891 matches found
CVE-2020-35490
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource...
CVE-2020-35490
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource...
CVE-2020-35491
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource...
CVE-2020-35490
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource...
CVE-2020-35491
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource...
Design/Logic Flaw
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource...
CVE-2020-35490
CVE-2020-35490 : jackson-databind 2.x before 2.9.10.8 is affected. The issue arises from mishandling the interaction between serialization gadgets and typing, related to PerUserPoolDataSource in org.apache.commons.dbcp2. Root cause: polymorphic deserialization/gadget chaining leads to potential c...
CVE-2020-35490
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource...
CVE-2020-35490
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource...
CVE-2020-35491
CVE-2020-35491 affects FasterXML jackson-databind 2.x prior to 2.9.10.8, tied to deserialization gadget typing interactions via org.apache.commons.dbcp2.datasources.SharedPoolDataSource. Connected docs corroborate an extensive Jackson deserialization issue set with high impact, but the provided m...
CVE-2020-35491
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource...
CVE-2020-35491
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource...
JFrog < 7.11.1 Multiple Vulnerabilities
According to its self-reported version number, the version of JFrog Artifactory installed on the remote host is prior to 7.11.1. It is, therefore, affected by multiple vulnerabilities: - A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This...
FasterXML jackson-databind suffers from a command execution vulnerability (CNVD-2020-75242)
FasterXML Jackson is a U.S. FasterXML company for Java data processing tools . jackson-databind is one of the components with data binding capabilities . A command execution vulnerability exists in FasterXML jackson-databind. An attacker can exploit this vulnerability to execute arbitrary command...
FasterXML jackson-databind suffers from a command execution vulnerability (CNVD-2020-75243)
FasterXML Jackson is a U.S. FasterXML company for Java data processing tools . jackson-databind is one of the components with data binding capabilities . A command execution vulnerability exists in FasterXML jackson-databind, which can be exploited by an attacker to execute arbitrary commands...
Security Bulletin: jackson-databind vulnerability CVE-2020-24750 impacts IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to V4.0
Summary Jackson-databind vulnerability CVE-2020-24750 impacts IBM Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint versions prior to 4.0.0. The fix for this set of vulnerabilities was delivered in IBM Aspera High-Speed Transfer Server V4.0.0 and IBM Aspera High-Speed...
Security Bulletin: Potential vulnerability with FasterXML jackson-databind
Summary A potential vulnerability has been identified related to FasterXML jackson-databind. Refer to details for additional information. Vulnerability Details CVEID: CVE-2020-24616 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caus...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of FasterXML jackson-databind. Vulnerability Details CVEID: CVE-2020-24750 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe...
CVE-2018-7489
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of th...
CVE-2020-25649
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity XXE attacks. The highest threat from this vulnerability is data integrity...