{ "data_type": "CVE", "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20190", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "n/a", "product": { "product_data": [ { "product_name": "jackson-databind", "version": { "version_data": [ { "version_value": "jackson-databind 2.9.10.7" } ] } } ] } } ] } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-502" } ] } ] }, "references": { "reference_data": [ { "refsource": "MISC", "name": "https://github.com/FasterXML/jackson-databind/issues/2854", "url": "https://github.com/FasterXML/jackson-databind/issues/2854" }, { "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1916633", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916633" }, { "refsource": "MLIST", "name": "[nifi-commits] 20210222 svn commit: r1886814 - /nifi/site/trunk/security.html", "url": "https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a@%3Ccommits.nifi.apache.org%3E" }, { "refsource": "MLIST", "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update", "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "url": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "name": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210219-0008/", "url": "https://security.netapp.com/advisory/ntap-20210219-0008/" } ] }, "description": { "description_data": [ { "lang": "eng", "value": "A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." } ] } }