CVE-2020-11113 (CNNVD-202003-1735)

HIGH
中文标题:
FasterXML jackson-databind 代码问题漏洞
英文标题:
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg...
CVSS分数: 8.8
发布时间: 2020-03-31 04:37:27
漏洞类型: 代码问题
状态: PUBLISHED
数据质量分数: 0.30
数据版本: v3
漏洞描述
中文描述:

FasterXML jackson-databind是FasterXML公司的一个基于JAVA可以将XML和JSON等数据格式与JAVA对象进行转换的库。Jackson可以轻松的将Java对象转换成json对象和xml文档,同样也可以将json、xml转换成Java对象。 FasterXML jackson-databind 2.9.10.4之前的2.x 版本中存在代码问题漏洞,该漏洞源于错误处理了序列化小工具和类型之间的交互。

英文描述:

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).

CWE类型:
CWE-502
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
fasterxml jackson-databind - - - cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
debian debian_linux 8.0 - - cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
netapp steelstore_cloud_integrated_storage - - - cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
oracle agile_plm 9.3.6 - - cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
oracle autovue_for_agile_product_lifecycle_management 21.0.2 - - cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*
oracle banking_digital_experience - - - cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
oracle communications_calendar_server 8.0.0.4.0 - - cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*
oracle communications_diameter_signaling_router - - - cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*
oracle communications_element_manager - - - cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
oracle communications_evolved_communications_application_server 7.1 - - cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
oracle communications_instant_messaging_server 10.0.1.4.0 - - cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*
oracle communications_network_charging_and_control 6.0.1 - - cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*
oracle communications_network_charging_and_control 12.0.0 - - cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*
oracle communications_session_route_manager - - - cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*
oracle enterprise_manager_base_platform 13.3.0.0 - - cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
oracle financial_services_analytical_applications_infrastructure 8.0.6 - - cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
oracle financial_services_institutional_performance_analytics 8.0.6 - - cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
oracle financial_services_price_creation_and_discovery 8.0.6 - - cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
oracle financial_services_retail_customer_analytics 8.0.6 - - cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*
oracle global_lifecycle_management_opatch - - - cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
oracle insurance_policy_administration_j2ee - - - cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*
oracle jd_edwards_enterpriseone_orchestrator - - - cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*
oracle primavera_unifier - - - cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
oracle retail_merchandising_system 15.0 - - cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*
oracle retail_sales_audit 14.1 - - cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*
oracle retail_service_backbone - - - cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*
oracle retail_xstore_point_of_service 15.0 - - cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
oracle weblogic_server - - - cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*
fasterxml jackson-databind * - - cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
oracle banking_digital_experience 18.1 - - cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
oracle banking_digital_experience 18.2 - - cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
oracle banking_digital_experience 18.3 - - cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
oracle banking_digital_experience 19.1 - - cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
oracle banking_digital_experience 19.2 - - cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
oracle banking_digital_experience 20.1 - - cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
oracle banking_platform * - - cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*
oracle communications_contacts_server 8.0.0.5.0 - - cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*
oracle communications_diameter_signaling_router * - - cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
oracle communications_element_manager * - - cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
oracle communications_network_charging_and_control * - - cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*
oracle communications_session_report_manager * - - cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
oracle communications_session_route_manager * - - cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*
oracle enterprise_manager_base_platform 13.4.0.0 - - cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
oracle financial_services_analytical_applications_infrastructure * - - cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
oracle financial_services_institutional_performance_analytics 8.0.7 - - cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*
oracle financial_services_institutional_performance_analytics 8.1.0 - - cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
oracle financial_services_price_creation_and_discovery 8.0.7 - - cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*
oracle global_lifecycle_management_opatch * - - cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
oracle insurance_policy_administration_j2ee 11.0.2.25 - - cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*
oracle insurance_policy_administration_j2ee 11.1.0.15 - - cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*
oracle jd_edwards_enterpriseone_orchestrator * - - cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*
oracle jd_edwards_enterpriseone_tools * - - cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
oracle primavera_unifier * - - cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
oracle primavera_unifier 16.1 - - cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
oracle primavera_unifier 16.2 - - cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
oracle primavera_unifier 18.8 - - cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
oracle primavera_unifier 19.12 - - cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
oracle retail_service_backbone 14.1 - - cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*
oracle retail_service_backbone 15.0 - - cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*
oracle retail_service_backbone 16.0 - - cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*
oracle retail_xstore_point_of_service 16.0 - - cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*
oracle retail_xstore_point_of_service 17.0 - - cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*
oracle retail_xstore_point_of_service 18.0 - - cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*
oracle retail_xstore_point_of_service 19.0 - - cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*
oracle webcenter_portal 12.2.1.3.0 - - cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
oracle webcenter_portal 12.2.1.4.0 - - cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
oracle weblogic_server 12.2.1.3.0 - - cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
oracle weblogic_server 12.2.1.4.0 - - cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update mailing-list
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
CVSS评分详情
3.1 (adp)
HIGH
8.8
CVSS向量: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
机密性
HIGH
完整性
HIGH
可用性
HIGH
时间信息
发布时间:
2020-03-31 04:37:27
修改时间:
2025-08-27 20:32:51
创建时间:
2025-11-11 15:35:58
更新时间:
2025-11-11 15:55:36
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2020-11113 2025-11-11 15:20:20 2025-11-11 07:35:58
NVD nvd_CVE-2020-11113 2025-11-11 14:56:57 2025-11-11 07:44:26
CNNVD cnnvd_CNNVD-202003-1735 2025-11-11 15:10:24 2025-11-11 07:55:36
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2025-11-11 15:55:36
vulnerability_type: 未提取 → 代码问题; cnnvd_id: 未提取 → CNNVD-202003-1735; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 代码问题
  • cnnvd_id: 未提取 -> CNNVD-202003-1735
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:44:26
affected_products_count: 39 → 68; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • affected_products_count: 39 -> 68
  • data_sources: ['cve'] -> ['cve', 'nvd']