Lucene search
K

8 matches found

RedHat Linux
RedHat Linux
added 2024/08/26 11:5 a.m.8 views

jackson-databind: default typing mishandling leading to remote code execution

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLAS...

9.8CVSS7.4AI score0.08045EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/06/15 4:18 p.m.10 views

jackson-databind: exfiltration/XXE in some JDK classes

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the slf4j, flex messaging, sun DRSHelper and JAX-WS gadgets when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

9.8CVSS7.4AI score0.07524EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/05/28 3:58 p.m.7 views

jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the log4j-extra gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7.4AI score0.05329EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/05/26 4:9 p.m.9 views

jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariConfig gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7AI score0.10676EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/03/26 3:46 p.m.11 views

jackson-databind: default typing mishandling leading to remote code execution

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLAS...

9.8CVSS7.4AI score0.08045EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/01/21 2:57 a.m.6 views

jackson-databind: Serialization gadgets in classes of the xalan package

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7.4AI score0.03958EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/10/01 7:10 a.m.11 views

jackson-databind: default typing mishandling leading to remote code execution

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLAS...

9.8CVSS7.4AI score0.08045EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/09/12 12:28 p.m.5 views

jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution

A flaw was discovered in FasterXML jackson-databind in versions prior to 2.9.9. The vulnerability would permit polymorphic deserialization of malicious objects using the logback-core gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

5.9CVSS7.8AI score0.45205EPSS
Exploits2References4
Rows per page
Query Builder