Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/06/23 9:24 p.m.7 views

jackson-databind has @JsonView bypass for setterless creator properties

Summary In BeanDeserializer.deserializeUsingPropertyBased, the active-view @JsonView filter was applied only to creator properties; the regular property-buffering branch performed no prop.visibleInViewactiveView check. A change making SetterlessProperty.isMerging return true routed setterless...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References6Affected Software2
CNVD
CNVD
added 2016/12/19 12:0 a.m.3 views

IBM Tivoli Storage Productivity Center Security Bypass Vulnerability

IBM Tivoli Storage Productivity Center is a suite of storage resource management software from IBM in the United States. A security vulnerability exists in IBM Tivoli Storage Productivity Center versions 5.2.0 through 5.2.7.1. An attacker could exploit the vulnerability to change restricted...

3.5CVSS6.7AI score0.00491EPSS
Exploits0References1
PyPA
PyPA
added 2008/03/24 10:44 p.m.6 views

PYSEC-2008-10

The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the 1 list, 2 display, and 3 set methods...

6.4CVSS6.9AI score0.01743EPSS
Exploits0References15Affected Software1
Prion
Prion
added 2008/03/24 10:44 p.m.14 views

Design/Logic Flaw

The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the 1 list, 2 display, and 3 set methods...

6.4CVSS6.8AI score0.01743EPSS
Exploits0References14Affected Software1
Rows per page
Query Builder