CVE-2020-25649

CVE-2020-25649

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

Published Oct 16, 2020

Issue #2589

CVSS ScoreHigh

7.5

Vulnerabilities

CVE-2020-25649

Published Oct 16, 2020

Issue #2589

CVSS ScoreHigh

7.5

CVE-2020-25649 Security Details

CVE ID: CVE-2020-25649
CWE: CWE-611
CVE Description: A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
Published: Oct 16, 2020
CVSS Score & Severity: 7.5High
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score: 0.018%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Affected Ecosystems: affected
Source: National Vulnerability Database
References: GitHub · Issue #2589PROJECT

CVE-2020-25649 Security Details

CVE ID: CVE-2020-25649
CWE: CWE-611
CVE Description: A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
Published: Oct 16, 2020
CVSS Score & Severity: 7.5High
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score: 0.018%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Affected Ecosystems: affected
Source: National Vulnerability Database
References: GitHub · Issue #2589PROJECT

Find vulnerabilities. Fix fast with AI.

CVE-2020-25649

CVE-2020-25649 Security Details

CVE-2020-25649 Security Details