VYPR
High severityNVD Advisory· Published Dec 26, 2022· Updated Apr 14, 2025

CVE-2020-10650

CVE-2020-10650

Description

A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
com.fasterxml.jackson.core:jackson-databindMaven
< 2.9.10.42.9.10.4

Affected products

2

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.