SUSE CVE-2018-14718

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization...

ch.qos.logback:logback-examples (>=1.3.0-alpha0 <=1.3.0-alpha4) potentially affected by CVE-2018-8088 via org.slf4j:slf4j-ext (>=1.8.0-beta0 <=1.8.0-beta1)

org.slf4j:slf4j-ext MAVEN version =1.8.0-beta0, =1.3.0-alpha0, =1.3.0-alpha4 Source cves: CVE-2018-8088 Source advisory: OSV:GHSA-W77P-8CFG-2X43...

jackson-databind: arbitrary code execution in slf4j-ext class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code...

jackson-databind: arbitrary code execution in slf4j-ext class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code...

jackson-databind: arbitrary code execution in slf4j-ext class

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code...

The vulnerability of the Jackson-databind library arises from the lack of class protection for slf4j-ext, which allows attackers to execute arbitrary code.

The vulnerability of the Jackson-databind library arises from the lack of protection for the slf4j-ext class against polymorphic deserialization. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Access Restriction Bypass

slf4j-ext is vulnerable to remote code execution RCE through access restriction bypass. Attackers can use data passed to the EventData class in order to bypass intended access restrictions, causing a deserialization vulnerability...

GHSA-645P-88QH-W398 Arbitrary Code Execution in jackson-databind

FasterXML jackson-databind 2.x before 2.9.7, 2.8.11.3, 2.7.9.5, and 2.6.7.3 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization...

Deserialization of untrusted data

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization...

CVE-2018-14718

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization...

UBUNTU-CVE-2018-14718

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization...

CVE-2018-14718

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization...

Access Restriction Bypass

slf4j-ext is vulnerable to remote code execution RCE through access restriction bypass. Attackers can use data passed to the EventData class in order to bypass intended access restrictions, causing a deserialization vulnerability...