Article - CS375428
Security vulnerabilities reported for Jackson-databind in Windchill PDMLink
Modified: 25-Mar-2025
Applies To
- Windchill PDMLink 11.0 to 12.1
Description
- Security vulnerabilities reported for Jackson-databind in Windchill PDMLink
- Jackson-databind Remote Code Execution Vulnerability (CVE-2020-8840) Threat Alert
- Unsafe Deserialization in jackson-databind (CVE-2020-24750)
- Security vulnerabilities details:
- CVE-2020-8840 - FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
- CVE-2020-24750 - FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
This is a printer-friendly version of Article 375428 and may be out of date. For the latest version click CS375428