Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

SUSE CVE
SUSE CVEadded 2023/02/15 4:38 a.m.4 views

SUSE CVE-2017-15095

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw...

9.8CVSS8.2AI score0.07891EPSS
Exploits2References7
RedHat Linux
RedHat Linuxadded 2020/03/26 3:46 p.m.2 views

jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution

A flaw was discovered in FasterXML jackson-databind in versions prior to 2.9.9. The vulnerability would permit polymorphic deserialization of malicious objects using the logback-core gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

5.9CVSS7.8AI score0.51266EPSS
Exploits2References4
OSV
OSVadded 2018/10/16 5:21 p.m.1 views

GHSA-QXXX-2PP7-5HMX jackson-databind is vulnerable to a deserialization flaw

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...

9.8CVSS7.3AI score0.82379EPSS
Exploits7References66
RedHat Linux
RedHat Linuxadded 2018/03/12 5:4 p.m.0 views

jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes...

9.8CVSS7.6AI score0.82379EPSS
Exploits7References5
RedHat Linux
RedHat Linuxadded 2018/03/12 4:37 p.m.1 views

jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper. This issue extends upon the previous flaws CVE-2017-7525 and CVE-2017-15095 by blacklisti...

9.8CVSS7.6AI score0.84949EPSS
Exploits3References5
RedHat Linux
RedHat Linuxadded 2018/02/12 5:19 p.m.1 views

jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...

9.8CVSS7.6AI score0.82379EPSS
Exploits7References4
Rows per page
Query Builder