Lucene search
K

59 matches found

RedHat Linux
RedHat Linux
added 2019/07/16 4:21 p.m.2 views

jackson-databind: improper polymorphic deserialization of types from Jodd-db library

A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...

7.5CVSS8AI score0.07348EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/07/15 7:18 p.m.3 views

jackson-databind: improper polymorphic deserialization of types from Jodd-db library

A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...

7.5CVSS8AI score0.07348EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/05/09 6:14 p.m.4 views

jackson-databind: improper polymorphic deserialization of types from Jodd-db library

A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...

7.5CVSS8AI score0.07348EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/05/08 12:12 p.m.6 views

jackson-databind: improper polymorphic deserialization of types from Jodd-db library

A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...

7.5CVSS8AI score0.07348EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/05/08 12:9 p.m.6 views

jackson-databind: improper polymorphic deserialization of types from Jodd-db library

A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...

7.5CVSS8AI score0.07348EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/05/08 12:4 p.m.5 views

jackson-databind: improper polymorphic deserialization of types from Jodd-db library

A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...

7.5CVSS8AI score0.07348EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/04/24 6:46 p.m.4 views

jackson-databind: improper polymorphic deserialization of types from Jodd-db library

A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...

7.5CVSS8AI score0.07348EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/04/17 9:3 p.m.6 views

jackson-databind: improper polymorphic deserialization of types from Jodd-db library

A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...

7.5CVSS8AI score0.07348EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2019/03/25 6:3 p.m.37 views

jackson-databind Deserialization of Untrusted Data vulnerability

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled either globally or for a specific property, the service has the Jodd-db jar for database access for the Jodd framework in the classpath, and an attacker can provide an LDAP...

7.5CVSS8.7AI score0.07348EPSS
Exploits0References40Affected Software1
OSV
OSV
added 2019/03/25 6:3 p.m.2 views

GHSA-CJJF-94FF-43W7 jackson-databind Deserialization of Untrusted Data vulnerability

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled either globally or for a specific property, the service has the Jodd-db jar for database access for the Jodd framework in the classpath, and an attacker can provide an LDAP...

7.5CVSS7.2AI score0.07348EPSS
Exploits0References41
OSV
OSV
added 2019/03/21 4:0 p.m.1 views

DEBIAN-CVE-2018-12022

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled either globally or for a specific property, the service has the Jodd-db jar for database access for the Jodd framework in the classpath, and an attacker can provide an LDAP...

7.5CVSS9.2AI score0.07348EPSS
Exploits0References1
NVD
NVD
added 2019/03/21 4:0 p.m.17 views

CVE-2018-12022

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled either globally or for a specific property, the service has the Jodd-db jar for database access for the Jodd framework in the classpath, and an attacker can provide an LDAP...

7.5CVSS8.5AI score0.07348EPSS
Exploits0References36
OSV
OSV
added 2019/03/21 4:0 p.m.35 views

CVE-2018-12022

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled either globally or for a specific property, the service has the Jodd-db jar for database access for the Jodd framework in the classpath, and an attacker can provide an LDAP...

7.5CVSS6.8AI score
Exploits0References36
OSV
OSV
added 2019/03/21 4:0 p.m.3 views

UBUNTU-CVE-2018-12022

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled either globally or for a specific property, the service has the Jodd-db jar for database access for the Jodd framework in the classpath, and an attacker can provide an LDAP...

7.5CVSS7.2AI score0.07348EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2019/03/21 4:0 p.m.33 views

CVE-2018-12022

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled either globally or for a specific property, the service has the Jodd-db jar for database access for the Jodd framework in the classpath, and an attacker can provide an LDAP...

7.5CVSS7.2AI score0.07348EPSS
Exploits0References4
Prion
Prion
added 2019/03/21 4:0 p.m.22 views

Design/Logic Flaw

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled either globally or for a specific property, the service has the Jodd-db jar for database access for the Jodd framework in the classpath, and an attacker can provide an LDAP...

5.1CVSS8.3AI score0.07348EPSS
Exploits0References36Affected Software11
Veracode
Veracode
added 2018/10/01 8:57 a.m.10 views

Arbitrary File Writes

Jodd Core is susceptible to arbitrary file writes. It is possible because it does not validate the file parameter to avoid the access to the rootDir and to write the file...

6.9AI score
Exploits0
Veracode
Veracode
added 2018/09/06 2:20 a.m.8 views

Remote Code Execution Via JSON Deserialization

jodd-json is vulnerable to remote code execution via JSON deserialization. The JSON parser supports polymorphic deserialization when setClassMetadataName is set, which allows an attacker to execute arbitrary code using a crafted JSON request...

8.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2018/05/29 12:0 a.m.7 views

PT-2018-2770 · Jackson +2 · Jackson-Databind +2

Name of the Vulnerable Software and Affected Versions: jackson-databind versions prior to 2.7.9.4 jackson-databind versions prior to 2.8.11.2 jackson-databind versions prior to 2.9.6 Description: The issue is related to the restoration of untrusted data structures in memory, potentially allowing ...

10CVSS7.8AI score0.45205EPSS
Exploits10References220
Rows per page
Query Builder