8 matches found
jackson-databind: arbitrary code execution in slf4j-ext class
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code...
jackson-databind: arbitrary code execution in slf4j-ext class
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code...
jackson-databind: arbitrary code execution in slf4j-ext class
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code...
jackson-databind: arbitrary code execution in slf4j-ext class
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code...
jackson-databind: arbitrary code execution in slf4j-ext class
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code...
FasterXML jackson-databind arbitrary code execution vulnerability (CNVD-2019-15941)
FasterXML Jackson is a U.S. FasterXML company for Java data processing tools . Jackson-databind is one of the components with data binding capabilities . An arbitrary code execution vulnerability exists in FasterXML Jackson-databind version 2.x prior to 2.9.7. The vulnerability stems from the...
DEBIAN-CVE-2018-14718
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization...
UBUNTU-CVE-2018-8088
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series...