Block 2 more gadget types (org.apache.tomcat/tomcat-dbcp, CVE-2020-36184/CVE-2020-36185)

Another gadget type(s) reported regarding class(es) of `org.apache.tomcat/tomcat-dbcp` library.
See https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 for description of the general problem.

Reporter(s): Al1ex@knownsec
Mitre id(s): 

* [CVE-2020-36184](CVE-2020-36184)
* [CVE-2020-36185](CVE-2020-36185)

Note: derivative of #2986 (embedded Apache DBCP 2.x)

Fix will be included in:

* 2.9.10.8 (usable via `jackson-bom` version ---)
* Not considered valid CVE for Jackson 2.10.0 and later (see https://medium.com/@cowtowncoder/jackson-2-10-safe-default-typing-2d018f0ce2ba)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Block 2 more gadget types (org.apache.tomcat/tomcat-dbcp, CVE-2020-36184/CVE-2020-36185) #2998

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Block 2 more gadget types (org.apache.tomcat/tomcat-dbcp, CVE-2020-36184/CVE-2020-36185) #2998

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions