rpms / rh-maven35-jackson-databind

Clone
Source Code
GIT

Files

  1.   4902d30cfe83d280f7d6a823501523387ab923f5
  2.   SOURCES
  3.   CVE-2020-24750.patch
Blob Blame History Raw 
From 92b8edd6c417c3821da2ecf267ed0f2295533076 Mon Sep 17 00:00:00 2001
From: Marian Koncek <mkoncek@redhat.com>
Date: Fri, 25 Sep 2020 13:20:31 +0200
Subject: [PATCH] CVE-2020-24750

---
 .../jackson/databind/jsontype/impl/SubTypeValidator.java      | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
index 709a947..f44b2d3 100644
--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
@@ -114,6 +114,10 @@ public class SubTypeValidator
         // [databind#2682]: commons-jelly
         s.add("org.apache.commons.jelly.impl.Embedded");
 
+        // CVE-2020-24750
+        // [databind#2798]: com.pastdev.httpcomponents:
+        s.add("com.pastdev.httpcomponents.configuration.JndiConfiguration");
+
         DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
     }
 
-- 
2.26.2

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation