29 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-17531
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific...
jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
Oracle Linux 8 : pki-core:10.6 / and / pki-deps:10.6 (ELSA-2020-1644)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1644 advisory. - A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a...
K32562850: jackson-databind vulnerabilities CVE-2019-16943 and CVE-2019-17531
Security Advisory Description CVE-2019-16943 A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the p6spy 3.8.6 jar in t...
SUSE CVE-2019-17531
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in the classpath, and an...
OESA-2022-1782 jackson-databind security update
The general-purpose data-binding functionality and tree-model for Jackson Data Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration. Security Fixes: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through...
jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
CVE-2019-17531
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in the classpath, and an...
jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
Security Bulletin: Multiple vulnerabilities in FasterXML Jackson-databind affect IBM Spectrum Protect Plus (CVE-2019-16943, CVE-2019-16942, CVE-2019-17531, CVE-2019-17267, CVE-2019-14540, CVE-2019-16335, CVE-2019-14379, CVE-2019-14439)
Summary There are multiple security vulnerabilities in FasterXML Jackson-databind that affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2019-16943 DESCRIPTION: A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is...
jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
jackson-databind polymorphic typing issue
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in...
GHSA-GJMW-VF9H-G25V jackson-databind polymorphic typing issue
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in...