jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

jackson-databind: Serialization gadgets in javax.swing.JEditorPane

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality...

jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

jackson-databind: Serialization gadgets in ibatis-sqlmap

A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

RUSTSEC-2020-0017 Use after free in ArcIntern::drop

ArcIntern::drop has a race condition where it can release memory which is about to get another user. The new user will get a reference to freed memory. This was fixed by serializing access to an interned object while it is being deallocated. Versions prior to 0.3.12 used stronger locking which...

CVE-2020-12390

Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox 76...

CVE-2020-12390

Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox 76...

Security feature bypass

Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox 76...

CVE-2020-12390

CVE-2020-12390 affects Firefox versions prior to 76. The root cause is incorrect origin serialization of URLs containing IPv6 addresses, which could cause security checks to be bypassed or misjudged. The vulnerability is documented in Mozilla advisory mfsa2020-16 and related bug reports, with pub...

CVE-2020-12390

Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox 76...

CVE-2020-12390

Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox 76...

CVE-2020-12390

Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox 76...

jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the commons-dbcp gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

jackson-databind: Serialization gadgets in commons-jelly:commons-jelly

A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

jackson-databind: Serialization gadgets in org.springframework:spring-aop

A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Important: Red Hat Security Advisory: rh-maven35-jackson-databind security update

An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore

In ActiveSupport, there is potentially unexpected behaviour in the MemCacheStore and RedisCacheStore where, when untrusted user input is written to the cache store using the raw: true parameter, re-reading the result from the cache can evaluate the user input as a Marshalled object instead of pla...

OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

Important: Red Hat Security Advisory: java-1.7.1-ibm security update

An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...