3 matches found
Deserialization of untrusted data
An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. The extension uses a socket connection to send serialized Java objects. Deserialization is not restricted to an allow-list, thus allowing an attacker to achieve code execution via a malicious deserialization...
Unsafe Deserialization
jackson-databind is vulnerable to arbitrary code execution via unsafe deserrialization. Lack of object validation before deserialization allows an attacker to execute arbitrary code using polymorphic deserialization of a malicious gadget type...
CVE-2019-1860 Cisco Unified Intelligence Center Remote File Injection Vulnerability
A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to obtain or manipulate sensitive information between a users browser and Cisco Unified Intelligence Center. The vulnerability is due to the lack of gadget...