Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-58pp-9c76-5625

GitHub Security Advisory

jackson-databind mishandles the interaction between serialization gadgets and typing

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).

Affected Packages

Maven com.fasterxml.jackson.core:jackson-databind
Affected versions: 2.9.0 (fixed in 2.9.10.4)

Related CVEs

CVE-2020-11112

Key Information

GHSA ID
GHSA-58pp-9c76-5625
Published
June 10, 2020 9:12 PM
Last Modified
August 30, 2021 2:10 PM
CVSS Score
7.5 /10
Primary Ecosystem
Maven
Primary Package
com.fasterxml.jackson.core:jackson-databind
GitHub Reviewed
✓ Yes

Dataset

Last updated: November 23, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.