From 92b8edd6c417c3821da2ecf267ed0f2295533076 Mon Sep 17 00:00:00 2001
From: Marian Koncek <mkoncek@redhat.com>
Date: Fri, 25 Sep 2020 13:20:31 +0200
Subject: [PATCH] CVE-2020-24750
---
.../jackson/databind/jsontype/impl/SubTypeValidator.java | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
index 709a947..f44b2d3 100644
--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
@@ -114,6 +114,10 @@ public class SubTypeValidator
// [databind#2682]: commons-jelly
s.add("org.apache.commons.jelly.impl.Embedded");
+ // CVE-2020-24750
+ // [databind#2798]: com.pastdev.httpcomponents:
+ s.add("com.pastdev.httpcomponents.configuration.JndiConfiguration");
+
DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
}
--
2.26.2