Lucene search
K

7 matches found

Github Security Blog
Github Security Blog
added 2021/12/09 7:16 p.m.44 views

Unsafe Deserialization in jackson-databind

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource...

8.1CVSS8.6AI score0.05195EPSS
Exploits1References13Affected Software1
NVD
NVD
added 2021/01/06 11:15 p.m.19 views

CVE-2020-36187

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource...

8.1CVSS8.7AI score0.05195EPSS
Exploits1References10
OSV
OSV
added 2021/01/06 11:15 p.m.25 views

CVE-2020-36187

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource...

8.1CVSS7.1AI score
Exploits0References10
UbuntuCve
UbuntuCve
added 2021/01/06 11:15 p.m.32 views

CVE-2020-36187

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource...

8.1CVSS6.9AI score0.05195EPSS
Exploits1References3
Prion
Prion
added 2021/01/06 11:15 p.m.20 views

Design/Logic Flaw

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource...

6.8CVSS8.6AI score0.05195EPSS
Exploits1References10Affected Software43
Debian CVE
Debian CVE
added 2021/01/06 10:29 p.m.24 views

CVE-2020-36187

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource...

8.1CVSS8.1AI score0.05195EPSS
Exploits1
Cvelist
Cvelist
added 2021/01/06 10:29 p.m.28 views

CVE-2020-36187

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource...

8.7AI score0.05195EPSS
Exploits1References10
Rows per page
Query Builder