## Vulnerability Key Information - **Vulnerability Type**: CVE - **CVE IDs**: - CVE-2020-35490 - CVE-2020-35491 - **Affected Component**: - `org.apache.commons:commons-dbcp2` - **Reporter**: Al1ex@knownsec - **Fixed Versions**: - jackson-bom 2.9.10.8 (available via jackson-bom version 2.9.10.20210106) - 2.6.7.5 - 2.10.0 and later versions (details at https://medium.com/@cowtowncoder/jackson-2-10-safe-default-typing-2d018f0ce2ba) - **Related Links**: - Issue Description: https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 - **Timeline**: - Created: 2020-12-15 - Closed: 2020-12-16 - **Status**: Closed - **Reference in Other Issues**: - CVE-2020-35490 (High) detected in jackson-databind-2.9.10.4.jar - CVE-2020-35491 (High) detected in jackson-databind-2.9.10.4.jar - CVE-2020-35490 (High) detected in jackson-databind-2.9.4.jar - CVE-2020-35491 (High) detected in jackson-databind-2.9.4.jar - CVE-2020-35490 (High) detected in jackson-databind-2.9.10.4.jar