Lucene search
+L

7 matches found

Github Security Blog
Github Security Blog
added 2020/05/15 6:58 p.m.121 views

jackson-databind mishandles the interaction between serialization gadgets and typing

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider aka bus-proxy...

8.8CVSS3.5AI score0.03538EPSS
Exploits0References12Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/04/20 12:0 a.m.58 views

Debian DLA-2179-1 : jackson-databind security update

Following CVEs were reported against the jackson-databind source package : CVE-2020-10968 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider aka bus-proxy. CVE-2020-10969...

8.8CVSS8AI score0.06278EPSS
Exploits0References9
Veracode
Veracode
added 2020/03/27 9:1 a.m.39 views

Remote Code Execution (RCE)

FasterXML jackson-databind is vulnerable to deserialization of untrusted data. There is a polymorphic typing issue because there are more than one association gadget types related to org.aoju.bus.proxy.provider.remoting.RmiProvider aka bus-proxy implementation by default...

8.8CVSS4.2AI score0.03538EPSS
Exploits0References10Affected Software246
NVD
NVD
added 2020/03/26 1:15 p.m.36 views

CVE-2020-10968

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider aka bus-proxy...

8.8CVSS9AI score0.03538EPSS
Exploits0References8
OSV
OSV
added 2020/03/26 1:15 p.m.40 views

CVE-2020-10968

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider aka bus-proxy...

8.8CVSS6.5AI score
Exploits0References8
Prion
Prion
added 2020/03/26 1:15 p.m.28 views

Open redirect

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider aka bus-proxy...

6.8CVSS8.9AI score0.03538EPSS
Exploits0References8Affected Software30
Cvelist
Cvelist
added 2020/03/26 12:43 p.m.29 views

CVE-2020-10968

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider aka bus-proxy...

9AI score0.03538EPSS
Exploits0References8
Rows per page
Query Builder