PT-2020-5476 · Oracle+4 · Jeditorpane+4

Published

2020-01-31

Updated

2025-07-10

CVE-2020-10969

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FasterXML jackson-databind versions 2.x before 2.9.10.4

Description The issue is related to the restoration of untrusted data in memory, potentially allowing a remote attacker to impact the confidentiality, integrity, and availability of protected information. It is caused by the mishandling of the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.

Recommendations For FasterXML jackson-databind versions 2.x before 2.9.10.4, update to version 2.9.10.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of serialization gadgets and typing related to javax.swing.JEditorPane to minimize the risk of exploitation.

Exploit

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

ALT-PU-2021-1792

BDU:2021-00771

CVE-2020-10969

DLA-2179-1

GHSA-758M-V56V-GRJ4

MGASA-2021-0153

RHSA-2020:1523

RHSA-2020:4366

ROSA-SA-2025-2629

USN-4813-1

Affected Products

Alt Linux

Jeditorpane

Red Os

Ubuntu

Jackson-Databind

PT-2020-5476 · Oracle+4 · Jeditorpane+4

CVE-2020-10969

Weakness Enumeration

Related Identifiers

Affected Products

References · 85