CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2022/05/14 11:39 a.m.•51 views

CVE-2019-20330

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. Mitigation The following conditions are needed for an exploit, we recommend avoiding all if possible: Deserialization from sources you do not control enableDefaultTyping @JsonTypeInfo using id.CLASS or...

9.8CVSS3.1AI score0.01914EPSS

RedhatCVE•added 2022/05/14 11:32 a.m.•49 views

CVE-2020-11619

A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions are needed for an exploit, we...

8.1CVSS2.2AI score0.01367EPSS

RedhatCVE•added 2021/07/18 12:18 a.m.•37 views

CVE-2019-14379

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLAS...

9.8CVSS1.7AI score0.01467EPSS

RedhatCVE•added 2021/01/18 9:15 a.m.•34 views

CVE-2021-20190

A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions are needed for an exploit, w...

8.3CVSS1.9AI score0.00502EPSS

RedhatCVE•added 2021/01/07 8:15 p.m.•30 views

CVE-2020-36189

8.1CVSS1.9AI score0.04276EPSS

RedhatCVE•added 2021/01/07 8:15 p.m.•42 views

CVE-2020-36187

8.1CVSS1.9AI score0.02335EPSS

RedhatCVE•added 2021/01/07 8:14 p.m.•50 views

CVE-2020-36184

8.8CVSS1.9AI score0.07471EPSS

RedhatCVE•added 2021/01/07 8:14 p.m.•49 views

CVE-2020-36183

8.1CVSS1.9AI score0.02241EPSS

RedhatCVE•added 2021/01/07 8:14 p.m.•38 views

CVE-2020-36182

8.8CVSS1.9AI score0.0295EPSS

Exploits2References4

RedhatCVE•added 2021/01/07 8:14 p.m.•40 views

CVE-2020-36188

8.1CVSS1.9AI score0.10179EPSS

RedhatCVE•added 2021/01/07 7:41 p.m.•30 views

CVE-2020-36180

8.8CVSS1.9AI score0.03194EPSS

Exploits2References4

RedhatCVE•added 2020/08/26 1:38 p.m.•30 views

CVE-2020-24616

A flaw was found in FasterXML jackson-databind 2.x in versions prior to 2.9.10.6. The interaction between serialization gadgets and typing are mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following...

8.1CVSS2.8AI score0.02908EPSS

Exploits1References3

RedhatCVE•added 2020/06/19 12:25 p.m.•44 views

CVE-2020-14060

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions a...

6.8CVSS3.2AI score0.08934EPSS

RedhatCVE•added 2020/06/19 11:56 a.m.•38 views

CVE-2020-14195

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation Th...

6.8CVSS2.8AI score0.09286EPSS

Github Security Blog•added 2020/05/15 6:59 p.m.•149 views

Polymorphic deserialization of malicious object in jackson-databind

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

9.8CVSS2.6AI score0.00983EPSS

Exploits0References11Affected Software1

RedhatCVE•added 2020/04/09 12:16 p.m.•29 views

CVE-2018-14720

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity XXE attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. Mitigation The following conditions are needed for an exploit, we recommend avoiding all if possibl...

9.8CVSS5AI score0.03437EPSS

Exploits0References2

RedhatCVE•added 2020/04/09 7:34 a.m.•26 views

CVE-2020-11112

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions a...

8.8CVSS3.6AI score0.06772EPSS

RedhatCVE•added 2020/04/06 3:5 p.m.•30 views

CVE-2020-11113

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions a...

8.8CVSS3.6AI score0.60714EPSS

RedhatCVE•added 2020/04/06 2:35 p.m.•27 views

CVE-2020-11111

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions a...

8.8CVSS3.6AI score0.02082EPSS