DEBIAN-CVE-2021-20190

DEBIAN-CVE-2021-20190 PUBLISHED CVSS 8.100000381469727 HIGH

A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Risk Scores

CVSS 3.1

8.100000381469727

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:12	jackson-databind	0, 0, 0
Debian:14	jackson-databind	0, 0, 0
Debian:11	jackson-databind	0, 0, 0
Debian:13	jackson-databind	0, 0, 0

Timeline

Jan 19, 2021 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2021-20190 advisory

Open in Interactive Console →