From bf46ec885b33473077c15e4b46d0ae29c66c1c47 Mon Sep 17 00:00:00 2001 From: Marian Koncek Date: Tue, 14 Apr 2020 15:17:34 +0200 Subject: [PATCH] CVE-2020-10969, CVE-2020-11113, CVE-2020-10968, CVE-2020-11111, CVE-2020-11112 --- .../jsontype/impl/SubTypeValidator.java | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java index 907adcd..789be7b 100644 --- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java +++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java @@ -86,6 +86,27 @@ public class SubTypeValidator s.add("org.apache.log4j.receivers.db.DriverManagerConnectionSource"); s.add("org.apache.log4j.receivers.db.JNDIConnectionSource"); + // CVE-2020-10969 + // [databind#2642]: javax.swing (jdk) + s.add("javax.swing.JEditorPane"); + + // CVE-2020-11113 + // [databind#2670] + s.add("org.apache.openjpa.ee.WASRegistryManagedRuntime"); + + // CVE-2020-10968 + // [databind#2662]: aoju/bus-proxy + s.add("org.aoju.bus.proxy.provider.RmiProvider"); + s.add("org.aoju.bus.proxy.provider.remoting.RmiProvider"); + + // CVE-2020-11111 + // [databind#2664]: activemq-jms + s.add("org.apache.activemq.jms.pool.XaPooledConnectionFactory"); + + // CVE-2020-11112 + // [databind#2666]: apache/commons-jms + s.add("org.apache.commons.proxy.provider.remoting.RmiProvider"); + DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s); } -- 2.25.2