3 matches found
K15320518: FasterXML jackson-databind vulnerability CVE-2020-8840
Security Advisory Description In FasterXML jackson-databind 2.0.0 through 2.9.10.2, due to the lack of certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter , attackers can exploit JNDI injections to remotely execute code. FasterXML Jackson is a...
Is Your Web Application Exploitable By Log4Shell Vulnerability?
On December 09, 2021, a critical remote code execution vulnerability was identified in Apache Log4j2 after proof-of-concepts were leaked publicly, affecting Apache Log4j 2.x = 2.15.0-rc1. The vulnerability is being tracked as CVE-2021-44228 with CVSSv3 10 score and affects numerous applications...
GitHub Security Lab: CodeQL query to detect JNDI injections
This bug was reported directly to GitHub Security Lab...