891 matches found
CVE-2019-14379
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup, leading to remote code execution...
Remote code execution
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup, leading to remote code execution...
CVE-2019-14379
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup, leading to remote code execution...
CVE-2019-14379
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup, leading to remote code execution...
CVE-2019-14379
CVE-2019-14379 affects FasterXML jackson-databind prior to 2.9.9.2, where default typing mishandling when ehcache is present (via net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup) leads to remote code execution. Affected component is jackson-databind’s data-binding implementatio...
CVE-2019-14379
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup, leading to remote code execution...
Oracle Primavera Gateway Multiple Vulnerabilities (Jul 2019 CPU)
According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.16, 16.x prior to 16.2.9, 17.x prior to 17.12.4, or 18.x prior to 18.8.6. It is, therefore, affected by multiple vulnerabilities: - An unspecified...
Deserialization of untrusted data in FasterXML jackson-databind
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specificall...
Deserialization of Untrusted Data in jackson-databind
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6...
CVE-2018-11307
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6...
Design/Logic Flaw
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6...
CVE-2018-11307
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6...
CVE-2018-11307
CVE-2018-11307 concerns a deserialization issue in FasterXML Jackson-databind from 2.0.0 to 2.9.5 that enables content exfiltration when using Jackson default typing with an iBatis gadget class. Affected: jackson-databind components in these versions. Impact: potential exposure of serialized cont...
CVE-2018-11307
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6...
CVE-2018-11307
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6...
Deserialization of Untrusted Data in FasterXML jackson-databind
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible...
CVE-2019-12384
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible...
CVE-2019-12384
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible...
Deserialization of untrusted data
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible...
CVE-2019-12384
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible...