Lucene search
K

205 matches found

OSV
OSV
added 2020/03/13 3:15 p.m.1 views

DEBIAN-CVE-2020-1953

Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML...

10CVSS8.3AI score0.06684EPSS
Exploits0References1
Prion
Prion
added 2020/03/13 3:15 p.m.20 views

Design/Logic Flaw

Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML...

7.5CVSS9.4AI score0.06684EPSS
Exploits0References4Affected Software3
UbuntuCve
UbuntuCve
added 2020/03/13 3:15 p.m.45 views

CVE-2020-1953

Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML...

10CVSS7.2AI score0.06684EPSS
Exploits0References4
OSV
OSV
added 2020/03/13 3:15 p.m.3 views

UBUNTU-CVE-2020-1953

Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML...

10CVSS7.3AI score0.06684EPSS
Exploits0References5
CVE
CVE
added 2020/03/13 2:58 p.m.226 views

CVE-2020-1953

CVE-2020-1953 affects Apache Commons Configuration, where the YAML parser’s default behavior can instantiate arbitrary classes, enabling remote code execution if a crafted YAML file is loaded from an untrusted source. The vulnerability has been described across multiple sources, including IBM adv...

10CVSS9.3AI score0.06684EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2020/03/13 2:58 p.m.23 views

CVE-2020-1953

Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML...

9.5AI score0.06684EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2020/03/13 2:58 p.m.24 views

CVE-2020-1953

Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML...

10CVSS8.7AI score0.06684EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2020/03/05 1:12 p.m.4 views

jackson-databind: Serialization gadgets in classes of the commons-configuration package

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.7AI score0.0544EPSS
Exploits0References4
NVD
NVD
added 2020/03/02 5:15 p.m.23 views

CVE-2019-14892

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS8.7AI score0.0544EPSS
Exploits0References6
OSV
OSV
added 2020/03/02 5:15 p.m.2 views

DEBIAN-CVE-2019-14892

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS8.2AI score0.0544EPSS
Exploits0References1
OSV
OSV
added 2020/03/02 5:15 p.m.27 views

CVE-2019-14892

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.1AI score0.0544EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2020/03/02 5:15 p.m.30 views

CVE-2019-14892

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.3AI score0.0544EPSS
Exploits0References4
Prion
Prion
added 2020/03/02 5:15 p.m.28 views

Deserialization of untrusted data

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

7.5CVSS8.6AI score0.0544EPSS
Exploits0References6Affected Software8
OSV
OSV
added 2020/03/02 5:15 p.m.4 views

UBUNTU-CVE-2019-14892

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.4AI score0.0544EPSS
Exploits0References5
CVE
CVE
added 2020/03/02 4:28 p.m.240 views

CVE-2019-14892

CVE-2019-14892 — In jackson-databind, polymorphic deserialization can be exploited via JNDI gadgets (commons-configuration 1/2) to achieve remote code execution. Affected: jackson-databind versions before 2.9.10, 2.8.11.5, and 2.6.7.3. Remediation: upgrade to a fixed jackson-databind release (e.g...

9.8CVSS9.4AI score0.0544EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2020/03/02 4:28 p.m.19 views

CVE-2019-14892

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

7.5CVSS9.6AI score0.0544EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2020/03/02 4:28 p.m.33 views

CVE-2019-14892

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS8.5AI score0.0544EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2020/02/06 8:34 a.m.3 views

jackson-databind: Serialization gadgets in classes of the commons-configuration package

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.7AI score0.0544EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/01/21 3:47 a.m.4 views

jackson-databind: Serialization gadgets in classes of the commons-configuration package

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.7AI score0.0544EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/01/21 3:22 a.m.3 views

jackson-databind: Serialization gadgets in classes of the commons-configuration package

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.7AI score0.0544EPSS
Exploits0References4
Rows per page
Query Builder