59 matches found
jackson-databind: improper polymorphic deserialization of types from Jodd-db library
A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...
jackson-databind: improper polymorphic deserialization of types from Jodd-db library
A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...
jackson-databind: improper polymorphic deserialization of types from Jodd-db library
A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...
jackson-databind: improper polymorphic deserialization of types from Jodd-db library
A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...
jackson-databind: improper polymorphic deserialization of types from Jodd-db library
A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...
jackson-databind: improper polymorphic deserialization of types from Jodd-db library
A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...
jackson-databind: improper polymorphic deserialization of types from Jodd-db library
A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...
jackson-databind: improper polymorphic deserialization of types from Jodd-db library
A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...
jackson-databind Deserialization of Untrusted Data vulnerability
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled either globally or for a specific property, the service has the Jodd-db jar for database access for the Jodd framework in the classpath, and an attacker can provide an LDAP...
GHSA-CJJF-94FF-43W7 jackson-databind Deserialization of Untrusted Data vulnerability
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled either globally or for a specific property, the service has the Jodd-db jar for database access for the Jodd framework in the classpath, and an attacker can provide an LDAP...
DEBIAN-CVE-2018-12022
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled either globally or for a specific property, the service has the Jodd-db jar for database access for the Jodd framework in the classpath, and an attacker can provide an LDAP...
CVE-2018-12022
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled either globally or for a specific property, the service has the Jodd-db jar for database access for the Jodd framework in the classpath, and an attacker can provide an LDAP...
CVE-2018-12022
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled either globally or for a specific property, the service has the Jodd-db jar for database access for the Jodd framework in the classpath, and an attacker can provide an LDAP...
UBUNTU-CVE-2018-12022
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled either globally or for a specific property, the service has the Jodd-db jar for database access for the Jodd framework in the classpath, and an attacker can provide an LDAP...
CVE-2018-12022
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled either globally or for a specific property, the service has the Jodd-db jar for database access for the Jodd framework in the classpath, and an attacker can provide an LDAP...
Design/Logic Flaw
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled either globally or for a specific property, the service has the Jodd-db jar for database access for the Jodd framework in the classpath, and an attacker can provide an LDAP...
Arbitrary File Writes
Jodd Core is susceptible to arbitrary file writes. It is possible because it does not validate the file parameter to avoid the access to the rootDir and to write the file...
Remote Code Execution Via JSON Deserialization
jodd-json is vulnerable to remote code execution via JSON deserialization. The JSON parser supports polymorphic deserialization when setClassMetadataName is set, which allows an attacker to execute arbitrary code using a crafted JSON request...
PT-2018-2770 · Jackson +2 · Jackson-Databind +2
Name of the Vulnerable Software and Affected Versions: jackson-databind versions prior to 2.7.9.4 jackson-databind versions prior to 2.8.11.2 jackson-databind versions prior to 2.9.6 Description: The issue is related to the restoration of untrusted data structures in memory, potentially allowing ...