DEBIAN-CVE-2020-25649

DEBIAN-CVE-2020-25649 PUBLISHED CVSS 7.5 HIGH

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products

Vendor	Product	Versions
Debian:14	jackson-databind	0, 0, 0
Debian:12	jackson-databind	0, 0, 0
Debian:13	jackson-databind	0, 0, 0
Debian:11	jackson-databind	0, 0, 0

Timeline

Dec 3, 2020 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2020-25649 advisory

Open in Interactive Console →