Lucene search
K

396 matches found

Debian CVE
Debian CVE
added 2019/01/02 6:0 p.m.34 views

CVE-2018-14718

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization...

9.8CVSS9.4AI score0.12679EPSS
Exploits0
Debian CVE
Debian CVE
added 2019/01/02 6:0 p.m.32 views

CVE-2018-19360

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization...

9.8CVSS10AI score0.10599EPSS
Exploits0
Debian CVE
Debian CVE
added 2019/01/02 6:0 p.m.34 views

CVE-2018-19361

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization...

9.8CVSS10AI score0.10599EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2019/01/02 12:0 a.m.8 views

PT-2019-1735

Name of the Vulnerable Software and Affected Versions FasterXML jackson-databind versions 2.x before 2.9.7 FasterXML jackson-databind version 2.8.11.3 and earlier FasterXML jackson-databind version 2.7.9.5 and earlier FasterXML jackson-databind version 2.6.7.3 and earlier Description The issue is...

10CVSS7.1AI score0.12679EPSS
Exploits0References116
RedHat Linux
RedHat Linux
added 2018/10/17 7:28 p.m.7 views

jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...

9.8CVSS7.3AI score0.37925EPSS
Exploits7References5
RedHat Linux
RedHat Linux
added 2018/10/17 1:3 p.m.4 views

jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...

9.8CVSS7.3AI score0.37925EPSS
Exploits7References5
Veracode
Veracode
added 2018/09/06 2:20 a.m.8 views

Remote Code Execution Via JSON Deserialization

jodd-json is vulnerable to remote code execution via JSON deserialization. The JSON parser supports polymorphic deserialization when setClassMetadataName is set, which allows an attacker to execute arbitrary code using a crafted JSON request...

8.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2018/08/17 12:0 a.m.9 views

PT-2018-2765

Name of the Vulnerable Software and Affected Versions FasterXML jackson-databind versions 2.0.0 through 2.9.6 FasterXML jackson-databind versions 2.8.0 through 2.8.11.2 FasterXML jackson-databind versions 2.7.0 through 2.7.9.4 Description The issue is caused by the lack of protection of the...

10CVSS7.1AI score0.09682EPSS
Exploits0References106
RedHat Linux
RedHat Linux
added 2018/06/28 7:27 a.m.4 views

jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...

9.8CVSS7.3AI score0.37925EPSS
Exploits7References5
RedHat Linux
RedHat Linux
added 2018/06/27 3:3 p.m.6 views

jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...

9.8CVSS7.3AI score0.37925EPSS
Exploits7References5
RedHat Linux
RedHat Linux
added 2018/06/27 3:3 p.m.7 views

jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...

9.8CVSS7.3AI score0.37925EPSS
Exploits7References5
RedHat Linux
RedHat Linux
added 2018/06/27 2:35 p.m.4 views

jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...

9.8CVSS7.3AI score0.37925EPSS
Exploits7References5
RedHat Linux
RedHat Linux
added 2018/05/14 8:51 p.m.5 views

jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...

9.8CVSS7.3AI score0.37925EPSS
Exploits7References5
RedHat Linux
RedHat Linux
added 2018/05/14 8:36 p.m.10 views

jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...

9.8CVSS7.3AI score0.37925EPSS
Exploits7References5
RedHat Linux
RedHat Linux
added 2018/05/14 8:36 p.m.3 views

jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...

9.8CVSS7.3AI score0.37925EPSS
Exploits7References5
RedHat Linux
RedHat Linux
added 2018/05/14 8:15 p.m.3 views

jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...

9.8CVSS7.3AI score0.37925EPSS
Exploits7References5
Rows per page
Query Builder