CVE-2020-36182

Name of the Vulnerable Software and Affected Versions FasterXML jackson-databind versions 2.0.0 through 2.9.10.7 FasterXML jackson-databind versions 2.6.0 through 2.6.7.4

Description The issue is related to the interaction between serialization gadgets and typing, specifically with the org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS component. This can lead to the exploitation of the vulnerability, potentially allowing a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For FasterXML jackson-databind versions 2.0.0 through 2.9.10.7, update to version 2.9.10.8 or later. For FasterXML jackson-databind versions 2.6.0 through 2.6.7.4, update to version 2.6.7.5 or later. As a temporary workaround, consider disabling the use of the org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS component until a patch is available.