Lucene search
+L

12 matches found

spring
spring
added 2023/01/24 9:0 a.m.21 views

This Week in Spring - SpringOne Essentials 2023 edition - January 24th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! Today is a very day for you see, today we kick off SpringOne Essentials, the online incarnation of SpringOne, online. Well see you live, on stream, in just a few hours!. SpringOne Essentials is going to be amazing, but before...

2.4AI score
Exploits0
veracode
veracode
added 2019/01/15 9:20 a.m.50 views

Remote Code Execution (RCE)

Jackson-databind is vulnerable to remote code execution RCE attacks. Attackers can exploit an incomplete fix of CVE-2017-7525 to bypass the blacklist when Spring libraries are available on the class path. In order to be vulnerable to this attack, either the use of @JsonTypeInfouse =...

9.8CVSS9.5AI score0.49727EPSS
Exploits7References25Affected Software101
osv
osv
added 2018/10/18 5:42 p.m.12 views

GHSA-RFX6-VP9G-RH7V jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...

9.8CVSS7.5AI score0.49727EPSS
Exploits1References34
github
github
added 2018/10/18 5:42 p.m.167 views

jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...

9.8CVSS4AI score0.49727EPSS
Exploits1References34Affected Software1
veracode
veracode
added 2018/01/11 2:20 a.m.52 views

Remote Code Execution (RCE)

Jackson-databind is vulnerable to remote code execution RCE attacks. Attackers can exploit an incomplete fix of CVE-2017-7525 to bypass the blacklist when Spring libraries are available on the class path. In order to be vulnerable to this attack, either the use of @JsonTypeInfouse =...

9.8CVSS9.5AI score0.49727EPSS
Exploits7References25Affected Software3
nvd
nvd
added 2018/01/10 6:29 p.m.35 views

CVE-2017-17485

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...

9.8CVSS9.5AI score0.49727EPSS
Exploits1References24
osv
osv
added 2018/01/10 6:29 p.m.34 views

CVE-2017-17485

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...

9.8CVSS10AI score
Exploits0References24
ubuntucve
ubuntucve
added 2018/01/10 6:29 p.m.57 views

CVE-2017-17485

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...

9.8CVSS7.5AI score0.49727EPSS
Exploits1References2
prion
prion
added 2018/01/10 6:29 p.m.35 views

Design/Logic Flaw

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...

7.5CVSS9.4AI score0.49727EPSS
Exploits7References24Affected Software5
debiancve
debiancve
added 2018/01/10 6:0 p.m.69 views

CVE-2017-17485

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...

9.8CVSS9AI score0.49727EPSS
Exploits1
cvelist
cvelist
added 2018/01/10 6:0 p.m.50 views

CVE-2017-17485

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...

9.6AI score0.49727EPSS
Exploits1References24
cve
cve
added 2018/01/10 6:0 p.m.303 views

CVE-2017-17485

CVE-2017-17485 affects FasterXML jackson-databind: a deserialization flaw that enables unauthenticated remote code execution via readValue when the blacklist is bypassed if Spring libraries are on the classpath. The initial description specifies impact for jackson-databind up to 2.8.10 and 2.9.x ...

9.8CVSS9.5AI score0.49727EPSS
Exploits1References24Affected Software1
Rows per page
Query Builder