Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2021/07/18 12:18 a.m.41 views

CVE-2019-14379

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLAS...

9.8CVSS1.7AI score0.08045EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/03/26 3:46 p.m.9 views

jackson-databind: Polymorphic typing issue related to logback/JNDI

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLAS...

7.5CVSS7.4AI score0.10763EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/08/13 12:0 a.m.41 views

Debian DLA-1879-1 : jackson-databind security update

Deserialization flaws were discovered in jackson-databind relating to EHCache and logback/jndi, which could allow an unauthenticated user to perform remote code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. For Debian 8...

9.8CVSS7.8AI score0.10763EPSS
Exploits0References4
Debian
Debian
added 2019/08/12 10:19 p.m.87 views

[SECURITY] [DLA 1879-1] jackson-databind security update

Package : jackson-databind Version : 2.4.2-2+deb8u8 CVE ID : CVE-2019-14379 CVE-2019-14439 Debian Bug : 933393 Deserialization flaws were discovered in jackson-databind relating to EHCache and logback/jndi, which could allow an unauthenticated user to perform remote code execution. The issue was...

9.8CVSS7.1AI score0.10763EPSS
Exploits0
Rows per page
Query Builder