Lucene search
K

396 matches found

RedHat Linux
RedHat Linux
added 2024/08/26 11:5 a.m.8 views

jackson-databind: default typing mishandling leading to remote code execution

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLAS...

9.8CVSS7.4AI score0.08045EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/08/26 11:5 a.m.10 views

jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution

A flaw was discovered in FasterXML jackson-databind in versions prior to 2.9.9. The vulnerability would permit polymorphic deserialization of malicious objects using the logback-core gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

5.9CVSS7.8AI score0.45205EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.31 views

RHEL 8 : opendaylight (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jackson-databind: Serialization gadgets in classes of the ehcache package CVE-2019-17267 - A flaw was...

9.8CVSS8.9AI score0.17611EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.37 views

RHEL 7 : rh-maven35-jackson-databind (RHSA-2019:0782)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0782 advisory. The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API...

10CVSS8.4AI score0.12679EPSS
Exploits0References22
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/20 5:43 a.m.50 views

Security Bulletin: IBM B2B Advanced Communications is vulnerable to multiple issues due to FasterXML jackson-databind

Summary IBM B2B Advanced Communications has addressed vulnerabilities in jackson-databind shipped with product. Vulnerability Details CVEID:CVE-2018-14719 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the failure to block...

10CVSS9AI score0.26587EPSS
Exploits5Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 4:25 a.m.7 views

SUSE CVE-2018-14721

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...

10CVSS8.8AI score0.10458EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:22 a.m.7 views

SUSE CVE-2018-19362

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization...

9.8CVSS8.9AI score0.10599EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:22 a.m.9 views

SUSE CVE-2018-19360

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization...

9.8CVSS8.9AI score0.10599EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:9 a.m.3 views

SUSE CVE-2019-14892

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS8.7AI score0.0544EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:9 a.m.6 views

SUSE CVE-2019-14893

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

9.8CVSS8.8AI score0.03958EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/01/13 6:38 a.m.110 views

CVE-2018-14718

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS4AI score0.15087EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2021/08/22 1:11 p.m.51 views

CVE-2019-12384

A flaw was discovered in FasterXML jackson-databind in versions prior to 2.9.9. The vulnerability would permit polymorphic deserialization of malicious objects using the logback-core gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

8.1CVSS1AI score0.45205EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2021/08/22 1:6 p.m.32 views

CVE-2018-19361

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the OpenJPA class. An attacker could use this flaw to execute arbitrary code...

9.8CVSS4.1AI score0.10599EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2021/08/01 4:20 a.m.195 views

CVE-2018-14721

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...

10CVSS5.5AI score0.10458EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2021/07/18 12:18 a.m.41 views

CVE-2019-14379

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLAS...

9.8CVSS1.7AI score0.08045EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/07/17 11:47 p.m.472 views

CVE-2017-15095

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes...

9.8CVSS0.5AI score0.37925EPSS
Exploits7References2
RedhatCVE
RedhatCVE
added 2021/06/13 6:35 a.m.41 views

CVE-2018-14719

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using blaze classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS3.9AI score0.09682EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/16 3:32 p.m.51 views

Security Bulletin: Multiple vulnerabilities in FasterXML jackson-databind affect Apache Solr shipped with IBM Operations Analytics - Log Analysis

Summary There are vulnerabilities in various versions of FasterXML jackson-databind that affect Apache Solr. The vulnerabilities are in Vulnerability Details section. Vulnerability Details CVEID: CVE-2018-14718 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute...

10CVSS1AI score0.45205EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/02 3:42 p.m.28 views

Security Bulletin: Android Mobile SDK compile builder includes vulnerable components

Summary A third party JSON parser that Android Mobile SDK uses include vulnerable components. The JSON parser is included in the compile builder provided to customers to compile their Mobile SDK manifest. It is not included within customer apps. Vulnerability Details CVEID: CVE-2018-7489...

9.8CVSS1.6AI score0.20135EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/08/25 12:0 a.m.233 views

Debian DLA-2342-1 : libjackson-json-java security update

Several vulnerabilities were fixed in libjackson-json-java, a Java JSON processor. CVE-2017-7525 Jackson Deserializer security vulnerability. CVE-2017-15095 Block more JDK types from polymorphic deserialization. CVE-2019-10172 XML external entity vulnerabilities. For Debian 9 stretch, these...

9.8CVSS7.5AI score0.37925EPSS
Exploits7References5
Rows per page
Query Builder