85 matches found
Security Bulletin: Multiple Vulnerabilities of Jackson-Mapper-asl have affected APM Linux KVM Agent
Summary APM Linux KVM Agent is vulnerable to Jackson-mapper-asl vulnerabilities described in CVE-2019-10202 and CVE-2019-10172. The fix includes jackson-mapper-asl-1.9.13.jar upgraded to jackson-databind-2.14.0.jar Vulnerability Details CVEID:CVE-2019-10202 DESCRIPTION: Red Hat JBoss Enterprise...
codehaus-plexus: XML External Entity (XXE) Injection
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtilwriteComment fails to sanitize comments for a -- sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection...
codehaus-plexus: Directory Traversal
A flaw was found in codeplex-codehaus. A directory traversal attack also known as path traversal aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash ../" sequences and their variations or by using absolute file paths, it may be possib...
K39573629: jackson-mapper-asl vulnerability CVE-2019-10172
Security Advisory Description A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes. CVE-2019-10172 Impact There is no impact; F5 products a...
SUSE CVE-2022-4244
A flaw was found in codeplex-codehaus. A directory traversal attack also known as path traversal aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash ../" sequences and their variations or by using absolute file paths, it may be possib...
SUSE CVE-2022-4245
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtilwriteComment fails to sanitize comments for a -- sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection...
CVE-2022-4245
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtilwriteComment fails to sanitize comments for a -- sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection...
CVE-2022-4244
A flaw was found in codeplex-codehaus. A directory traversal attack also known as path traversal aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash ../" sequences and their variations or by using absolute file paths, it may be possib...
codehaus-plexus 代码问题漏洞
codehaus-plexus is codehaus-plexus open source a collection of various utility classes . It can easily handle strings, files, command lines, XML, and more. codehaus-plexus has a security vulnerability that stems from XML External Entity XXE injection...
codehaus-plexus 路径遍历漏洞
codehaus-plexus is codehaus-plexus open source a collection of various utility classes . It can easily handle strings, files, command line, XML, etc. A path traversal vulnerability exists in codehaus-plexus that stems from directory traversal...
PT-2022-7267 · Atlassian · Bamboo Server +1
Name of the Vulnerable Software and Affected Versions: codeplex-codehaus affected versions not specified Bamboo Data Center and Server versions 9.2.1 through 9.2.7 Description: A flaw was found in codeplex-codehaus, allowing a directory traversal attack to access files and directories stored...
GHSA-C27H-MCMW-48HV Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist...
Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist...
Deserialization of Untrusted Data in Groovy
When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized...
PT-2022-7272 · Unknown · Codehaus-Plexus
Name of the Vulnerable Software and Affected Versions: codehaus-plexus affected versions not specified Description: A flaw was found in codehaus-plexus, where the org.codehaus.plexus.util.xml.XmlWriterUtilwriteComment function fails to sanitize comments for a -- sequence. This issue means that te...
codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist...
Improper Restriction of XML External Entity Reference in jackson-mapper-asl
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar to CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes...
CVE-2019-10172
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes...
CVE-2019-10172
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes...
Xxe
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes...