PT-2021-3164 · Qos.Ch +3 · Logback +3

Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions 2.x before 2.9.10.8 FasterXML jackson-databind versions 2.6.x before 2.6.7.5 Description: The issue is related to the interaction between serialization gadgets and typing, specifically with the...

PT-2021-3159 · Fasterxml +3 · Jackson-Databind +3

Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions 2.x before 2.9.10.8 Description: The issue is related to the interaction between serialization gadgets and typing, specifically with the org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource...

CVE-2019-7725

includes/core/isuser.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk...

Code injection

includes/core/isuser.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk...

CVE-2019-7725

includes/core/isuser.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk...

CVE-2019-7725

The CVE refers to NukeViet before 4.3.04, where includes/core/is_user.php deserializes the untrusted nvloginhash cookie, relying on PHP serialization instead of JSON. This constitutes a deserialization vulnerability that can lead to remote impact, with CVSS metrics indicating high severity (NVD: ...

PT-2020-6448 · Pypi +1 · Flask-Caching +1

Name of the Vulnerable Software and Affected Versions: Flask-Caching versions through 1.10.1 Description: The Flask-Caching extension relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage, they can...

CVE-2020-35728

A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions are needed for an exploit, w...

struct2json buffer overflow vulnerability

struct2json is an open source C structure and JSON fast intertransfer library , you can quickly achieve structure objects and JSON objects between serialization and deserialization requirements. A buffer overflow vulnerability exists in versions of struct2json prior to 2020-11-18. Currently there...

CVE-2020-35728

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl...

CVE-2020-35728

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl...

DEBIAN-CVE-2020-35728

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl...

Code injection

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl...

UBUNTU-CVE-2020-35728

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl...

CVE-2020-35728

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl...

CVE-2020-35728

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl...

CVE-2020-35728

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl...

CVE-2020-35728

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl...

CVE-2020-35728

CVE-2020-35728 affects FasterXML jackson-databind 2.x prior to 2.9.10.8, where improper interaction between serialization gadgets and typing (related to embedded Xalan/JNDIConnectionPool) is described. The IBM bulletin (CVE list) confirms this vulnerability and its description, but does not provi...

FasterXML jackson-databind Code Issue Vulnerability

FasterXML jackson-databind is a JAVA based library that can convert data formats such as XML and JSON to JAVA objects. jackson-databind can easily convert Java objects to json objects and xml documents, and likewise convert json, xml to Java objects. A code issue vulnerability exists in FasterXML...