High severityNVD Advisory· Published Oct 10, 2020· Updated Aug 4, 2024
CVE-2020-26945
CVE-2020-26945
Description
MyBatis before 3.5.6 mishandles deserialization of object streams.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.mybatis:mybatisMaven | < 3.5.6 | 3.5.6 |
Affected products
3- MyBatis/MyBatisdescription
- ghsa-coords2 versions
< 3.5.6+ 1 more
- (no CPE)range: < 3.5.6
- (no CPE)range: < 3.5.6-1.6
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-qq48-m4jx-xqh8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-26945ghsaADVISORY
- github.com/mybatis/mybatis-3/compare/mybatis-3.5.5...mybatis-3.5.6mitrex_refsource_MISC
- github.com/mybatis/mybatis-3/pull/2079ghsax_refsource_MISCWEB
- github.com/mybatis/mybatis-3/releases/tag/mybatis-3.5.6ghsaWEB
News mentions
0No linked articles in our index yet.