From bf46ec885b33473077c15e4b46d0ae29c66c1c47 Mon Sep 17 00:00:00 2001

From: Marian Koncek <mkoncek@redhat.com>

Date: Tue, 14 Apr 2020 15:17:34 +0200

Subject: [PATCH] CVE-2020-10969, CVE-2020-11113, CVE-2020-10968,

 CVE-2020-11111, CVE-2020-11112

---

 .../jsontype/impl/SubTypeValidator.java       | 21 +++++++++++++++++++

 1 file changed, 21 insertions(+)

diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java

index 907adcd..789be7b 100644

--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java

+++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java

@@ -86,6 +86,27 @@ public class SubTypeValidator

         s.add("org.apache.log4j.receivers.db.DriverManagerConnectionSource");

         s.add("org.apache.log4j.receivers.db.JNDIConnectionSource");

+        // CVE-2020-10969

+        // [databind#2642]: javax.swing (jdk)

+        s.add("javax.swing.JEditorPane");

+

+        // CVE-2020-11113

+        // [databind#2670]

+        s.add("org.apache.openjpa.ee.WASRegistryManagedRuntime");

+

+        // CVE-2020-10968

+        // [databind#2662]: aoju/bus-proxy

+        s.add("org.aoju.bus.proxy.provider.RmiProvider");

+        s.add("org.aoju.bus.proxy.provider.remoting.RmiProvider");

+

+        // CVE-2020-11111

+        // [databind#2664]: activemq-jms

+        s.add("org.apache.activemq.jms.pool.XaPooledConnectionFactory");

+

+        // CVE-2020-11112

+        // [databind#2666]: apache/commons-jms

+        s.add("org.apache.commons.proxy.provider.remoting.RmiProvider");

+

         DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);

     }

-- 

2.25.2