Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

857 matches found

RedHat Linux
RedHat Linuxadded 2019/10/14 6:29 p.m.2 views

jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.

A new polymorphic typing flaw was discovered in FasterXML jackson-databind, versions 2.x through 2.9.9. With default typing enabled, an attacker can send a specifically crafted JSON message to the server that allows them to read arbitrary local files...

5.9CVSS7.5AI score0.18064EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2019/10/14 6:29 p.m.1 views

jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the mysql gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS...

7.5CVSS7.4AI score0.15179EPSS
Exploits2References4
RedHat Linux
RedHat Linuxadded 2019/10/14 6:29 p.m.3 views

jackson-databind: default typing mishandling leading to remote code execution

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLAS...

9.8CVSS7.4AI score0.01428EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2019/10/14 6:29 p.m.3 views

jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.

A new polymorphic typing flaw was discovered in FasterXML jackson-databind, versions 2.x through 2.9.9. With default typing enabled, an attacker can send a specifically crafted JSON message to the server that allows them to read arbitrary local files...

5.9CVSS7.5AI score0.18064EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2019/10/14 6:29 p.m.1 views

jackson-databind: default typing mishandling leading to remote code execution

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLAS...

9.8CVSS7.4AI score0.01428EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2019/10/14 6:29 p.m.2 views

jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the mysql gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS...

7.5CVSS7.4AI score0.15179EPSS
Exploits2References4
Veracode
Veracodeadded 2019/10/14 5:13 a.m.27 views

Remote Code Execution (RCE)

FasterXML jackson-databind is vulnerable to remote code execution RCE. A polymorphic typing issue allows a remote attacker to execute arbitrary code through the JNDI service due to unsafe deserialization of objects related to the apache-log4j-extra classpath...

9.8CVSS5.7AI score0.0119EPSS
Exploits0References24Affected Software4
NVD
NVDadded 2019/10/12 9:15 p.m.17 views

CVE-2019-17531

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in the classpath, and an...

9.8CVSS9.4AI score0.0119EPSS
Exploits0References19
OSV
OSVadded 2019/10/12 9:15 p.m.26 views

CVE-2019-17531

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in the classpath, and an...

9.8CVSS9.4AI score
Exploits0References19
OSV
OSVadded 2019/10/12 9:15 p.m.1 views

DEBIAN-CVE-2019-17531

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in the classpath, and an...

9.8CVSS8.2AI score0.0119EPSS
Exploits0References1
Prion
Prionadded 2019/10/12 9:15 p.m.22 views

Design/Logic Flaw

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in the classpath, and an...

6.8CVSS9.2AI score0.0119EPSS
Exploits0References19Affected Software20
OSV
OSVadded 2019/10/12 9:15 p.m.0 views

UBUNTU-CVE-2019-17531

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in the classpath, and an...

9.8CVSS7.2AI score0.0119EPSS
Exploits0References6
Cvelist
Cvelistadded 2019/10/12 8:7 p.m.23 views

CVE-2019-17531

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in the classpath, and an...

9.4AI score0.0119EPSS
Exploits0References19
CVE
CVEadded 2019/10/12 8:7 p.m.388 views

CVE-2019-17531

CVE-2019-17531 affects FasterXML jackson-databind 2.0.0–2.9.10; when Default Typing is enabled for an externally exposed JSON endpoint and apache-log4j-extra 1.2.x is on the classpath, an attacker capable of providing a JNDI service can trigger remote code execution. Connected documents corrobora...

9.8CVSS9.2AI score0.0119EPSS
Exploits0References19Affected Software1
RedHat Linux
RedHat Linuxadded 2019/10/10 12:49 p.m.2 views

jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using blaze classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.7AI score0.03461EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2019/10/10 12:49 p.m.2 views

jackson-databind: arbitrary code execution in slf4j-ext class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.7AI score0.14515EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2019/10/10 12:49 p.m.0 views

jackson-databind: improper polymorphic deserialization in openjpa class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the OpenJPA class. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.7AI score0.02435EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2019/10/10 12:49 p.m.1 views

jackson-databind: improper polymorphic deserialization in axis2-transport-jms class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the axis2-transport-jms class. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.7AI score0.06658EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2019/10/10 12:49 p.m.1 views

jackson-databind: improper polymorphic deserialization in jboss-common-core class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the jboss-common-core class. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.7AI score0.04124EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2019/10/10 12:49 p.m.1 views

jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver

A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Oracle JDBC classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...

7.5CVSS8AI score0.04812EPSS
Exploits0References4
Rows per page
Query Builder