3 matches found
SUSE CVE-2019-14892
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...
CVE-2019-14892
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...
PT-2019-5806 · Apache +2 · Commons-Configuration +2
Name of the Vulnerable Software and Affected Versions: jackson-databind versions prior to 2.9.10 jackson-databind versions prior to 2.8.11.5 jackson-databind versions prior to 2.6.7.3 Description: The issue is related to the restoration of untrusted data in memory, which can allow a remote attack...