cve/2020/CVE-2020-9548.md

CVE-2020-9548

Description

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).

POC

Reference

• https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
• https://www.oracle.com/security-alerts/cpujan2021.html
• https://www.oracle.com/security-alerts/cpujul2020.html
• https://www.oracle.com/security-alerts/cpuoct2020.html
• https://www.oracle.com/security-alerts/cpuoct2021.html

Github

• https://github.com/0xT11/CVE-POC
• https://github.com/20142995/sectool
• https://github.com/ARPSyndicate/cvemon
• https://github.com/CnHack3r/Penetration_PoC
• https://github.com/Dzmitry-Basiachenka/dist-foreign-aliakh
• https://github.com/EchoGin404/-
• https://github.com/EchoGin404/gongkaishouji
• https://github.com/Mr-xn/Penetration_Testing_POC
• https://github.com/OWASP/www-project-ide-vulscanner
• https://github.com/PalindromeLabs/Java-Deserialization-CVEs
• https://github.com/YIXINSHUWU/Penetration_Testing_POC
• https://github.com/developer3000S/PoC-in-GitHub
• https://github.com/fairyming/CVE-2020-9548
• https://github.com/hasee2018/Penetration_Testing_POC
• https://github.com/hectorgie/PoC-in-GitHub
• https://github.com/huike007/penetration_poc
• https://github.com/huike007/poc
• https://github.com/lions2012/Penetration_Testing_POC
• https://github.com/lnick2023/nicenice
• https://github.com/nomi-sec/PoC-in-GitHub
• https://github.com/password520/Penetration_PoC
• https://github.com/qazbnm456/awesome-cve-poc
• https://github.com/seal-community/patches
• https://github.com/soosmile/POC
• https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
• https://github.com/xbl3/awesome-cve-poc_qazbnm456
• https://github.com/xuetusummer/Penetration_Testing_POC
• https://github.com/yahoo/cubed
• https://github.com/yedada-wei/-
• https://github.com/yedada-wei/gongkaishouji