Fedora Update for jackson-annotations FEDORA-2019-fb23eccc03

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for jackson-databind FEDORA-2019-fb23eccc03

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 30 Update: jackson-annotations-2.9.9-1.fc30

Core annotations used for value types, used by Jackson data-binding package...

[SECURITY] Fedora 30 Update: jackson-databind-2.9.9.3-1.fc30

The general-purpose data-binding functionality and tree-model for Jackson D ata Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration...

[SECURITY] Fedora 31 Update: jackson-annotations-2.9.9-1.fc31

Core annotations used for value types, used by Jackson data-binding package...

Fedora Update for jackson-annotations FEDORA-2019-df57551f6d

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2018-12022

CVE-2018-12022 affects FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (globally or for a property) and the service classpath contains the Jodd‑db jar (for Jodd DB access) with an LDAP service available, an attacker can trigger remote code executio...

[SECURITY] Fedora 29 Update: jackson-annotations-2.9.8-1.fc29

Core annotations used for value types, used by Jackson data-binding package...

[SECURITY] Fedora 29 Update: jackson-databind-2.9.8-1.fc29

The general-purpose data-binding functionality and tree-model for Jackson D ata Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration...

jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...

[SECURITY] Fedora 27 Update: jackson-databind-2.7.6-8.fc27

General data-binding functionality for Jackson: works on core streaming API...

[SECURITY] Fedora 26 Update: jackson-databind-2.7.6-8.fc26

General data-binding functionality for Jackson: works on core streaming API...

Design/Logic Flaw

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

CVE-2017-8039

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

[SECURITY] Fedora 26 Update: jackson-databind-2.7.6-5.fc26

General data-binding functionality for Jackson: works on core streaming API...

[SECURITY] Fedora 27 Update: jackson-databind-2.7.6-5.fc27

General data-binding functionality for Jackson: works on core streaming API...

Data Binding Expression Vulnerability

spring-webflow is vulnerable to a data binding expression vulnerability. The vulnerability is caused when the MvcViewFactoryCreator useSpringBinding property is set to false by default. Therefore, applications which use the default settings are vulnerable to malicious EL expressions in view state...

[SECURITY] Fedora 26 Update: jackson-databind-2.7.6-3.fc26

General data-binding functionality for Jackson: works on core streaming API...

[SECURITY] Fedora 25 Update: jackson-databind-2.7.6-3.fc25

General data-binding functionality for Jackson: works on core streaming API...

[SECURITY] Fedora 24 Update: jackson-databind-2.6.3-3.fc24

General data-binding functionality for Jackson: works on core streaming API...