### Vulnerability Key Information - **Package**: jackson-databind - **Version**: 2.4.2-2+deb8u14 - **CVE IDs**: CVE-2020-10968, CVE-2020-10969, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619, CVE-2020-11620 #### Vulnerability Description - **CVE-2020-10968**: FasterXML jackson-databind 2.x versions prior to 2.9.10.4 improperly handles interactions between deserialization gadgets and types, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (i.e., bus-proxy). - **CVE-2020-10969**: FasterXML jackson-databind 2.x versions prior to 2.9.10.4 improperly handles interactions between deserialization gadgets and types, related to javax.swing.JEditorPane. - **CVE-2020-11111**: FasterXML jackson-databind 2.x versions prior to 2.9.10.4 improperly handles interactions between deserialization gadgets and types, related to activemq. - **CVE-2020-11112**: FasterXML jackson-databind 2.x versions prior to 2.9.10.4 improperly handles interactions between deserialization gadgets and types, related to org.apache.commons.proxy.provider.remoting.RmiProvider. - **CVE-2020-11113**: FasterXML jackson-databind 2.x versions prior to 2.9.10.4 improperly handles interactions between deserialization gadgets and types, related to org.apache.openjpa.ee.WASRegistryManagedRuntime. - **CVE-2020-11619**: FasterXML jackson-databind 2.x versions prior to 2.9.10.4 improperly handles interactions between deserialization gadgets and types, related to org.springframework.aop.config.MethodLocatingFactoryBean. - **CVE-2020-11620**: FasterXML jackson-databind 2.x versions prior to 2.9.10.4 improperly handles interactions between deserialization gadgets and types, related to org.apache.commons.jelly.impl.Embedded. #### Fix Information - **Debian 8 "Jessie"**: These issues have been fixed in version 2.4.2-2+deb8u14.