VDB
BIT-nifi-2021-20190
BIT-nifi-2021-20190
PUBLISHED
CVSS 8.100000381469727 HIGH
A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Risk Scores
CVSS v3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | nifi | 1.7.0, 1.7.0, 1.7.0 |
Timeline
- Sep 12, 2025 CVE Published
- Sep 15, 2025 CVE Updated
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1916633 url
- https://github.com/FasterXML/jackson-databind/issues/2854 url
- https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a%40%3Ccommits.nifi.apache.org%3E url
- https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html url
- https://nvd.nist.gov/vuln/detail/CVE-2021-20190 url
- https://security.netapp.com/advisory/ntap-20210219-0008/ url
- https://www.oracle.com//security-alerts/cpujul2021.html url