CVE-2021-20190

CVE-2021-20190

Vendor N/A
Product jackson-databind
Weakness CWE-502 · Unsafe deserialization
Published January 19, 2021
Last update August 27, 2025

CVSS base score

What the vulnerability does

01Description

A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Key dates

02Disclosure timeline

January 19, 2021 CVE published
August 27, 2025 Record updated