CVE-2020-35490

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource...

CVE-2020-35491

CVE-2020-35491 affects FasterXML jackson-databind 2.x prior to 2.9.10.8, tied to deserialization gadget typing interactions via org.apache.commons.dbcp2.datasources.SharedPoolDataSource. Connected docs corroborate an extensive Jackson deserialization issue set with high impact, but the provided m...

CVE-2020-35491

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource...

CVE-2020-35491

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource...

jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

jackson-databind: Serialization gadgets in commons-jelly:commons-jelly

A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

jackson-databind: Serialization gadgets in org.springframework:spring-aop

A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

FasterXML jackson-databind code issue vulnerability

FasterXML jackson-databind is a JAVA-based library that can convert data formats such as XML and JSON to JAVA objects. jackson-databind can easily convert Java objects to json objects and xml documents, and likewise convert json, xml to Java objects. A code issue vulnerability exists in versions...

PT-2020-6950 · Fasterxml +3 · Jackson-Databind +3

Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions 2.x before 2.9.10.8 Description: The issue is related to the interaction between serialization gadgets and typing, which can lead to the exploitation of the vulnerability. This may allow a remote attacker t...

Medium: java-1.8.0-openjdk

Issue Overview: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with networ...

CVE-2020-26258

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

CVE-2020-26259

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...

CVE-2020-26259

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...

CVE-2020-26258

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

CVE-2020-26259

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executin...

CVE-2020-26258

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

Server side request forgery (ssrf)

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

CVE-2020-26258 Server-Side Forgery Request can be activated unmarshalling with XStream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...