Arbitrary Code Execution in jackson-databind

FasterXML jackson-databind 2.x before 2.9.7, 2.8.11.3, and 2.7.9.5 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization...

GHSA-X2W5-5M2G-7H5M XML External Entity Reference (XXE) in jackson-databind

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity XXE attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization...

XML External Entity Reference (XXE) in jackson-databind

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity XXE attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization...

Server-Side Request Forgery (SSRF) in jackson-databind

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...

GHSA-9MXF-G3X6-WV74 Server-Side Request Forgery (SSRF) in jackson-databind

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...

com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization...

GHSA-MX9V-GMH4-MGQW Deserialization of Untrusted Data in jackson-databind

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization...

Deserialization of Untrusted Data in jackson-databind due to polymorphic deserialization

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization...

GHSA-F9HV-MG5H-XCW9 Deserialization of Untrusted Data in jackson-databind due to polymorphic deserialization

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization...

GHSA-645P-88QH-W398 Arbitrary Code Execution in jackson-databind

FasterXML jackson-databind 2.x before 2.9.7, 2.8.11.3, 2.7.9.5, and 2.6.7.3 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization...

Arbitrary Code Execution in jackson-databind

FasterXML jackson-databind 2.x before 2.9.7, 2.8.11.3, 2.7.9.5, and 2.6.7.3 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization...

Remote Code Execution (RCE)

jackson-databind is vulnerable to remote code execution. The application does not block the jboss-common-core class from polymorphic deserialization, which would allow a remote attacker to leverage this vulnerability to execute arbitrary code...

Remote Code Execution (RCE)

jackson-databind is vulnerable to remote code execution. The application does not block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization, which would allow a remote attacker to leverage this vulnerability to execute arbitrary code. This vulnerability is due to an...

FasterXML jackson-databind arbitrary code execution vulnerability (CNVD-2019-15941)

FasterXML Jackson is a U.S. FasterXML company for Java data processing tools . Jackson-databind is one of the components with data binding capabilities . An arbitrary code execution vulnerability exists in FasterXML Jackson-databind version 2.x prior to 2.9.7. The vulnerability stems from the...

Deserialization of untrusted data

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization...

CVE-2018-14719

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization...

CVE-2018-19362

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization...

Deserialization of untrusted data

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization...

Deserialization of untrusted data

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization...

CVE-2018-19362

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization...