CVE-2020-25649high
Description
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
References
https://github.com/FasterXML/jackson-databind/issues/2589
https://bugzilla.redhat.com/show_bug.cgi?id=1887664
https://lists.apache.org/thread.html/[email protected]%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommits.servicecomb.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommits.zookeeper.apache.org%3E
https://security.netapp.com/advisory/ntap-20210108-0007/
https://lists.apache.org/thread.html/[email protected]%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.hive.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommits.turbine.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Creviews.iotdb.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cnotifications.iotdb.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Creviews.iotdb.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccommits.iotdb.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Creviews.iotdb.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.knox.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.knox.apache.org%3E
https://www.oracle.com/security-alerts/cpuApr2021.html
https://lists.apache.org/thread.html/[email protected]%3Cuser.spark.apache.org%3E
https://www.oracle.com//security-alerts/cpujul2021.html
https://lists.apache.org/thread.html/[email protected]%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cissues.hive.apache.org%3E
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
Details
Source: MITRE
Published: 2020-12-03
Updated: 2023-02-02
Type: CWE-611
Risk Information
CVSS v2
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
CVSS v3
Base Score: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH