2 matches found
RHEL 7 : rh-maven35-jackson-databind (RHSA-2019:0782)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0782 advisory. The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API...
jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver
A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Oracle JDBC classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...