{"vulnerability": "GHSA-RPR3-CW39-3PXH", "sightings": [{"uuid": "96e981f5-ad99-4a22-b532-defe38a301e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-RPR3-CW39-3PXH", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11647", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2020-10650\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider.\n\ud83d\udccf Published: 2022-12-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-14T16:22:00.404Z\n\ud83d\udd17 References:\n1. https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062\n2. https://www.oracle.com/security-alerts/cpujan2021.html\n3. https://github.com/advisories/GHSA-rpr3-cw39-3pxh\n4. https://www.oracle.com/security-alerts/cpuoct2022.html\n5. https://github.com/FasterXML/jackson-databind/issues/2658\n6. https://github.com/FasterXML/jackson-databind/commit/a424c038ba0c0d65e579e22001dec925902ac0ef\n7. https://lists.debian.org/debian-lts-announce/2023/04/msg00032.html\n8. https://security.netapp.com/advisory/ntap-20230818-0007/", "creation_timestamp": "2025-04-14T16:53:43.000000Z"}]}