3 matches found
jackson-databind: Lacks certain xbean-reflect/JNDI blocking
A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A "gadget" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabili...
jackson-databind: Lacks certain xbean-reflect/JNDI blocking
A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A "gadget" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabili...
PT-2019-5300
Name of the Vulnerable Software and Affected Versions FasterXML jackson-databind versions 2.0.0 through 2.9.10.1 FasterXML jackson-databind versions 2.6.0 through 2.6.7.3 FasterXML jackson-databind versions 2.7.0 through 2.7.9.6 FasterXML jackson-databind versions 2.8.0 through 2.8.11.4 Descripti...