected",
                    "version": "13.3.0.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_analytical_applications_infrastructure",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.1.0",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_institutional_performance_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  },
                  {
                    "status": "affected",
                    "version": "8.0.7"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_price_creation_and_discovery",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "8.0.7",
                    "status": "affected",
                    "version": "8.0.6",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "financial_services_retail_customer_analytics",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "global_lifecycle_management_opatch",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.0.1.20",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "insurance_policy_administration_j2ee",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThan": "11.1.0.15",
                    "status": "affected",
                    "version": "11.0.2.25",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jd_edwards_enterpriseone_orchestrator",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "primavera_unifier",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.1"
                  },
                  {
                    "status": "affected",
                    "version": "16.2"
                  },
                  {
                    "lessThanOrEqual": "17.12",
                    "status": "affected",
                    "version": "17.7",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "18.8"
                  },
                  {
                    "status": "affected",
                    "version": "19.12"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_merchandising_system",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_sales_audit",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_service_backbone",
                "vendor": "oracle",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.1"
                  },
                  {
                    "status": "affected",
                    "version": "15.0"
                  },
                  {
                    "status": "affected",
                    "version": "16.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "retail_xstore_point_of_service",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "19.0",
                    "status": "affected",
                    "version": "15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "weblogic_server",
                "vendor": "oracle",
                "versions": [
                  {
                    "lessThanOrEqual": "12.2.1.4.0",
                    "status": "affected",
                    "version": "12.2.1.3.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jackson-databind",
                "vendor": "fasterxml",
                "versions": [
                  {
                    "lessThan": "2.9.10.4",
                    "status": "affected",
                    "version": "2.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-10673",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-25T04:00:47.873963Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T20:32:51.171Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:06:10.672Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2660"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:38:39.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2660"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-10673",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
                },
                {
                  "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2660",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2660"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-10673",
        "datePublished": "2020-03-18T21:17:26.000Z",
        "dateReserved": "2020-03-18T00:00:00.000Z",
        "dateUpdated": "2025-08-27T20:32:51.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-9546 (GCVE-0-2020-9546)

    Vulnerability from cvelistv5 – Published: 2020-03-02 03:59 – Updated: 2024-08-04 10:34
    VLAI
    Summary
    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:34:39.829Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
              },
              {
                "name": "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "name": "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FasterXML/jackson-databind/issues/2631"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E"
              },
              {
                "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-20T10:40:28.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
            },
            {
              "name": "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FasterXML/jackson-databind/issues/2631"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-9546",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
                },
                {
                  "name": "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E"
                },
                {
                  "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
                  "refsource": "MISC",
                  "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://github.com/FasterXML/jackson-databind/issues/2631",
                  "refsource": "MISC",
                  "url": "https://github.com/FasterXML/jackson-databind/issues/2631"
                },
                {
                  "name": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E",
                  "refsource": "MISC",
                  "url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E"
                },
                {
                  "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200904-0006/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-9546",
        "datePublished": "2020-03-02T03:59:18.000Z",
        "dateReserved": "2020-03-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:34:39.829Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11358 (GCVE-0-2019-11358)

    Vulnerability from cvelistv5 – Published: 2019-04-19 00:00 – Updated: 2024-11-15 15:11
    VLAI
    Summary
    jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.drupal.org/sa-core-2019-006
    https://www.synology.com/security/advisory/Synolo…
    https://www.debian.org/security/2019/dsa-4434 vendor-advisory
    https://seclists.org/bugtraq/2019/Apr/32 mailing-list
    http://www.securityfocus.com/bid/108023 vdb-entry
    https://lists.apache.org/thread.html/08720ef215ee… mailing-list
    https://lists.apache.org/thread.html/b736d0784cf0… mailing-list
    https://lists.apache.org/thread.html/88fb0362fd40… mailing-list
    https://lists.apache.org/thread.html/5928aa293e39… mailing-list
    https://lists.apache.org/thread.html/6097cdbd6f0a… mailing-list
    https://lists.debian.org/debian-lts-announce/2019… mailing-list
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://seclists.org/bugtraq/2019/May/18 mailing-list
    http://packetstormsecurity.com/files/152787/dotCM…
    http://seclists.org/fulldisclosure/2019/May/11 mailing-list
    http://seclists.org/fulldisclosure/2019/May/10 mailing-list
    http://seclists.org/fulldisclosure/2019/May/13 mailing-list
    https://lists.debian.org/debian-lts-announce/2019… mailing-list
    http://www.openwall.com/lists/oss-security/2019/06/03/2 mailing-list
    http://packetstormsecurity.com/files/153237/Retir…
    https://access.redhat.com/errata/RHSA-2019:1456 vendor-advisory
    https://www.debian.org/security/2019/dsa-4460 vendor-advisory
    https://seclists.org/bugtraq/2019/Jun/12 mailing-list
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://access.redhat.com/errata/RHBA-2019:1570 vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://lists.apache.org/thread.html/ba79cf165874… mailing-list
    https://access.redhat.com/errata/RHSA-2019:2587 vendor-advisory
    https://security.netapp.com/advisory/ntap-2019091…
    https://access.redhat.com/errata/RHSA-2019:3023 vendor-advisory
    https://access.redhat.com/errata/RHSA-2019:3024 vendor-advisory
    https://lists.apache.org/thread.html/b0656d359c7d… mailing-list
    https://lists.apache.org/thread.html/519eb0fd4564… mailing-list
    https://lists.apache.org/thread.html/f9bc3e55f4e2… mailing-list
    https://lists.apache.org/thread.html/bcce5a9c532b… mailing-list
    https://www.tenable.com/security/tns-2019-08
    https://lists.apache.org/thread.html/rca37935d661… mailing-list
    https://lists.debian.org/debian-lts-announce/2020… mailing-list
    http://packetstormsecurity.com/files/156743/Octob…
    https://www.tenable.com/security/tns-2020-02
    https://lists.apache.org/thread.html/r38f0d1aa3c9… mailing-list
    https://lists.apache.org/thread.html/r7aac081cbdd… mailing-list
    https://lists.apache.org/thread.html/rac25da84ecd… mailing-list
    https://lists.apache.org/thread.html/r2041a75d3fc… mailing-list
    https://lists.apache.org/thread.html/r7e8ebccb7c0… mailing-list
    https://lists.apache.org/thread.html/r41b5bfe009c… mailing-list
    https://lists.apache.org/thread.html/r2baacab6e0a… mailing-list
    https://www.oracle.com/security-alerts/cpuapr2020.html
    https://lists.apache.org/thread.html/r7d64895cc4d… mailing-list
    https://www.oracle.com/security-alerts/cpujul2020.html
    https://www.oracle.com/technetwork/security-advis…
    https://www.oracle.com/technetwork/security-advis…
    https://www.oracle.com/security-alerts/cpujan2020.html
    https://backdropcms.org/security/backdrop-sa-core…
    https://blog.jquery.com/2019/04/10/jquery-3-4-0-r…
    https://snyk.io/vuln/SNYK-JS-JQUERY-174006
    https://github.com/jquery/jquery/pull/4333
    https://github.com/jquery/jquery/commit/753d591ae…
    https://www.privacy-wise.com/mitigating-cve-2019-…
    https://www.oracle.com/security-alerts/cpuoct2020.html
    https://kb.pulsesecure.net/articles/Pulse_Securit…
    https://www.oracle.com/security-alerts/cpujan2021.html
    https://www.oracle.com/security-alerts/cpuApr2021.html
    https://www.oracle.com//security-alerts/cpujul2021.html
    https://www.oracle.com/security-alerts/cpuoct2021.html
    https://www.oracle.com/security-alerts/cpujan2022.html
    https://supportportal.juniper.net/s/article/2021-…
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:48:09.199Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/sa-core-2019-006"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
              },
              {
                "name": "DSA-4434",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4434"
              },
              {
                "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Apr/32"
              },
              {
                "name": "108023",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108023"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
              },
              {
                "name": "FEDORA-2019-eba8e44ee6",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
              },
              {
                "name": "FEDORA-2019-1a3edd7e8a",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
              },
              {
                "name": "FEDORA-2019-7eaf0bbe7c",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
              },
              {
                "name": "FEDORA-2019-2a0ce0c58c",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
              },
              {
                "name": "FEDORA-2019-a06dffab1c",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
              },
              {
                "name": "FEDORA-2019-f563e66380",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
              },
              {
                "name": "20190509 dotCMS v5.1.1 Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/May/18"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
              },
              {
                "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/11"
              },
              {
                "name": "20190510 dotCMS v5.1.1 Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/10"
              },
              {
                "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/13"
              },
              {
                "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
              },
              {
                "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
              },
              {
                "name": "RHSA-2019:1456",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:1456"
              },
              {
                "name": "DSA-4460",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4460"
              },
              {
                "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Jun/12"
              },
              {
                "name": "openSUSE-SU-2019:1839",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
              },
              {
                "name": "RHBA-2019:1570",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHBA-2019:1570"
              },
              {
                "name": "openSUSE-SU-2019:1872",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
              },
              {
                "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
              },
              {
                "name": "RHSA-2019:2587",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2587"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
              },
              {
                "name": "RHSA-2019:3023",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3023"
              },
              {
                "name": "RHSA-2019:3024",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3024"
              },
              {
                "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
              },
              {
                "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
              },
              {
                "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
              },
              {
                "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2019-08"
              },
              {
                "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
              },
              {
                "name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2020-02"
              },
              {
                "name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
              },
              {
                "name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
              },
              {
                "name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/pull/4333"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
              },
              {
                "name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-11358",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-20T15:03:16.892088Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T15:11:23.024Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-31T02:06:52.187Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-core-2019-006"
            },
            {
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
            },
            {
              "name": "DSA-4434",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4434"
            },
            {
              "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://seclists.org/bugtraq/2019/Apr/32"
            },
            {
              "name": "108023",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securityfocus.com/bid/108023"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
            },
            {
              "name": "FEDORA-2019-eba8e44ee6",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
            },
            {
              "name": "FEDORA-2019-1a3edd7e8a",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
            },
            {
              "name": "FEDORA-2019-7eaf0bbe7c",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
            },
            {
              "name": "FEDORA-2019-2a0ce0c58c",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
            },
            {
              "name": "FEDORA-2019-a06dffab1c",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
            },
            {
              "name": "FEDORA-2019-f563e66380",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
            },
            {
              "name": "20190509 dotCMS v5.1.1 Vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "https://seclists.org/bugtraq/2019/May/18"
            },
            {
              "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
            },
            {
              "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/11"
            },
            {
              "name": "20190510 dotCMS v5.1.1 Vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/10"
            },
            {
              "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/13"
            },
            {
              "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
            },
            {
              "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
            },
            {
              "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
            },
            {
              "name": "RHSA-2019:1456",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:1456"
            },
            {
              "name": "DSA-4460",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4460"
            },
            {
              "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://seclists.org/bugtraq/2019/Jun/12"
            },
            {
              "name": "openSUSE-SU-2019:1839",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
            },
            {
              "name": "RHBA-2019:1570",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHBA-2019:1570"
            },
            {
              "name": "openSUSE-SU-2019:1872",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
            },
            {
              "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
            },
            {
              "name": "RHSA-2019:2587",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2587"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
            },
            {
              "name": "RHSA-2019:3023",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3023"
            },
            {
              "name": "RHSA-2019:3024",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3024"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
            },
            {
              "url": "https://www.tenable.com/security/tns-2019-08"
            },
            {
              "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
            },
            {
              "url": "https://www.tenable.com/security/tns-2020-02"
            },
            {
              "name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
            },
            {
              "name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
            },
            {
              "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
            },
            {
              "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
            },
            {
              "url": "https://github.com/jquery/jquery/pull/4333"
            },
            {
              "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
            },
            {
              "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
            },
            {
              "name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-11358",
        "datePublished": "2019-04-19T00:00:00.000Z",
        "dateReserved": "2019-04-19T00:00:00.000Z",
        "dateUpdated": "2024-11-15T15:11:23.024Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }