## 漏洞关键信息 - **漏洞类型**: CVE - **CVE编号**: - CVE-2020-35490 - CVE-2020-35491 - **受影响的类**: - `org.apache.commons:commons-dbcp2` - **报告人**: Al1ex@knownsec - **修复版本**: - jackson-bom 2.9.10.8 (可通过 jackson-bom 版本 2.9.10.20210106 使用) - 2.6.7.5 - 2.10.0 及之后版本 (详情见 https://medium.com/@cowtowncoder/jackson-2-10-safe-default-typing-2d018f0ce2ba) - **相关链接**: - 问题描述: https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 - **时间线**: - 创建日期: 2020-12-15 - 关闭日期: 2020-12-16 - **状态**: 已关闭 - **Reference in Other Issues**: - CVE-2020-35490 (High) detected in jackson-databind-2.9.10.4.jar - CVE-2020-35491 (High) detected in jackson-databind-2.9.10.4.jar - CVE-2020-35490 (High) detected in jackson-databind-2.9.4.jar - CVE-2020-35491 (High) detected in jackson-databind-2.9.4.jar - CVE-2020-35490 (High) detected in jackson-databind-2.9.10.4.jar