2 matches found
About Jackson frameworks exist in Java deserialization code execution vulnerability security Bulletin-vulnerability warning-the black bar safety net
Security Bulletin number: CNTA-2017-0030 Recently, the national information security vulnerabilities sharing platform CNVD)included CNVD white hat(ID: ayound)sent to the Jackson framework enableDefaultTyping method of deserialization vulnerability CNVD-2017-04483 it. An attacker could exploit the...
Jackson Framework enableDefaultTyping method deserialization vulnerability
Jackson is an open source java serialization and deserialization tools , you can serialize java objects into xml and json format strings or two kinds of files deserialized into the corresponding object . Jackson framework enableDefaultTyping method there is a Java deserialization code execution...