En

Jackson官网安全更新(2021-09-04)

来源:Jackson官网 发布日期:2021-09-04 阅读次数:58 评论:0

基本信息

发布日期:2021-09-04(官方当地时间)

更新类型:安全更新

更新版本:未知

感知时间:2021-09-15 13:11:21

风险等级:未知

情报贡献:TSRC

更新标题

Block 2 more gadget types

更新详情

Another gadget type(s) reported regarding class(es) of [library to include on publish] library.
(see https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 for description of the general problem).

The current criteria for considering a block is specified as follows:

https://github.com/FasterXML/jackson/wiki/Jackson-Polymorphic-Deserialization-CVE-Criteria

and the reported type(s) fulfill the criteria.

Reporter(s):
Mitre id(s):

* Not (yet?) requested

Fix would be included in:

* 2.9.10.9 (usable via `jackson-bom` version ---) if fix is released
* Not considered valid CVE for Jackson 2.10.0 and later (see https://medium.com/@cowtowncoder/jackson-2-10-safe-default-typing-2d018f0ce2ba)

软件描述

json处理库

CVE编号

TSRC分析

暂无

业界资讯

暂无

评论

提交评论 您输入的评论有误,请重新输入