CVE-2020-35728

Published: Dic 27, 2020 Last Modified: Ago 27, 2025
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 8,1
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
MEDIUM 6,8
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial

Description

AI Translation Available

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,4232
Percentile
1,0th
Updated

EPSS Score Trend (Last 91 Days)

502

Deserialization of Untrusted Data

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Availability Other
Potential Impacts:
Modify Application Data Unexpected State Dos: Resource Consumption (Cpu) Varies By Context
Applicable Platforms
Languages: Java, JavaScript, PHP, Python, Ruby
Technologies: AI/ML, ICS/OT, Not Technology-Specific
Likelihood of Exploit: Medium
View CWE Details
Application

Communications Services Gatekeeper by Oracle

Product Information
Vendor Oracle
Product Communications Services Gatekeeper
Version 7.0
cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Retail Xstore Point Of Service by Oracle

Product Information
Vendor Oracle
Product Retail Xstore Point Of Service
Version 19.0.2
cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Primavera Unifier by Oracle

Product Information
Vendor Oracle
Product Primavera Unifier
Version Range Affected
From 17.7 (inclusive)
To 17.12 (inclusive)
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Banking Corporate Lending Process Management by Oracle

Product Information
Vendor Oracle
Product Banking Corporate Lending Process Management
Version 14.3
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Insurance Policy Administration by Oracle

Product Information
Vendor Oracle
Product Insurance Policy Administration
Version 11.0.2
cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Banking Virtual Account Management by Oracle

Product Information
Vendor Oracle
Product Banking Virtual Account Management
Version 14.5.0
cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Primavera Unifier by Oracle

Product Information
Vendor Oracle
Product Primavera Unifier
Version Range Affected
From 18.8 (inclusive)
To 19.12 (inclusive)
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Banking Supply Chain Finance by Oracle

Product Information
Vendor Oracle
Product Banking Supply Chain Finance
Version 14.2
cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Insurance Policy Administration by Oracle

Product Information
Vendor Oracle
Product Insurance Policy Administration
Version Range Affected
From 11.1.0 (inclusive)
To 11.3.0 (inclusive)
cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Commerce Platform by Oracle

Product Information
Vendor Oracle
Product Commerce Platform
Version 11.2.0
cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Network Charging And Control by Oracle

Product Information
Vendor Oracle
Product Communications Network Charging And Control
Version 12.0.4.0.0
cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Blockchain Platform by Oracle

Product Information
Vendor Oracle
Product Blockchain Platform
Version Range Affected
To 21.1.2 (inclusive)
cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Banking Credit Facilities Process Management by Oracle

Product Information
Vendor Oracle
Product Banking Credit Facilities Process Management
Version 14.5
cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Diameter Signaling Route by Oracle

Product Information
Vendor Oracle
Product Communications Diameter Signaling Route
Version Range Affected
From 8.0.0.0 (inclusive)
To 8.5.0.0 (inclusive)
cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Primavera Unifier by Oracle

Product Information
Vendor Oracle
Product Primavera Unifier
Version 20.12
cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Primavera Gateway by Oracle

Product Information
Vendor Oracle
Product Primavera Gateway
Version Range Affected
From 19.12.0 (inclusive)
To 19.12.10 (inclusive)
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Retail Service Backbone by Oracle

Product Information
Vendor Oracle
Product Retail Service Backbone
Version 15.0.3.1
cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Convergent Charging Controller by Oracle

Product Information
Vendor Oracle
Product Communications Convergent Charging Controller
Version 12.0.4.0.0
cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Cloud Native Core Policy by Oracle

Product Information
Vendor Oracle
Product Communications Cloud Native Core Policy
Version 1.14.0
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Banking Supply Chain Finance by Oracle

Product Information
Vendor Oracle
Product Banking Supply Chain Finance
Version 14.5
cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Retail Xstore Point Of Service by Oracle

Product Information
Vendor Oracle
Product Retail Xstore Point Of Service
Version 18.0.3
cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Retail Xstore Point Of Service by Oracle

Product Information
Vendor Oracle
Product Retail Xstore Point Of Service
Version 16.0.6
cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Primavera Gateway by Oracle

Product Information
Vendor Oracle
Product Primavera Gateway
Version 20.12.0
cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Jd Edwards Enterpriseone Tools by Oracle

Product Information
Vendor Oracle
Product Jd Edwards Enterpriseone Tools
Version Range Affected
To 9.2.5.3 (exclusive)
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Autovue by Oracle

Product Information
Vendor Oracle
Product Autovue
Version 21.0.2
cpe:2.3:a:oracle:autovue:21.0.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Element Manager by Oracle

Product Information
Vendor Oracle
Product Communications Element Manager
Version Range Affected
From 8.2.0.0 (inclusive)
To 8.2.4.0 (inclusive)
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Policy Management by Oracle

Product Information
Vendor Oracle
Product Communications Policy Management
Version 12.5.0
cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Primavera Gateway by Oracle

Product Information
Vendor Oracle
Product Primavera Gateway
Version Range Affected
From 18.8.0 (inclusive)
To 18.8.11 (inclusive)
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Banking Corporate Lending Process Management by Oracle

Product Information
Vendor Oracle
Product Banking Corporate Lending Process Management
Version 14.2
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Webcenter Portal by Oracle

Product Information
Vendor Oracle
Product Webcenter Portal
Version 12.2.1.4.0
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Insurance Rules Palette by Oracle

Product Information
Vendor Oracle
Product Insurance Rules Palette
Version Range Affected
From 11.1.0 (inclusive)
To 11.3.0 (inclusive)
cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Banking Extensibility Workbench by Oracle

Product Information
Vendor Oracle
Product Banking Extensibility Workbench
Version 14.5
cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Banking Corporate Lending Process Management by Oracle

Product Information
Vendor Oracle
Product Banking Corporate Lending Process Management
Version 14.5
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Service Level Manager by Netapp

Product Information
Vendor Netapp
Product Service Level Manager
Version -
cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Retail Service Backbone by Oracle

Product Information
Vendor Oracle
Product Retail Service Backbone
Version 16.0.3.0
cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Billing And Revenue Management by Oracle

Product Information
Vendor Oracle
Product Communications Billing And Revenue Management
Version 7.5.0.23.0
cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Banking Credit Facilities Process Management by Oracle

Product Information
Vendor Oracle
Product Banking Credit Facilities Process Management
Version 14.3
cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Primavera Gateway by Oracle

Product Information
Vendor Oracle
Product Primavera Gateway
Version Range Affected
From 17.12.0 (inclusive)
To 17.12.11 (inclusive)
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Banking Supply Chain Finance by Oracle

Product Information
Vendor Oracle
Product Banking Supply Chain Finance
Version 14.3
cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Evolved Communications Application Server by Oracle

Product Information
Vendor Oracle
Product Communications Evolved Communications Application Server
Version 7.1
cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Data Integrator by Oracle

Product Information
Vendor Oracle
Product Data Integrator
Version 12.2.1.4.0
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Jd Edwards Enterpriseone Orchestrator by Oracle

Product Information
Vendor Oracle
Product Jd Edwards Enterpriseone Orchestrator
Version Range Affected
To 9.2.5.3 (exclusive)
cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Application Testing Suite by Oracle

Product Information
Vendor Oracle
Product Application Testing Suite
Version 13.3.0.1
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Unified Inventory Management by Oracle

Product Information
Vendor Oracle
Product Communications Unified Inventory Management
Version 7.4.1
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Cloud Native Core Unified Data Repository by Oracle

Product Information
Vendor Oracle
Product Communications Cloud Native Core Unified Data Repository
Version 1.4.0
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Banking Treasury Management by Oracle

Product Information
Vendor Oracle
Product Banking Treasury Management
Version 14.4
cpe:2.3:a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Banking Extensibility Workbench by Oracle

Product Information
Vendor Oracle
Product Banking Extensibility Workbench
Version 14.3
cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Retail Customer Management And Segmentation Foundation by Oracle

Product Information
Vendor Oracle
Product Retail Customer Management And Segmentation Foundation
Version Range Affected
From 16.0 (inclusive)
To 19.0 (inclusive)
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Agile Plm by Oracle

Product Information
Vendor Oracle
Product Agile Plm
Version 9.3.6
cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Banking Extensibility Workbench by Oracle

Product Information
Vendor Oracle
Product Banking Extensibility Workbench
Version 14.2
cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Banking Virtual Account Management by Oracle

Product Information
Vendor Oracle
Product Banking Virtual Account Management
Version 14.2.0
cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Webcenter Portal by Oracle

Product Information
Vendor Oracle
Product Webcenter Portal
Version 12.2.1.3.0
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Banking Virtual Account Management by Oracle

Product Information
Vendor Oracle
Product Banking Virtual Account Management
Version 14.3.0
cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Jackson-Databind by Fasterxml

Product Information
Vendor Fasterxml
Product Jackson-Databind
Version Range Affected
From 2.9.0 (inclusive)
To 2.9.10.8 (exclusive)
cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Retail Xstore Point Of Service by Oracle

Product Information
Vendor Oracle
Product Retail Xstore Point Of Service
Version 17.0.4
cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Debian Linux by Debian

Product Information
Vendor Debian
Product Debian Linux
Version 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Billing And Revenue Management by Oracle

Product Information
Vendor Oracle
Product Communications Billing And Revenue Management
Version 12.0.0.3.0
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Retail Service Backbone by Oracle

Product Information
Vendor Oracle
Product Retail Service Backbone
Version 14.1.3.2
cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Goldengate Application Adapters by Oracle

Product Information
Vendor Oracle
Product Goldengate Application Adapters
Version 19.1.0.0.0
cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Retail Merchandising System by Oracle

Product Information
Vendor Oracle
Product Retail Merchandising System
Version 15.0.3
cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Commerce Platform by Oracle

Product Information
Vendor Oracle
Product Commerce Platform
Version Range Affected
From 11.3.0 (inclusive)
To 11.3.2 (inclusive)
cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Insurance Rules Palette by Oracle

Product Information
Vendor Oracle
Product Insurance Rules Palette
Version 11.0.2
cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Session Route Manager by Oracle

Product Information
Vendor Oracle
Product Communications Session Route Manager
Version Range Affected
From 8.2.0.0 (inclusive)
To 8.2.2.1 (inclusive)
cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Banking Credit Facilities Process Management by Oracle

Product Information
Vendor Oracle
Product Banking Credit Facilities Process Management
Version 14.2
cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Session Report Manager by Oracle

Product Information
Vendor Oracle
Product Communications Session Report Manager
Version Range Affected
From 8.0.0.0 (inclusive)
To 8.2.2.1 (inclusive)
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/FasterXML/jackson-databind/issues/2999
https://github.com/FasterXML/jackson-databind/issues/2999
https://lists.debian.org/debian-lts-announce/2021/04/msg000…
https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-pan…
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-…
https://security.netapp.com/advisory/ntap-20210129-0007/
https://security.netapp.com/advisory/ntap-20210129-0007/
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://github.com/FasterXML/jackson-databind/issues/2999
https://github.com/FasterXML/jackson-databind/issues/2999
https://lists.debian.org/debian-lts-announce/2021/04/msg000…
https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-pan…
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-…
https://security.netapp.com/advisory/ntap-20210129-0007/
https://security.netapp.com/advisory/ntap-20210129-0007/
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html