What is CVE-2020-9548?

CVE-2020-9548 is a vulnerability in N/a. Published 2020-03-02.

Is CVE-2020-9548 known to be exploited?

37 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-9548

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).

EPSS: 0.620 (98.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update (mailing-list, x_refsource_MLIST)
[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546 (mailing-list, x_refsource_MLIST)
[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546 (mailing-list, x_refsource_MLIST)
[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546 (mailing-list, x_refsource_MLIST)
[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546 (mailing-list, x_refsource_MLIST)
[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546 (mailing-list, x_refsource_MLIST)
[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546 (mailing-list, x_refsource_MLIST)
[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546 (mailing-list, x_refsource_MLIST)
medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-kn… (x_refsource_MISC)
www.oracle.com/security-alerts/cpujul2020.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-9548?: CVE-2020-9548 is a vulnerability in N/a. Published 2020-03-02.
Is CVE-2020-9548 known to be exploited?: 37 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.