CVE-2020-11113 PoC — FasterXML jackson-databind代码问题漏洞

Source

https://github.com/Al1ex/CVE-2020-11113

Associated Vulnerability

Title:FasterXML jackson-databind代码问题漏洞 (CVE-2020-11113)
Description:FasterXML jackson-databind是一个基于JAVA可以将XML和JSON等数据格式与JAVA对象进行转换的库。Jackson可以轻松的将Java对象转换成json对象和xml文档，同样也可以将json、xml转换成Java对象。 FasterXML jackson-databind 2.9.10.4之前的2.x 版本中存在代码问题漏洞。目前尚无此漏洞的相关信息，请随时关注CNNVD或厂商公告。

Description

CVE-2020-11113:Jackson-databind RCE

Readme

# CVE-2020-11113
CVE-2020-11113:Jackson-databind RCE

File Snapshot


 [4.0K]  /data/pocs/b43f0e5151c2b82e8e724bd21b2dd75687f65db7
├── [  81]  JacksonTest.iml
├── [3.5K]  pom.xml
├── [  53]  README.md
├── [4.0K]  src
│   ├── [4.0K]  main
│   │   └── [4.0K]  java
│   │       └── [4.0K]  com
│   │           └── [4.0K]  jacksonTest
│   │               ├── [ 191]  App.java
│   │               └── [ 615]  Poc.java
│   └── [4.0K]  test
│       └── [4.0K]  java
│           └── [4.0K]  com
│               └── [4.0K]  jacksonTest
│                   └── [ 307]  AppTest.java
└── [4.0K]  target
    ├── [4.0K]  classes
    │   └── [4.0K]  com
    │       └── [4.0K]  jacksonTest
    │           ├── [ 545]  App.class
    │           └── [1.1K]  Poc.class
    └── [4.0K]  test-classes
        └── [4.0K]  com
            └── [4.0K]  jacksonTest
                └── [ 477]  AppTest.class

16 directories, 9 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!