2 matches found
jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis
A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using MyBatis classes when using DefaultTyping. An attacker could use this flaw to achieve content exfiltration and possibly conduct further attacks...
jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis
A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using MyBatis classes when using DefaultTyping. An attacker could use this flaw to achieve content exfiltration and possibly conduct further attacks...