205 matches found
jackson-databind: Serialization gadgets in classes of the commons-configuration package
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...
jackson-databind: Serialization gadgets in classes of the commons-configuration package
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...
Remote Code Execution
jackson-databind is vulnerable to remote code execution. The application does not block the commons-configuration and commons-configuration2 classes during deserialization, which would allow a remote attacker to leverage the vulnerability to execute arbitrary code...
PT-2019-5806 · Apache +2 · Commons-Configuration +2
Name of the Vulnerable Software and Affected Versions: jackson-databind versions prior to 2.9.10 jackson-databind versions prior to 2.8.11.5 jackson-databind versions prior to 2.6.7.3 Description: The issue is related to the restoration of untrusted data in memory, which can allow a remote attack...
commons-configuration
| | math | | 1.2 | |...