VDB
CVE-2021-20190
CVE-2021-20190
PUBLISHED
A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
EPSS 0.50% · 66.4th percentile
Risk Scores
EPSS Score
0.50%
66.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | nifi | 1.7.0 |
| Bitnami | nifi | 1.7.0 |
Timeline
- Jan 19, 2021 CVE Published
- Apr 14, 2021 EPSS Score
- Apr 27, 2021 EPSS Score
- Jul 21, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1916633 url
- https://github.com/FasterXML/jackson-databind/issues/2854 url
- https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a%40%3Ccommits.nifi.apache.org%3E url
- https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html url
- https://nvd.nist.gov/vuln/detail/CVE-2021-20190 url
- https://security.netapp.com/advisory/ntap-20210219-0008/ url
- https://www.oracle.com//security-alerts/cpujul2021.html url
- Multiples vulnérabilités dans les produits Splunk advisory