26 matches found
UBUNTU-CVE-2020-35491
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource...
FasterXML jackson-databind code issue vulnerability
FasterXML jackson-databind is a JAVA-based library that can convert data formats such as XML and JSON to JAVA objects. jackson-databind can easily convert Java objects to json objects and xml documents, and likewise convert json, xml to Java objects. A code issue vulnerability exists in versions...
PT-2020-6950 · Fasterxml +3 · Jackson-Databind +3
Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions 2.x before 2.9.10.8 Description: The issue is related to the interaction between serialization gadgets and typing, which can lead to the exploitation of the vulnerability. This may allow a remote attacker t...
The vulnerability of the SharedPoolDataSource and PerUserPoolDataSource components of the Jackson-databind library in the FasterXML project allows a malicious actor to gain unauthorized access to information or cause service failures.
The vulnerability of the SharedPoolDataSource and PerUserPoolDataSource components of the Jackson-databind library in the FasterXML project is related to a lack of mechanisms for verifying input data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to information...
DEBIAN-CVE-2019-16942
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the commons-dbcp 1.4 jar in the classpath, and an attacker can find a...
UBUNTU-CVE-2019-16942
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the commons-dbcp 1.4 jar in the classpath, and an attacker can find a...