Block one more gadget type (javax.swing, CVE-2020-20190)

Another gadget type(s) has been reported regarding a class(es) of JDK Swing.

See https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 for description of the general problem.

Mitre id: CVE-2021-20190 (see https://nvd.nist.gov/vuln/detail/CVE-2021-20190)
Reporter(s): Yangkun(ICSL)

Fix is be included in:

* 2.9.10.7 (released 02-Dec-2020)
* 2.6.7.5 (released 22-Jun-2021)
* Not considered valid CVE for Jackson 2.10.0 and later (see https://medium.com/@cowtowncoder/jackson-2-10-safe-default-typing-2d018f0ce2ba)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Block one more gadget type (javax.swing, CVE-2020-20190) #2854

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Block one more gadget type (javax.swing, CVE-2020-20190) #2854

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions