CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2022/05/14 11:39 a.m.•54 views

CVE-2019-20330

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. Mitigation The following conditions are needed for an exploit, we recommend avoiding all if possible: Deserialization from sources you do not control enableDefaultTyping @JsonTypeInfo using id.CLASS or...

9.8CVSS3.1AI score0.0864EPSS

RedhatCVE•added 2022/05/14 11:32 a.m.•52 views

CVE-2020-11619

A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions are needed for an exploit, we...

8.1CVSS2.2AI score0.03607EPSS

RedhatCVE•added 2021/07/18 12:18 a.m.•40 views

CVE-2019-14379

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLAS...

9.8CVSS1.7AI score0.08045EPSS

RedhatCVE•added 2021/01/18 9:15 a.m.•37 views

CVE-2021-20190

A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions are needed for an exploit, w...

8.3CVSS1.9AI score0.07483EPSS

RedhatCVE•added 2021/01/07 8:15 p.m.•35 views

CVE-2020-36189

8.1CVSS1.9AI score0.04912EPSS

RedhatCVE•added 2021/01/07 8:15 p.m.•47 views

CVE-2020-36187

8.1CVSS1.9AI score0.05195EPSS

RedhatCVE•added 2021/01/07 8:14 p.m.•55 views

CVE-2020-36184

8.8CVSS1.9AI score0.10379EPSS

RedhatCVE•added 2021/01/07 8:14 p.m.•52 views

CVE-2020-36183

8.1CVSS1.9AI score0.0489EPSS

RedhatCVE•added 2021/01/07 8:14 p.m.•41 views

CVE-2020-36182

8.8CVSS1.9AI score0.05018EPSS

Exploits2References4

RedhatCVE•added 2021/01/07 8:14 p.m.•48 views

CVE-2020-36188

8.1CVSS1.9AI score0.10911EPSS

RedhatCVE•added 2021/01/07 7:41 p.m.•38 views

CVE-2020-36180

8.8CVSS1.9AI score0.05041EPSS

Exploits2References4

RedhatCVE•added 2020/08/26 1:38 p.m.•35 views

CVE-2020-24616

A flaw was found in FasterXML jackson-databind 2.x in versions prior to 2.9.10.6. The interaction between serialization gadgets and typing are mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following...

8.1CVSS2.8AI score0.09346EPSS

Exploits1References3

RedhatCVE•added 2020/06/19 12:25 p.m.•49 views

CVE-2020-14060

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions a...

6.8CVSS3.2AI score0.08607EPSS

RedhatCVE•added 2020/06/19 11:56 a.m.•42 views

CVE-2020-14195

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation Th...

6.8CVSS2.8AI score0.04511EPSS

Github Security Blog•added 2020/05/15 6:59 p.m.•154 views

Polymorphic deserialization of malicious object in jackson-databind

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

9.8CVSS2.6AI score0.03958EPSS

Exploits0References11Affected Software1

RedhatCVE•added 2020/04/09 12:16 p.m.•32 views

CVE-2018-14720

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity XXE attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. Mitigation The following conditions are needed for an exploit, we recommend avoiding all if possibl...

9.8CVSS5AI score0.07524EPSS

Exploits0References2

RedhatCVE•added 2020/04/09 7:34 a.m.•29 views

CVE-2020-11112

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions a...

8.8CVSS3.6AI score0.03583EPSS

RedhatCVE•added 2020/04/06 3:5 p.m.•37 views

CVE-2020-11113

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions a...

8.8CVSS3.6AI score0.06278EPSS

RedhatCVE•added 2020/04/06 2:35 p.m.•34 views

CVE-2020-11111

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions a...

8.8CVSS3.6AI score0.03489EPSS