Astra Linux - уязвимость в libjackson-json-java

A deserialization flaw was discovered in the Jackson-Databind library in versions prior to 2.8.10 and 2.9.1. This flaw could allow an unauthenticated user to execute arbitrary code by sending maliciously crafted input to the readValue method of the ObjectMapper class. This issue extends the...

Astra Linux - уязвимость в libjackson-json-java

A deserialization flaw was discovered in the Jackson-Databind library, in versions prior to 2.6.7.1, 2.7.9.1, and 2.8.9. This flaw could allow an unauthenticated user to execute arbitrary code by sending maliciously crafted input to the readValue method of the ObjectMapper...

EUVD-2025-20245

Malicious code in bioql PyPI...

Mescius ActiveReports.NET 代码问题漏洞

Mescius ActiveReports.NET is a .NET reporting tool from Mescius Japan. A code issue vulnerability exists in Mescius ActiveReports.NET that stems from the ReadValue method not properly validating user-supplied data, which could lead to deserialization attacks and remote code execution...

SUSE CVE-2017-7525

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...

SUSE CVE-2017-15095

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw...

CVE-2017-15095

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes...

CVE-2018-5968

A deserialization flaw was discovered in the jackson-databind that could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaws CVE-2017-7525 and CVE-2017-17485 by...

jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the mysql gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS...

jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper. This issue extends upon the previous flaws CVE-2017-7525 and CVE-2017-15095 by blacklisti...

jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper. This issue extends upon the previous flaws CVE-2017-7525 and CVE-2017-15095 by blacklisti...

GHSA-RFX6-VP9G-RH7V jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...

GHSA-H592-38CM-4GGP jackson-databind vulnerable to deserialization flaw leading to unauthenticated remote code execution

jackson-databind in versions prior to 2.8.11 and 2.9.4 contain a deserialization flaw which allows an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525, blacklisting...

GHSA-CGGJ-FVV3-CQWV FasterXML jackson-databind allows unauthenticated remote code execution

FasterXML jackson-databind before before 2.6.7.5, 2.7.x before 2.7.9.3, 2.8.x before 2.8.11.1, and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input...

jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485)

A deserialization flaw was discovered in the jackson-databind that could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaws CVE-2017-7525 and CVE-2017-17485 by...

jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes...

jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper. This issue extends upon the previous flaws CVE-2017-7525 and CVE-2017-15095 by blacklisti...

jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper. This issue extends upon the previous flaws CVE-2017-7525 and CVE-2017-15095 by blacklisti...

jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes...

jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper. This issue extends upon the previous flaws CVE-2017-7525 and CVE-2017-15095 by blacklisti...