9 matches found
CVE-2018-11307
A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using MyBatis classes when using DefaultTyping. An attacker could use this flaw to achieve content exfiltration and possibly conduct further attacks...
jackson-databind: improper polymorphic deserialization of types from Jodd-db library
A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...
jackson-databind: improper polymorphic deserialization of types from Jodd-db library
A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...
jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver
A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Oracle JDBC classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...
jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis
A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using MyBatis classes when using DefaultTyping. An attacker could use this flaw to achieve content exfiltration and possibly conduct further attacks...
jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver
A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Oracle JDBC classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...
jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver
A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Oracle JDBC classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...
jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver
A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Oracle JDBC classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...
Jackson-Databind framework json deserialization code execution vulnerability analysis-vulnerability warning-the black bar safety net
2017/04/11, ayound reported a Jackson Databind framework json deserialization vulnerability, an attacker exploit the vulnerability in the server on the host to execute arbitrary code or system commands, obtain the web server control. Affected versions: The jackson databind 2.7.10 and 2. 8. 9 The...