High severity8.8NVD Advisory· Published Mar 18, 2020· Updated Jun 17, 2026
CVE-2020-10673
CVE-2020-10673
Description
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.fasterxml.jackson.core:jackson-databindMaven | >= 2.7.0, < 2.9.10.4 | 2.9.10.4 |
com.fasterxml.jackson.core:jackson-databindMaven | >= 2.0.0, < 2.6.7.4 | 2.6.7.4 |
Affected products
2- FasterXML/jackson-databinddescription
Patches
Vulnerability mechanics
References
13- www.oracle.com/security-alerts/cpujan2021.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/security-alerts/cpujul2020.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/security-alerts/cpuoct2020.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/security-alerts/cpuoct2021.htmlnvdPatchThird Party AdvisoryWEB
- github.com/FasterXML/jackson-databind/issues/2660nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-fqwf-pjwf-7vqvghsaADVISORY
- lists.debian.org/debian-lts-announce/2020/03/msg00027.htmlnvdMailing ListThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2020-10673ghsaADVISORY
- security.netapp.com/advisory/ntap-20200403-0002/nvdThird Party Advisory
- github.com/FasterXML/jackson-databind/commit/1645efbd392989cf015f459a91c999e59c921b15ghsaWEB
- medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062nvdWEB
- medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062ghsaWEB
- security.netapp.com/advisory/ntap-20200403-0002ghsaWEB
News mentions
0No linked articles in our index yet.