[Git][security-tracker-team/security-tracker][master] Add CVE-2021-20190/jackson-databind
Salvatore Bonaccorso
carnil at debian.org
Tue Jan 19 06:31:13 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ad4f89c3 by Salvatore Bonaccorso at 2021-01-19T07:30:44+01:00
Add CVE-2021-20190/jackson-databind
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11967,6 +11967,12 @@ CVE-2021-20191
NOTE: https://github.com/ansible-collections/cisco.nxos/pull/227
CVE-2021-20190
RESERVED
+ - jackson-databind 2.12.1-1
+ [buster] - jackson-databind <no-dsa> (Minor issue)
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/2854
+ NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
+ NOTE: but still an issue when Default Typing is enabled.
+ NOTE: https://github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a
CVE-2021-20189
REJECTED
CVE-2021-20188
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad4f89c3b60e0262fbd47c4e48c401a54efe81a9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad4f89c3b60e0262fbd47c4e48c401a54efe81a9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210119/b39b3174/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list