Description
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| EAP-CD 19 Tech Preview | |||
| jackson-databind | cpe:/a:redhat:jboss_enterprise_application_platform_cd:19 | RHSA-2020:2333 | 2020-05-28T00:00:00Z |
| Red Hat Data Grid 7.3.7 | |||
| jackson-databind | cpe:/a:redhat:jboss_data_grid:7.3 | RHSA-2020:3779 | 2020-09-17T00:00:00Z |
| Red Hat Decision Manager 7 | |||
| jackson-databind | cpe:/a:redhat:jboss_enterprise_brms_platform:7.8 | RHSA-2020:3196 | 2020-07-29T00:00:00Z |
| Red Hat Fuse 7.7.0 | |||
| jackson-databind | cpe:/a:redhat:jboss_fuse:7 | RHSA-2020:3192 | 2020-07-28T00:00:00Z |
| Red Hat Process Automation 7 | |||
| jackson-databind | cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8 | RHSA-2020:3197 | 2020-07-29T00:00:00Z |
| Red Hat Single Sign-On 7.4.0 | |||
| jackson-databind | cpe:/a:redhat:red_hat_single_sign_on:7 | RHSA-2020:5625 | 2020-12-17T00:00:00Z |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | |||
| rh-maven35-jackson-databind-0:2.7.6-2.9.el7 | cpe:/a:redhat:rhel_software_collections:3::el7 | RHSA-2020:1523 | 2020-04-21T00:00:00Z |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | |||
| rh-maven35-jackson-databind-0:2.7.6-2.9.el7 | cpe:/a:redhat:rhel_software_collections:3::el7 | RHSA-2020:1523 | 2020-04-21T00:00:00Z |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | |||
| rh-maven35-jackson-databind-0:2.7.6-2.9.el7 | cpe:/a:redhat:rhel_software_collections:3::el7 | RHSA-2020:1523 | 2020-04-21T00:00:00Z |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | |||
| rh-maven35-jackson-databind-0:2.7.6-2.9.el7 | cpe:/a:redhat:rhel_software_collections:3::el7 | RHSA-2020:1523 | 2020-04-21T00:00:00Z |
| Text-Only RHOAR | |||
| cpe:/a:redhat:openshift_application_runtimes:1.0 | RHSA-2020:2067 | 2020-05-18T00:00:00Z | |
No data available yet.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DLA |
DLA-2179-1 | jackson-databind security update |
 Github GHSA |
GHSA-58pp-9c76-5625 | jackson-databind mishandles the interaction between serialization gadgets and typing |
 Ubuntu USN |
USN-4813-1 | Jackson Databind vulnerabilities |
References
History
Mon, 23 Feb 2026 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:* |
|
| Metrics |
ssvc
|
Subscriptions
Debian
Subscribe
Debian Linux
Subscribe
Fasterxml
Subscribe
Jackson-databind
Subscribe
Netapp
Subscribe
Steelstore Cloud Integrated Storage
Subscribe
Oracle
Subscribe
Agile Plm
Subscribe
Autovue For Agile Product Lifecycle Management
Subscribe
Banking Digital Experience
Subscribe
Banking Platform
Subscribe
Communications Calendar Server
Subscribe
Communications Contacts Server
Subscribe
Communications Diameter Signaling Router
Subscribe
Communications Element Manager
Subscribe
Communications Evolved Communications Application Server
Subscribe
Communications Instant Messaging Server
Subscribe
Communications Network Charging And Control
Subscribe
Communications Session Report Manager
Subscribe
Communications Session Route Manager
Subscribe
Enterprise Manager Base Platform
Subscribe
Financial Services Analytical Applications Infrastructure
Subscribe
Financial Services Institutional Performance Analytics
Subscribe
Financial Services Price Creation And Discovery
Subscribe
Financial Services Retail Customer Analytics
Subscribe
Global Lifecycle Management Opatch
Subscribe
Insurance Policy Administration J2ee
Subscribe
Jd Edwards Enterpriseone Orchestrator
Subscribe
Jd Edwards Enterpriseone Tools
Subscribe
Primavera Unifier
Subscribe
Retail Merchandising System
Subscribe
Retail Sales Audit
Subscribe
Retail Service Backbone
Subscribe
Retail Xstore Point Of Service
Subscribe
Weblogic Server
Subscribe
Redhat
Subscribe
Jboss Data Grid
Subscribe
Jboss Enterprise Application Platform Cd
Subscribe
Jboss Enterprise Bpms Platform
Subscribe
Jboss Enterprise Brms Platform
Subscribe
Jboss Fuse
Subscribe
Openshift Application Runtimes
Subscribe
Red Hat Single Sign On
Subscribe
Rhel Software Collections
Subscribe
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-04T11:21:14.621Z
Reserved: 2020-03-31T00:00:00.000Z
Link: CVE-2020-11112
Vulnrichment
Updated: 2024-08-04T11:21:14.621Z
NVD
Status : Analyzed
Published: 2020-03-31T05:15:13.070
Modified: 2026-04-29T18:58:57.883
Link: CVE-2020-11112
Redhat
OpenCVE Enrichment
No data.