Exploit for #VU25469 Code Injection in jackson-databind

Published: 2020-03-18 | Updated: 2021-01-28

Vulnerability identifier: #VU25469

Vulnerability risk: Medium

CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-8840

CWE-ID: CWE-94

Exploitation vector: Network

Exploits in database: 10

January 28, 2021
- CVE-2020-8840 () [Github]
January 21, 2021
- CVE-2020-8840 (Jackson-databind远程代码执行漏洞（CVE-2020-8840）分析复现环境代码) [Github]
January 6, 2021
- jackson-CVE-2020-8840 (FasterXML/jackson-databind 远程代码执行漏洞) [Github]
December 29, 2020
- CVE-2020-8840 (Jackson-databind远程代码执行漏洞（CVE-2020-8840）分析复现环境代码) [Github]
November 10, 2020
- CVE-2020-8840 (Jackson-databind远程代码执行漏洞（CVE-2020-8840）分析复现环境代码) [Github]
June 19, 2020
- CVE-2020-8840 (jackson jndi injection) [Github]
June 3, 2020
- CVE-2020-8840 (FasterXML/jackson-databind 远程代码执行漏洞) [Github]
March 18, 2020

Impact: Information disclosure and data manipulation

Vulnerable software:
jackson-databind
Universal components / Libraries / Libraries used by multiple products

Vendor: FasterXML