Another 2 gadget type reported regarding a classes of ibatis-sqlmap
and Anteros-Core
packages.
See https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 for description of the general problem.
Mitre id: CVE-2020-9547, CVE-2020-9548
Reporters: threedr3am & V1ZkRA
Fix will be included in:
- 2.9.10.4
- 2.8.11.6 (
jackson-bom
version 2.8.11.20200310
)
- 2.7.9.7
- Does not affect 2.10.0 and later