diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2020-09-19 13:46:26 +0200 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-09-19 13:46:26 +0200 |
| commit | a050f4cfe9d34443aef9abd61c272e9015898a6c (patch) | |
| tree | 171bc5862a94340e5eb4a49ed4ba2c3d77c7fde7 | |
| parent | 7f5b06abff15420e8977cb012675b7c06cde1177 (diff) | |
Add CVE-2020-24750
| -rw-r--r-- | data/CVE/list.2020 | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 1f75abcb67..db710d0770 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -2161,7 +2161,11 @@ CVE-2020-24752 CVE-2020-24751 RESERVED CVE-2020-24750 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interact ...) - TODO: check + - jackson-databind <unfixed> + [buster] - jackson-databind <no-dsa> (Minor issue) + NOTE: https://github.com/FasterXML/jackson-databind/issues/2798 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. CVE-2020-24749 RESERVED CVE-2020-24748 |