Lucene search
K

396 matches found

RedHat Linux
RedHat Linux
added 2020/07/30 8:22 p.m.5 views

jackson-databind: lacks certain net.sf.ehcache blocking

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLA...

9.8CVSS7.3AI score0.0864EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/29 6:21 a.m.5 views

jackson-databind: lacks certain net.sf.ehcache blocking

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLA...

9.8CVSS7.3AI score0.0864EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/29 6:6 a.m.5 views

jackson-databind: lacks certain net.sf.ehcache blocking

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLA...

9.8CVSS7.3AI score0.0864EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/28 3:54 p.m.5 views

jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7AI score0.04918EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/28 3:54 p.m.3 views

jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7.4AI score0.05329EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/28 3:54 p.m.3 views

jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the commons-dbcp gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7.4AI score0.05681EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/28 3:54 p.m.3 views

jackson-databind: Serialization gadgets in classes of the xalan package

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7.4AI score0.03958EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/28 3:54 p.m.7 views

jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the p6spy gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS...

9.8CVSS7.4AI score0.04861EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/28 3:54 p.m.6 views

jackson-databind: lacks certain net.sf.ehcache blocking

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLA...

9.8CVSS7.3AI score0.0864EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/28 3:54 p.m.7 views

jackson-databind: Serialization gadgets in classes of the ehcache package

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLA...

9.8CVSS7.4AI score0.0459EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/28 3:54 p.m.4 views

jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the mysql gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS...

7.5CVSS7.4AI score0.21949EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2020/07/28 3:54 p.m.3 views

jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariConfig gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7AI score0.10676EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/07/28 3:54 p.m.3 views

jackson-databind: Serialization gadgets in classes of the commons-configuration package

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.7AI score0.0544EPSS
Exploits0References4
Veracode
Veracode
added 2020/07/16 6:42 a.m.92 views

Remote Code Execution (RCE)

system.data.common is vulnerable to remote code execution RCE. The vulnerability exists as it allows unrestricted polymorphic deserialization in DataSet without proper validation...

7.8CVSS4.4AI score0.94243EPSS
Exploits10References9Affected Software1
RedHat Linux
RedHat Linux
added 2020/06/15 4:18 p.m.7 views

jackson-databind: exfiltration/XXE in some JDK classes

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the slf4j, flex messaging, sun DRSHelper and JAX-WS gadgets when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

9.8CVSS7.4AI score0.07524EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/06/15 4:18 p.m.4 views

jackson-databind: arbitrary code execution in slf4j-ext class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.7AI score0.12679EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/06/15 4:18 p.m.5 views

jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...

10CVSS7.4AI score0.10458EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/06/15 4:18 p.m.5 views

jackson-databind: improper polymorphic deserialization in jboss-common-core class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the jboss-common-core class. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.7AI score0.10599EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/06/15 4:18 p.m.5 views

jackson-databind: improper polymorphic deserialization in axis2-transport-jms class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the axis2-transport-jms class. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.7AI score0.10599EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/06/15 4:18 p.m.3 views

jackson-databind: improper polymorphic deserialization in openjpa class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the OpenJPA class. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.7AI score0.10599EPSS
Exploits0References4
Rows per page
Query Builder