CVE-2020-11112

Name of the Vulnerable Software and Affected Versions FasterXML jackson-databind versions 2.x before 2.9.10.4

Description The issue is related to the interaction between serialization gadgets and typing, specifically with the org.apache.commons.proxy.provider.remoting.RmiProvider component. This can lead to the exploitation of the vulnerability, potentially allowing a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is associated with the mishandling of data deserialization.

Recommendations For FasterXML jackson-databind versions 2.x before 2.9.10.4, update to version 2.9.10.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the org.apache.commons.proxy.provider.remoting.RmiProvider component until a patch is applied.