Lucene search
K

891 matches found

Cvelist
Cvelist
added 2018/01/22 4:0 a.m.37 views

CVE-2018-5968

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist...

9.8AI score0.06962EPSS
Exploits0References12
Debian CVE
Debian CVE
added 2018/01/22 4:0 a.m.69 views

CVE-2018-5968

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist...

8.1CVSS9.1AI score0.06962EPSS
Exploits0
NVD
NVD
added 2018/01/10 6:29 p.m.34 views

CVE-2017-17485

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...

9.8CVSS9.5AI score0.49727EPSS
Exploits1References24
OSV
OSV
added 2018/01/10 6:29 p.m.33 views

CVE-2017-17485

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...

9.8CVSS10AI score
Exploits0References24
Prion
Prion
added 2018/01/10 6:29 p.m.35 views

Design/Logic Flaw

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...

7.5CVSS9.4AI score0.49727EPSS
Exploits7References24Affected Software5
UbuntuCve
UbuntuCve
added 2018/01/10 6:29 p.m.56 views

CVE-2017-17485

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...

9.8CVSS7.5AI score0.49727EPSS
Exploits1References2
CVE
CVE
added 2018/01/10 6:0 p.m.298 views

CVE-2017-17485

CVE-2017-17485 affects FasterXML jackson-databind: a deserialization flaw that enables unauthenticated remote code execution via readValue when the blacklist is bypassed if Spring libraries are on the classpath. The initial description specifies impact for jackson-databind up to 2.8.10 and 2.9.x ...

9.8CVSS9.5AI score0.49727EPSS
Exploits1References24Affected Software1
Cvelist
Cvelist
added 2018/01/10 6:0 p.m.49 views

CVE-2017-17485

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...

9.6AI score0.49727EPSS
Exploits1References24
Debian CVE
Debian CVE
added 2018/01/10 6:0 p.m.69 views

CVE-2017-17485

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...

9.8CVSS9AI score0.49727EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2017/11/01 12:0 a.m.14 views

PT-2020-6701

Name of the Vulnerable Software and Affected Versions FasterXML Jackson Databind affected versions not specified Description A flaw in FasterXML Jackson Databind allows vulnerability to XML external entity XXE attacks due to improper entity expansion security. The highest threat from this issue i...

7.8CVSS6.8AI score0.17611EPSS
Exploits0References221
CNVD
CNVD
added 2017/08/01 12:0 a.m.4 views

FasterXML Jackson-databind Remote Code Execution Vulnerability

FasterXML Jackson is a U.S. FasterXML company for Java data processing tools . Jackson-databind is one of the components with data binding capabilities . A remote code execution vulnerability exists in FasterXML Jackson-databind. An attacker could exploit this vulnerability to execute arbitrary...

9.8CVSS8.5AI score0.37925EPSS
Exploits7References1
Rows per page
Query Builder