CVE-2020-10968

Name of the Vulnerable Software and Affected Versions FasterXML jackson-databind versions 2.x prior to 2.9.10.4

Description The issue is related to the interaction between serialization gadgets and typing in the FasterXML jackson-databind library, specifically with the org.aoju.bus.proxy.provider.remoting.RmiProvider component, also known as bus-proxy. This component is vulnerable to deserialization of untrusted data, which can lead to unauthorized access and manipulation of sensitive information. The vulnerability can be exploited remotely, potentially affecting the confidentiality, integrity, and availability of protected information.

Recommendations For FasterXML jackson-databind versions 2.x prior to 2.9.10.4, update to version 2.9.10.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the org.aoju.bus.proxy.provider.remoting.RmiProvider component until a patch is applied. Additionally, avoid using the org.aoju.bus.proxy.provider.remoting.RmiProvider component in sensitive environments until the issue is fully resolved.