GHSA-FQWF-PJWF-7VQV jackson-databind mishandles the interaction between serialization gadgets and typing

FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef aka caucho-quercus...

GHSA-4W82-R329-3Q67 Deserialization of Untrusted Data in jackson-databind

FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter...

Deserialization of Untrusted Data in jackson-databind

FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain net.sf.ehcache blocking...

PT-2020-5463 · Fasterxml +7 · Jackson-Databind +7

Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions 2.0.0 through 2.9.10.3 FasterXML jackson-databind versions 2.6.0 through 2.6.7.3 Description: The issue is related to the interaction between serialization gadgets and typing, specifically with...