CVE-2020-10969

Priority
Description
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction
between serialization gadgets and typing, related to
javax.swing.JEditorPane.
Notes
sbeattiedebian notes that "starting from 2.10 series mitigated as
Safe Default Typing is enabled by default but still an issue when
Default Typing is enabled.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 19.10 (Eoan Ermine):needs-triage
Ubuntu 20.04 (Focal Fossa):needs-triage
More Information

Updated: 2020-04-24 03:58:47 UTC (commit d3f8a6ed481830fb100109a132bef581fc4176fe)