13 matches found
Exploit for Deserialization of Untrusted Data in Sernet Verinice
CVE-2021-36981 Verinice.Pro 1.22.1 Unsafe Java deserialization...
jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...
jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...
jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...
jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...
jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...
jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...
jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...
jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...
jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...
jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...
jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...
jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...