Lucene search
K

396 matches found

NVD
NVD
added 2020/03/02 9:15 p.m.21 views

CVE-2019-14893

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

9.8CVSS8.8AI score0.03958EPSS
Exploits0References8
OSV
OSV
added 2020/03/02 9:15 p.m.3 views

DEBIAN-CVE-2019-14893

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

9.8CVSS8AI score0.03958EPSS
Exploits0References1
OSV
OSV
added 2020/03/02 9:15 p.m.25 views

CVE-2019-14893

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

9.8CVSS7.2AI score0.03958EPSS
Exploits0References8
Prion
Prion
added 2020/03/02 9:15 p.m.23 views

Deserialization of untrusted data

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

7.5CVSS8.7AI score0.03958EPSS
Exploits0References8Affected Software2
OSV
OSV
added 2020/03/02 9:15 p.m.3 views

UBUNTU-CVE-2019-14893

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

9.8CVSS7.2AI score0.03958EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2020/03/02 9:15 p.m.35 views

CVE-2019-14893

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

9.8CVSS7.2AI score0.03958EPSS
Exploits0References3
CVE
CVE
added 2020/03/02 8:11 p.m.386 views

CVE-2019-14893

CVE-2019-14893 affects FasterXML jackson-databind up to versions before 2.9.10 and 2.10.0, enabling unsafe polymorphic deserialization via enableDefaultTyping or JsonTypeInfo Id.CLASS/Id.MINIMAL_CLASS, potentially leading to remote code execution when deserializing from unsafe sources. Root cause...

9.8CVSS9.5AI score0.03958EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2020/03/02 8:11 p.m.26 views

CVE-2019-14893

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

7.5CVSS9.6AI score0.03958EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2020/03/02 8:11 p.m.40 views

CVE-2019-14893

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

9.8CVSS9.2AI score0.03958EPSS
Exploits0
NVD
NVD
added 2020/03/02 5:15 p.m.24 views

CVE-2019-14892

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS8.7AI score0.0544EPSS
Exploits0References6
OSV
OSV
added 2020/03/02 5:15 p.m.28 views

CVE-2019-14892

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.1AI score0.0544EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2020/03/02 5:15 p.m.30 views

CVE-2019-14892

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.3AI score0.0544EPSS
Exploits0References4
OSV
OSV
added 2020/03/02 5:15 p.m.6 views

UBUNTU-CVE-2019-14892

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.4AI score0.0544EPSS
Exploits0References5
Prion
Prion
added 2020/03/02 5:15 p.m.29 views

Deserialization of untrusted data

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

7.5CVSS8.6AI score0.0544EPSS
Exploits0References6Affected Software8
Cvelist
Cvelist
added 2020/03/02 4:28 p.m.20 views

CVE-2019-14892

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

7.5CVSS9.6AI score0.0544EPSS
Exploits0References6
CVE
CVE
added 2020/03/02 4:28 p.m.248 views

CVE-2019-14892

CVE-2019-14892 — In jackson-databind, polymorphic deserialization can be exploited via JNDI gadgets (commons-configuration 1/2) to achieve remote code execution. Affected: jackson-databind versions before 2.9.10, 2.8.11.5, and 2.6.7.3. Remediation: upgrade to a fixed jackson-databind release (e.g...

9.8CVSS9.4AI score0.0544EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2020/03/02 4:28 p.m.33 views

CVE-2019-14892

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS8.5AI score0.0544EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2020/03/02 12:0 a.m.9 views

PT-2020-4105

Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions prior to 2.9.10 and 2.10.0 Description: A flaw in FasterXML jackson-databind allows polymorphic deserialization of malicious objects using the xalan JNDI gadget when used with polymorphic type handling...

10CVSS7.1AI score0.03958EPSS
Exploits0References24
RedHat Linux
RedHat Linux
added 2020/02/06 8:34 a.m.4 views

jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7.4AI score0.05329EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/02/06 8:34 a.m.4 views

jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the commons-dbcp gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7.4AI score0.05681EPSS
Exploits0References4
Rows per page
Query Builder