CVE

GHSA-qq48-m4jx-xqh8

"Deserialization errors in MyBatis"

Back to all

CVE

GHSA-qq48-m4jx-xqh8

"Deserialization errors in MyBatis"

MyBatis before 3.5.6 mishandles deserialization of object streams leading to potential cache poisoning.

Package Versions Affected

org.mybatis:mybatis 3.5.5

Available

Unavailable

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

8.1

3.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

3.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1

3.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Related Resources

No items found.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-26945, https://github.com/mybatis/mybatis-3/pull/2079, https://github.com/mybatis/mybatis-3/releases/tag/mybatis-3.5.6

Severity

8.1

CVSS Score

Basic Information

Ecosystem

Base CVSS

8.1

EPSS Probability

0.00595%

EPSS Percentile

0.68686%

Introduced Version

3.0.1

Fix Available

3.5.6

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

GHSA-qq48-m4jx-xqh8

GHSA-qq48-m4jx-xqh8

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

8.1

Basic Information

Fix Critical Vulnerabilities Instantly