CVE
CVE-2020-24616
Code Injection in jackson-databind
This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
Endor Patches
Patch Name
Vulnerabilities fixed
Lines of Code Changed