Lucene search
K

10 matches found

Github Security Blog
Github Security Blog
added 2021/12/09 7:15 p.m.58 views

Unsafe Deserialization in jackson-databind

FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration...

8.1CVSS8.7AI score0.07268EPSS
Exploits1References14Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/09 7:15 p.m.29 views

Serialization gadgets exploit in jackson-databind

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource...

8.1CVSS8.6AI score0.09477EPSS
Exploits1References13Affected Software1
Debian CVE
Debian CVE
added 2020/12/27 4:32 a.m.42 views

CVE-2020-35728

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl...

8.1CVSS8.6AI score0.12504EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2020/12/17 7:15 p.m.29 views

CVE-2020-35491

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource...

8.1CVSS6.9AI score0.09477EPSS
Exploits1References4
OSV
OSV
added 2020/08/25 6:15 p.m.24 views

CVE-2020-24616

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource aka Anteros-DBCP...

8.1CVSS6.5AI score
Exploits0References10
Cvelist
Cvelist
added 2020/04/07 10:14 p.m.30 views

CVE-2020-11620

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded aka commons-jelly...

8.7AI score0.05594EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2020/03/31 4:37 a.m.31 views

CVE-2020-11112

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider aka apache/commons-proxy...

8.8CVSS8.7AI score0.03583EPSS
Exploits0
Debian CVE
Debian CVE
added 2020/03/18 9:17 p.m.31 views

CVE-2020-10673

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef aka caucho-quercus...

8.8CVSS8.4AI score0.07963EPSS
Exploits0
NVD
NVD
added 2020/03/02 4:15 a.m.37 views

CVE-2020-9548

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig aka anteros-core...

9.8CVSS9.3AI score0.18345EPSS
Exploits0References16
Cvelist
Cvelist
added 2020/03/02 3:58 a.m.31 views

CVE-2020-9548

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig aka anteros-core...

9.3AI score0.18345EPSS
Exploits0References16
Rows per page
Query Builder