CVE-2020-35728 : Security Advisory and Response
Learn about CVE-2020-35728 involving FasterXML jackson-databind 2.x versions. Find out the impact, affected systems, exploitation risks, and mitigation steps to secure your systems.
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool.
Understanding CVE-2020-35728
This CVE involves a vulnerability in FasterXML jackson-databind 2.x versions.
What is CVE-2020-35728?
The CVE refers to a specific issue in FasterXML jackson-databind 2.x versions that leads to mishandling serialization gadgets and typing interactions.
The Impact of CVE-2020-35728
The vulnerability can potentially be exploited to execute arbitrary code or cause a denial of service (DoS) attack.
Technical Details of CVE-2020-35728
This section provides more in-depth technical insights into the CVE.
Vulnerability Description
The vulnerability arises from the mishandling of serialization gadgets and typing interactions in FasterXML jackson-databind 2.x versions.
Affected Systems and Versions
- Product: Not applicable
- Vendor: Not applicable
- Versions affected: All versions before 2.9.10.8
Exploitation Mechanism
Attackers can exploit this vulnerability to execute arbitrary code or launch DoS attacks.
Mitigation and Prevention
Protective measures to address the CVE.
Immediate Steps to Take
- Update FasterXML jackson-databind to version 2.9.10.8 or later.
- Implement network security measures to prevent unauthorized access.
Long-Term Security Practices
- Regularly update software and libraries to the latest versions.
- Conduct security audits and penetration testing to identify vulnerabilities.
- Educate developers on secure coding practices.
Patching and Updates
Ensure timely installation of security patches and updates to mitigate the risk of exploitation.