EUVD-2021-0872

Malware in sbrugna...

K65417229: Apache Struts vulnerability CVE-2017-7525

Security Advisory Description A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...

CVE-2017-15095

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes...

Vaadin flow information disclosure vulnerability

Vaadin flow is a software application. the Vaadin platform is a Java framework for building modern websites that look great, perform well and keep you and your users happy. An information disclosure vulnerability exists in vaadin:flow-server, which stems from an insecure configuration of the...

CVE-2020-36319

Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 Vaadin 15.0.0 through 15.0.4 may expose sensitive data if the application also uses e.g. @RestController...

CVE-2020-36319

Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 Vaadin 15.0.0 through 15.0.4 may expose sensitive data if the application also uses e.g. @RestController...

Default configuration

Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 Vaadin 15.0.0 through 15.0.4 may expose sensitive data if the application also uses e.g. @RestController...

CVE-2020-36319

CVE-2020-36319 affects Vaadin flow-server (com.vaadin:flow-server) versions 3.0.0–3.0.5 (Vaadin 15.0.0–15.0.4). The root cause is an insecure configuration of the default ObjectMapper, which may disclose sensitive data if the application also uses components like @RestController. The CVE is docum...

Vaadin flow 信息泄露漏洞

Vaadin flow is a software application. the Vaadin platform is a Java framework for building modern websites that look great, perform well and keep you and your users happy. An information disclosure vulnerability exists in vaadin:flow-server, which stems from an insecure configuration of the...

Information Disclosure

flow-server is vulnerable to information disclosure. Insecure configuration of the default ObjectMapper discloses confidential data if the application also uses e.g. @RestController...

Potential sensitive data exposure in applications using Vaadin 15

Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 Vaadin 15.0.0 through 15.0.4 may expose sensitive data if the application also uses e.g. @RestController - https://vaadin.com/security/cve-2020-36319...

GHSA-RJWW-2X8V-M9V9 Potential sensitive data exposure in applications using Vaadin 15

Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 Vaadin 15.0.0 through 15.0.4 may expose sensitive data if the application also uses e.g. @RestController - https://vaadin.com/security/cve-2020-36319...

GHSA-76F4-FW33-6J2V Potential sensitive data exposure in applications using Vaadin 15

Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 Vaadin 15.0.0 through 15.0.4 may expose sensitive data if the application also uses e.g. @RestController - https://vaadin.com/security/cve-2020-36319...

The vulnerability of the readValue method in the ObjectMapper class of the Jackson-databind library arises from the possibility of restoring unreliable data structures in memory. This allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the readValue method in the ObjectMapper class of the Jackson-databind library is related to improper validation of input data before attempting its deserialization. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its...

JFrog < 6.1 Multiple Vulnerabilities

According to its self-reported version number, the version of JFrog Artifactory installed on the remote host is prior to 6.1. It is, therefore, affected by multiple vulnerabilities: - A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which...

SUSE-SU-2021:0243-1 Security update for jackson-databind

This update for jackson-databind fixes the following issues: jackson-databind was updated to 2.10.5.1: 2589: DOMDeserializer: setExpandEntityReferencesfalse may not prevent external entity expansion in all cases CVE-2020-25649, bsc1177616 2787 partial fix: NPE after add mixin for enum 2679:...

CVE-2018-7489

FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of th...

Potential sensitive data exposure in applications using Vaadin 15

Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 Vaadin 15.0.0 through 15.0.4 may expose sensitive data if the application also uses e.g. @RestController See CWE-200: Exposure of Sensitive Information to an Unauthorized Actor Description The...

CVE-2018-5968

A deserialization flaw was discovered in the jackson-databind that could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaws CVE-2017-7525 and CVE-2017-17485 by...

CVE-2017-17485

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper. This issue extends upon the previous flaws CVE-2017-7525 and CVE-2017-15095 by blacklisti...