4 matches found
Deserialization of Untrusted Data in Spring Batch
When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing enabled which means...
CVE-2020-5411
When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing enabled which means...
Deserialization of untrusted data
When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing enabled which means...
Remote Code Execution Through Deserialization Attack
Apache ActiveMQ Artemis is vulnerable to deserialization attacks. The JMS specification outlines a getObject method on the javax.jms.ObjectMessage class. The Apache Artemis implementation of this method allows the deserialization of objects, from untrusted sources. There are several places where...