Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-758m-v56v-grj4

GitHub Security Advisory

jackson-databind mishandles the interaction between serialization gadgets and typing

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.

Affected Packages

Maven com.fasterxml.jackson.core:jackson-databind
Affected versions: 2.9.0 (fixed in 2.9.10.4)

Related CVEs

CVE-2020-10969

Key Information

GHSA ID
GHSA-758m-v56v-grj4
Published
April 23, 2020 9:36 PM
Last Modified
June 25, 2024 1:46 PM
CVSS Score
7.5 /10
Primary Ecosystem
Maven
Primary Package
com.fasterxml.jackson.core:jackson-databind
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 11, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.