jackson-databind: improper polymorphic deserialization in openjpa class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the OpenJPA class. An attacker could use this flaw to execute arbitrary code...

jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver

A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Oracle JDBC classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...

jackson-databind: improper polymorphic deserialization in axis2-transport-jms class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the axis2-transport-jms class. An attacker could use this flaw to execute arbitrary code...

jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver

A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Oracle JDBC classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...

jackson-databind: improper polymorphic deserialization in openjpa class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the OpenJPA class. An attacker could use this flaw to execute arbitrary code...

jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using blaze classes. An attacker could use this flaw to execute arbitrary code...

jackson-databind: improper polymorphic deserialization in jboss-common-core class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the jboss-common-core class. An attacker could use this flaw to execute arbitrary code...

jackson-databind: improper polymorphic deserialization in axis2-transport-jms class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the axis2-transport-jms class. An attacker could use this flaw to execute arbitrary code...

jackson-databind: arbitrary code execution in slf4j-ext class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code...

CVE-2019-12384

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible...

CVE-2019-12384

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible...

Deserialization of untrusted data

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible...

CVE-2019-12384

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible...

CVE-2019-12384

CVE-2019-12384 affects FasterXML jackson-databind 2.x (pre-2.9.9.1) where failure to block logback-core in polymorphic deserialization can enable remote code execution depending on classpath contents. The Connected IBM documents corroborate broader jet deserialization gadget vulnerabilities in ja...

CVE-2019-12384

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible...

Debian DLA-1831-1 : jackson-databind security update

More Polymorphic Typing issues were discovered in jackson-databind. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x or logback-core jar in the classpath, an attacker can send a specifically craft...

Debian: Security Advisory (DLA-1831-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-12814

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specificall...

CVE-2019-12814

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specificall...

UBUNTU-CVE-2019-12814

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specificall...