4 matches found
ca.uhn.hapi.fhir:hapi-fhir-cli-api (=5.1.0), ca.uhn.hapi.fhir:hapi-fhir-cli-jpaserver (=5.1.0) +152 more potentially affected by CVE-2020-5411 via org.springframework.batch:spring-batch-core (>=4.0.0.RELEASE <=4.2.2.RELEASE)
org.springframework.batch:spring-batch-core MAVEN version =4.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =4.2.0, =4.2.0, =3.0.0, =2020.08.001 and more Source cves: CVE-2020-5411 Source advisory: OSV:GHSA-4PH4-Q9R5-6WM6...
CVE-2020-5411
When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing enabled which means...
CVE-2020-5411 Jackson Configuration Allows Code Execution with Unknown "Serialization Gadgets"
When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing enabled which means...
CVE-2020-5411
CVE-2020-5411 affects VMware Spring Batch (and IBM DRM aggregations) where Jackson default typing enables deserialization of untrusted data, potentially allowing arbitrary code execution if a malicious actor can write to the JobRepository data store. Connected advisories confirm the root cause: u...