Back to Advisories
🔔 CVE Advisory

CVE-2020-11619

Jackson

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop)

Year 2020
Published July 1, 2020

Advisory Information

Affected Product Jackson
Title CVE-2020-11619
Description

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop)

Year 2020
Published Date July 1, 2020
View Full CVE Advisory

Affected Vendors

J
Jackson

Research Team

D(
duongbv2 (Bùi Văn Dương)