891 matches found
Design/Logic Flaw
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540...
CVE-2019-16335
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540...
CVE-2019-16335
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540...
CVE-2019-16335
CVE-2019-16335 is a vulnerability in FasterXML jackson-databind (pre-2.9.10) related to polymorphic typing in the HikariDataSource path. Connected sources confirm the affected component is jackson-databind and specifically the serialization gadgets involving com.zaxxer.hikari.HikariDataSource. Im...
CVE-2019-14540
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig...
CVE-2019-14540
CVE-2019-14540 affects jackson-databind up to version 2.9.10 with serialization gadget risk involving the HikariCP classes (com.zaxxer.hikari.HikariConfig). The authoritative initial doc notes a polymorphic typing issue in jackson-databind related to HikariConfig. Connected-material references (A...
CVE-2019-14540
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig...
Security Bulletin: Multiple vulnerabilities have been identified in bundled libraries of IBM Tivoli Netcool/OMNIbus Common Integration Libraries (CVE-2019-12086, CVE-2019-0201)
Summary FasterXML Jackson library is a dependency component shipped with the IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library and Transformer for Message Bus Integration. Information about security vulnerabilities affecting FasterXML Jackson library has been published...
Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind
It is an offensive tool for Java. This PoC exploit targets CVE-2...
The vulnerability of the FasterXML function in the Jackson-Databind Java library for JSON file grammar analysis allows a attacker to execute arbitrary code or cause a service failure.
The vulnerability of the FasterXML function in the Jackson-Databind Java library for JSON file grammar analysis is related to the inability to prevent the OpenJPA class from being polymorphic deserialization. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or caus...
The vulnerability of the FasterXML function in the Jackson-Databind Java library for JSON file grammar analysis allows a attacker to gain access to confidential data.
The vulnerability of the FasterXML function in the Jackson-Databind Java library for JSON file parsing involves the ability to read any local files on the server when default typing is enabled. A special jar-connector-mysql-connector-java is also available and points to classes at the final JSON...
The vulnerability of the FasterXML function in the Jackson-Databind Java library for JSON file grammar analysis allows attackers to compromise data integrity, gain access to confidential information, and cause service failures.
The vulnerability of the FasterXML function in the Jackson-Databind Java library for JSON file parsing involves a failure to prevent polymorphic deserialization of the axis2-transport-jms class. Exploiting this vulnerability could allow an attacker to compromise data integrity, gain access to...
Deserialization of untrusted data in FasterXML jackson-databind
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2, 2.8.11.4, 2.7.9.6, and 2.6.7.3. This occurs when Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the logback jar in the...
Deserialization of untrusted data in FasterXML jackson-databind
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2, 2.8.11.4, and 2.7.9.6 mishandles default typing when ehcache is used because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup, leading to remote code execution...
CVE-2019-14439
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the logback jar in the classpath...
Path traversal
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the logback jar in the classpath...
CVE-2019-14439
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the logback jar in the classpath...
CVE-2019-14439
CVE-2019-14439 describes a polymorphic typing deserialization issue in FasterXML jackson-databind 2.x prior to 2.9.9.2. When Default Typing is enabled (globally or for a property) and logback is in the classpath, an externally exposed JSON endpoint may be vulnerable to unsafe deserialization. Aff...
CVE-2019-14439
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the logback jar in the classpath...
CVE-2019-14379
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup, leading to remote code execution...