Lucene search
K

26 matches found

OSV
OSV
added 2020/12/17 7:15 p.m.2 views

UBUNTU-CVE-2020-35491

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource...

8.1CVSS7AI score0.09477EPSS
Exploits1References5
CNNVD
CNNVD
added 2020/12/17 12:0 a.m.6 views

FasterXML jackson-databind code issue vulnerability

FasterXML jackson-databind is a JAVA-based library that can convert data formats such as XML and JSON to JAVA objects. jackson-databind can easily convert Java objects to json objects and xml documents, and likewise convert json, xml to Java objects. A code issue vulnerability exists in versions...

8.1CVSS7AI score0.09477EPSS
Exploits1References21
Positive Technologies
Positive Technologies
added 2020/12/17 12:0 a.m.9 views

PT-2020-6950 · Fasterxml +3 · Jackson-Databind +3

Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions 2.x before 2.9.10.8 Description: The issue is related to the interaction between serialization gadgets and typing, which can lead to the exploitation of the vulnerability. This may allow a remote attacker t...

9.8CVSS7.2AI score0.26587EPSS
Exploits27References216
BDU FSTEC
BDU FSTEC
added 2019/12/22 12:0 a.m.7 views

The vulnerability of the SharedPoolDataSource and PerUserPoolDataSource components of the Jackson-databind library in the FasterXML project allows a malicious actor to gain unauthorized access to information or cause service failures.

The vulnerability of the SharedPoolDataSource and PerUserPoolDataSource components of the Jackson-databind library in the FasterXML project is related to a lack of mechanisms for verifying input data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to information...

9.8CVSS7.1AI score0.05681EPSS
Exploits0References5Affected Software4
OSV
OSV
added 2019/10/01 5:15 p.m.3 views

DEBIAN-CVE-2019-16942

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the commons-dbcp 1.4 jar in the classpath, and an attacker can find a...

9.8CVSS7.5AI score0.05681EPSS
Exploits0References1
OSV
OSV
added 2019/10/01 5:15 p.m.3 views

UBUNTU-CVE-2019-16942

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the commons-dbcp 1.4 jar in the classpath, and an attacker can find a...

9.8CVSS7AI score0.05681EPSS
Exploits0References6
Rows per page
Query Builder