CVE-2020-25649 (CNNVD-202010-622)
HIGH
中文标题:
Fasterxml Jackson 代码问题漏洞
英文标题:
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured prope...
CVSS分数:
7.5
发布时间:
2020-12-03 16:16:50
漏洞类型:
代码问题
状态:
PUBLISHED
数据质量分数:
0.30
数据版本:
v3
漏洞描述
中文描述:
Fasterxml FasterXML Jackson是美国FasterXML(Fasterxml)公司的一款适用于Java的数据处理工具。 FasterXML Jackson Databind存在代码问题漏洞,攻击者可利用该漏洞可以将恶意的XML数据传输到FasterXML Jackson Databind,以读取文件、扫描站点或触发拒绝服务。
英文描述:
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
CWE类型:
CWE-611
标签:
(暂无数据)
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| fasterxml | jackson-databind | * | - | - |
cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
|
| netapp | oncommand_api_services | - | - | - |
cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*
|
| netapp | oncommand_workflow_automation | - | - | - |
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
|
| netapp | service_level_manager | - | - | - |
cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*
|
| fedoraproject | fedora | 32 | - | - |
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
|
| quarkus | quarkus | * | - | - |
cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*
|
| apache | iotdb | * | - | - |
cpe:2.3:a:apache:iotdb:*:*:*:*:*:*:*:*
|
| oracle | agile_plm | 9.3.6 | - | - |
cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
|
| oracle | agile_product_lifecycle_management_integration_pack | 3.6 | - | - |
cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:e-business_suite:*:*
|
| oracle | banking_apis | * | - | - |
cpe:2.3:a:oracle:banking_apis:*:*:*:*:*:*:*:*
|
| oracle | banking_apis | 19.1 | - | - |
cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*
|
| oracle | banking_apis | 19.2 | - | - |
cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*
|
| oracle | banking_apis | 20.1 | - | - |
cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*
|
| oracle | banking_apis | 21.1 | - | - |
cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*
|
| oracle | banking_platform | 2.6.2 | - | - |
cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
|
| oracle | banking_platform | 2.7.0 | - | - |
cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*
|
| oracle | banking_platform | 2.7.1 | - | - |
cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*
|
| oracle | banking_platform | 2.8.0 | - | - |
cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*
|
| oracle | banking_platform | 2.9.0 | - | - |
cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
|
| oracle | banking_platform | 2.10.0 | - | - |
cpe:2.3:a:oracle:banking_platform:2.10.0:*:*:*:*:*:*:*
|
| oracle | banking_treasury_management | 4.4 | - | - |
cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*
|
| oracle | blockchain_platform | * | - | - |
cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
|
| oracle | coherence | 12.2.1.4.0 | - | - |
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
| oracle | coherence | 14.1.1.0.0 | - | - |
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
| oracle | commerce_platform | * | - | - |
cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*
|
| oracle | commerce_platform | 11.2.0 | - | - |
cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*
|
| oracle | communications_billing_and_revenue_management | 7.5.0.23.0 | - | - |
cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
|
| oracle | communications_billing_and_revenue_management | 12.0.0.3.0 | - | - |
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
|
| oracle | communications_cloud_native_core_unified_data_repository | 1.4.0 | - | - |
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*
|
| oracle | communications_convergent_charging_controller | 12.0.4.0.0 | - | - |
cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*
|
| oracle | communications_evolved_communications_application_server | 7.1 | - | - |
cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
|
| oracle | communications_instant_messaging_server | 10.0.1.5.0 | - | - |
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*
|
| oracle | communications_interactive_session_recorder | 6.3 | - | - |
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*
|
| oracle | communications_interactive_session_recorder | 6.4 | - | - |
cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*
|
| oracle | communications_network_charging_and_control | 12.0.4.0.0 | - | - |
cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*
|
| oracle | communications_offline_mediation_controller | 12.0.0.3 | - | - |
cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*
|
| oracle | communications_pricing_design_center | 12.0.0.4.0 | - | - |
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*
|
| oracle | communications_services_gatekeeper | 7.0 | - | - |
cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
|
| oracle | communications_unified_inventory_management | 7.4.1 | - | - |
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
|
| oracle | goldengate_application_adapters | 19.1.0.0.0 | - | - |
cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*
|
| oracle | health_sciences_empirica_signal | 9.0 | - | - |
cpe:2.3:a:oracle:health_sciences_empirica_signal:9.0:*:*:*:*:*:*:*
|
| oracle | health_sciences_empirica_signal | 9.1 | - | - |
cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1:*:*:*:*:*:*:*
|
| oracle | insurance_policy_administration | * | - | - |
cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*
|
| oracle | insurance_policy_administration | 11.0.2 | - | - |
cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*
|
| oracle | insurance_rules_palette | * | - | - |
cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*
|
| oracle | insurance_rules_palette | 11.0.2 | - | - |
cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*
|
| oracle | jd_edwards_enterpriseone_orchestrator | * | - | - |
cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*
|
| oracle | jd_edwards_enterpriseone_tools | * | - | - |
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
|
| oracle | primavera_gateway | * | - | - |
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
|
| oracle | primavera_gateway | 20.12.0 | - | - |
cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*
|
| oracle | retail_service_backbone | 14.1.3.2 | - | - |
cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*
|
| oracle | retail_service_backbone | 15.0.3.1 | - | - |
cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*
|
| oracle | retail_service_backbone | 16.0.3 | - | - |
cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*
|
| oracle | retail_xstore_point_of_service | 16.0.6 | - | - |
cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*
|
| oracle | retail_xstore_point_of_service | 17.0.4 | - | - |
cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*
|
| oracle | retail_xstore_point_of_service | 18.0.3 | - | - |
cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*
|
| oracle | retail_xstore_point_of_service | 19.0.2 | - | - |
cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*
|
| oracle | retail_xstore_point_of_service | 20.0.1 | - | - |
cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*
|
| oracle | sd-wan_edge | 9.0 | - | - |
cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*
|
| oracle | utilities_framework | 4.3.0.5.0 | - | - |
cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*
|
| oracle | utilities_framework | 4.3.0.6.0 | - | - |
cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*
|
| oracle | utilities_framework | 4.4.0.0.0 | - | - |
cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*
|
| oracle | utilities_framework | 4.4.0.2.0 | - | - |
cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*
|
| oracle | utilities_framework | 4.4.0.3.0 | - | - |
cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*
|
| oracle | webcenter_portal | 12.2.1.3.0 | - | - |
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
| oracle | webcenter_portal | 12.2.1.4.0 | - | - |
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
| oracle | communications_messaging_server | 8.0.2 | - | - |
cpe:2.3:o:oracle:communications_messaging_server:8.0.2:*:*:*:*:*:*:*
|
| oracle | communications_messaging_server | 8.1 | - | - |
cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
[kafka-jira] 20201205 [GitHub] [kafka] sirocchj opened a new pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1
mailing-list
cve.org
访问
cve.org
[druid-commits] 20201208 [GitHub] [druid] jihoonson opened a new pull request #10655: Bump up jackson-databind to 2.10.5.1
mailing-list
cve.org
访问
cve.org
[kafka-jira] 20201209 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1
mailing-list
cve.org
访问
cve.org
[kafka-jira] 20201209 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1
mailing-list
cve.org
访问
cve.org
[kafka-jira] 20201209 [GitHub] [kafka] sirocchj edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1
mailing-list
cve.org
访问
cve.org
[kafka-jira] 20201209 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1
mailing-list
cve.org
访问
cve.org
[kafka-jira] 20201210 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1
mailing-list
cve.org
访问
cve.org
[kafka-jira] 20201210 [GitHub] [kafka] niteshmor edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1
mailing-list
cve.org
访问
cve.org
[kafka-jira] 20201210 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1
mailing-list
cve.org
访问
cve.org
[kafka-jira] 20201215 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1
mailing-list
cve.org
访问
cve.org
[kafka-users] 20201215 Re: [VOTE] 2.7.0 RC5
mailing-list
cve.org
访问
cve.org
[kafka-dev] 20201215 Re: [VOTE] 2.7.0 RC5
mailing-list
cve.org
访问
cve.org
[kafka-jira] 20201215 [GitHub] [kafka] ijuma merged pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1
mailing-list
cve.org
访问
cve.org
[kafka-jira] 20201215 [GitHub] [kafka] ijuma edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1
mailing-list
cve.org
访问
cve.org
[zookeeper-issues] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1
mailing-list
cve.org
访问
cve.org
[zookeeper-issues] 20210105 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1
mailing-list
cve.org
访问
cve.org
[zookeeper-dev] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1
mailing-list
cve.org
访问
cve.org
[kafka-dev] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3
mailing-list
cve.org
访问
cve.org
[kafka-users] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3
mailing-list
cve.org
访问
cve.org
[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1
mailing-list
cve.org
访问
cve.org
[zookeeper-notifications] 20210106 [GitHub] [zookeeper] edwin092 opened a new pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1
mailing-list
cve.org
访问
cve.org
[zookeeper-issues] 20210106 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1
mailing-list
cve.org
访问
cve.org
[zookeeper-notifications] 20210106 [GitHub] [zookeeper] asfgit closed pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1
mailing-list
cve.org
访问
cve.org
[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5.9 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1
mailing-list
cve.org
访问
cve.org
[zookeeper-commits] 20210106 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1
mailing-list
cve.org
访问
cve.org
[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1
mailing-list
cve.org
访问
cve.org
[zookeeper-notifications] 20210106 [GitHub] [zookeeper] nkalmar commented on pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1
mailing-list
cve.org
访问
cve.org
[zookeeper-commits] 20210106 [zookeeper] branch master updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1
mailing-list
cve.org
访问
cve.org
[zookeeper-issues] 20210116 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1
mailing-list
cve.org
访问
cve.org
[flink-issues] 20210121 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1
mailing-list
cve.org
访问
cve.org
[flink-issues] 20210122 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1
mailing-list
cve.org
访问
cve.org
[tomee-commits] 20210127 [jira] [Created] (TOMEE-2965) CVE-2020-25649 - Update jackson databind
mailing-list
cve.org
访问
cve.org
FEDORA-2021-1d8254899c
vendor-advisory
cve.org
访问
cve.org
[karaf-commits] 20210217 [GitHub] [karaf] svogt opened a new pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965
mailing-list
cve.org
访问
cve.org
[karaf-commits] 20210217 [GitHub] [karaf] jbonofre merged pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965
mailing-list
cve.org
访问
cve.org
[karaf-commits] 20210217 [karaf] branch master updated: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965
mailing-list
cve.org
访问
cve.org
[karaf-commits] 20210217 [GitHub] [karaf] jbonofre commented on pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965
mailing-list
cve.org
访问
cve.org
[hive-issues] 20210223 [jira] [Assigned] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649
mailing-list
cve.org
访问
cve.org
[hive-dev] 20210223 [jira] [Created] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649
mailing-list
cve.org
访问
cve.org
[hive-issues] 20210223 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649
mailing-list
cve.org
访问
cve.org
[hive-issues] 20210223 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649
mailing-list
cve.org
访问
cve.org
[hive-issues] 20210315 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649
mailing-list
cve.org
访问
cve.org
[hive-issues] 20210316 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649
mailing-list
cve.org
访问
cve.org
[turbine-commits] 20210316 svn commit: r1887732 - in /turbine/fulcrum/trunk/json: ./ jackson/ jackson/src/test/org/apache/fulcrum/json/jackson/ jackson2/ jackson2/src/test/org/apache/fulcrum/json/jackson/ jackson2/src/test/org/apache/fulcrum/json/jackson/mixins/
mailing-list
cve.org
访问
cve.org
[iotdb-notifications] 20210324 [jira] [Created] (IOTDB-1256) Jackson have loopholes CVE-2020-25649
mailing-list
cve.org
访问
cve.org
[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 opened a new pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649
mailing-list
cve.org
访问
cve.org
[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 closed pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649
mailing-list
cve.org
访问
cve.org
[iotdb-commits] 20210325 [iotdb] branch master updated: [IOTDB-1256] upgrade Jackson to 2.11.0 because of loopholes CVE-2020-25649 (#2896)
mailing-list
cve.org
访问
cve.org
[iotdb-reviews] 20210325 [GitHub] [iotdb] jixuan1989 merged pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649
mailing-list
cve.org
访问
cve.org
[hive-issues] 20210503 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649
mailing-list
cve.org
访问
cve.org
[hive-issues] 20210510 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649
mailing-list
cve.org
访问
cve.org
[hive-issues] 20210514 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649
mailing-list
cve.org
访问
cve.org
[knox-dev] 20210601 [jira] [Created] (KNOX-2614) Upgrade Jackson due to CVE-2020-25649
mailing-list
cve.org
访问
cve.org
[knox-dev] 20210601 [jira] [Updated] (KNOX-2614) Upgrade jackson-databind to 2.10.5 due to CVE-2020-25649
mailing-list
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
[spark-user] 20210621 Re: CVEs
mailing-list
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image
mailing-list
cve.org
访问
cve.org
[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image
mailing-list
cve.org
访问
cve.org
[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image
mailing-list
cve.org
访问
cve.org
[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image
mailing-list
cve.org
访问
cve.org
[hive-issues] 20211012 [jira] [Resolved] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649
mailing-list
cve.org
访问
cve.org
[hive-issues] 20211012 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649
mailing-list
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
CVSS评分详情
7.5
HIGH
CVSS向量:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS版本:
3.1
机密性
NONE
完整性
HIGH
可用性
NONE
时间信息
发布时间:
2020-12-03 16:16:50
修改时间:
2024-08-04 15:40:36
创建时间:
2025-11-11 15:36:13
更新时间:
2025-11-11 15:56:29
利用信息
暂无可利用代码信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2020-25649 |
2025-11-11 15:20:31 | 2025-11-11 07:36:13 |
| NVD | nvd_CVE-2020-25649 |
2025-11-11 14:57:06 | 2025-11-11 07:44:39 |
| CNNVD | cnnvd_CNNVD-202010-622 |
2025-11-11 15:12:08 | 2025-11-11 07:56:29 |
版本与语言
当前版本:
v3
主要语言:
EN
支持语言:
EN
ZH
安全公告
暂无安全公告信息
变更历史
v3
CNNVD
2025-11-11 15:56:29
vulnerability_type: 未提取 → 代码问题; cnnvd_id: 未提取 → CNNVD-202010-622; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 代码问题
- cnnvd_id: 未提取 -> CNNVD-202010-622
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2
NVD
2025-11-11 15:44:39
severity: SeverityLevel.MEDIUM → SeverityLevel.HIGH; cvss_score: 未提取 → 7.5; cvss_vector: NOT_EXTRACTED → CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N; cvss_version: NOT_EXTRACTED → 3.1; affected_products_count: 0 → 68; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.HIGH
- cvss_score: 未提取 -> 7.5
- cvss_vector: NOT_EXTRACTED -> CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- cvss_version: NOT_EXTRACTED -> 3.1
- affected_products_count: 0 -> 68
- data_sources: ['cve'] -> ['cve', 'nvd']