Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2020-14061

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).

See the

CVE page on Mitre.org for more details.

References

MISC: https://github.com/Fas...
MISC: https://medium.com/@co...
CONFIRM: https://security.netap...
MLIST: [debian-lts-announce] ...
MISC: https://www.oracle.com...
MISC: https://www.oracle.com...
MISC: https://www.oracle.com...
MISC: https://www.oracle.com...
MISC: https://www.oracle.com...

Launchpad.net

CVE 2020-14061

Related bugs

References