Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
patchinfo.17954
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.17954
<patchinfo incident="17954"> <issue tracker="cve" id="2021-20190"/> <issue tracker="cve" id="2020-35728"/> <issue tracker="cve" id="2020-25649"/> <issue tracker="bnc" id="1181118">VUL-0: CVE-2021-20190: jackson-databind: SSRF due to mishandling interaction between serialization gadgets and typing</issue> <issue tracker="bnc" id="1180391">VUL-0: CVE-2020-35728: jackson-databind: mishandles the interaction between serialization gadgets and typing</issue> <issue tracker="bnc" id="1177616">VUL-0: CVE-2020-25649: jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)</issue> <packager>fstrba</packager> <rating>moderate</rating> <category>security</category> <summary>Security update for jackson-databind</summary> <description>This update for jackson-databind fixes the following issues: jackson-databind was updated to 2.10.5.1: * #2589: `DOMDeserializer`: setExpandEntityReferences(false) may not prevent external entity expansion in all cases (CVE-2020-25649, bsc#1177616) * #2787 (partial fix): NPE after add mixin for enum * #2679: 'ObjectMapper.readValue("123", Void.TYPE)' throws "should never occur" </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor