Lucene search
+L

4 matches found

vulnersOsv
vulnersOsv
added 2022/05/24 5:20 p.m.4 views

ca.uhn.hapi.fhir:hapi-fhir-cli-api (=5.1.0), ca.uhn.hapi.fhir:hapi-fhir-cli-jpaserver (=5.1.0) +152 more potentially affected by CVE-2020-5411 via org.springframework.batch:spring-batch-core (>=4.0.0.RELEASE <=4.2.2.RELEASE)

org.springframework.batch:spring-batch-core MAVEN version =4.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =4.2.0, =4.2.0, =3.0.0, =2020.08.001 and more Source cves: CVE-2020-5411 Source advisory: OSV:GHSA-4PH4-Q9R5-6WM6...

8.1CVSS7.2AI score0.01856EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2020/07/31 7:43 p.m.44 views

CVE-2020-5411

When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing enabled which means...

6.8CVSS3AI score0.01856EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/06/11 5:0 p.m.54 views

CVE-2020-5411 Jackson Configuration Allows Code Execution with Unknown "Serialization Gadgets"

When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing enabled which means...

8.3AI score0.01856EPSS
Exploits0References1
CVE
CVE
added 2020/06/11 5:0 p.m.80 views

CVE-2020-5411

CVE-2020-5411 affects VMware Spring Batch (and IBM DRM aggregations) where Jackson default typing enables deserialization of untrusted data, potentially allowing arbitrary code execution if a malicious actor can write to the JobRepository data store. Connected advisories confirm the root cause: u...

8.1CVSS8.2AI score0.01856EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder