[Bug 1165421] New: VUL-1: CVE-2020-9547: jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).

2 Mar 2020

      http://bugzilla.opensuse.org/show_bug.cgi?id=1165421

            Bug ID: 1165421
           Summary: VUL-1: CVE-2020-9547: jackson-databind: mishandles the
                    interaction between serialization gadgets and typing,
                    related to
                    com.ibatis.sqlmap.engine.transaction.jta.JtaTransactio
                    nConfig (aka ibatis-sqlmap).
    Classification: openSUSE
           Product: openSUSE Distribution
           Version: Leap 15.2
          Hardware: Other
               URL: https://smash.suse.de/issue/254022/
                OS: Other
            Status: NEW
          Severity: Minor
          Priority: P5 - None
         Component: Security
          Assignee: security-team@suse.de
          Reporter: wolfgang.frisch@suse.com
        QA Contact: security-team@suse.de
          Found By: Security Response Team
           Blocker: ---

CVE-2020-9547

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction
between serialization gadgets and typing, related to
com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka
ibatis-sqlmap).

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9547
https://github.com/FasterXML/jackson-databind/issues/2634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9547
https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you...

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 1165421] New: VUL-1: CVE-2020-9547: jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).

bugzilla_noreply＠novell.com