2 matches found
The vulnerability of the commons-jelly component in the Jackson-databind library of the FasterXML project allows a hacker to execute arbitrary code.
The vulnerability of the commons-jelly component in the Jackson-databind library of the FasterXML project is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code on the target system...
UBUNTU-CVE-2017-12621
During Jelly xml file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity XXE...