14 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-36179
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...
Linux Distros Unpatched Vulnerability : CVE-2020-36189
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...
SUSE CVE-2019-16335
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540...
SUSE CVE-2019-17267
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup...
PT-2021-3160
Name of the Vulnerable Software and Affected Versions FasterXML jackson-databind versions 2.x before 2.9.10.8 FasterXML jackson-databind versions 2.6.7.5 and earlier Description The issue is related to the interaction between serialization gadgets and typing, specifically with...
PT-2021-3161
Name of the Vulnerable Software and Affected Versions FasterXML jackson-databind versions 2.x before 2.9.10.8 FasterXML jackson-databind versions 2.6.7.5 and earlier Description The issue is related to the interaction between serialization gadgets and typing, specifically with the...
jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider
A flaw was found in jackson-databind 2.x prior to version 2.9.10.4. The interaction between serialization gadgets and typing is mishandled in the bus-proxy. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider
A flaw was found in jackson-databind 2.x prior to version 2.9.10.4. The interaction between serialization gadgets and typing is mishandled in the bus-proxy. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
jackson-databind: Serialization gadgets in shaded-hikari-config
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
CVE-2019-12814
A new polymorphic typing flaw was discovered in FasterXML jackson-databind, versions 2.x through 2.9.9. With default typing enabled, an attacker can send a specifically crafted JSON message to the server that allows them to read arbitrary local files. Mitigation This vulnerability relies on jdom...
jackson-databind: default typing mishandling leading to remote code execution
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLAS...
jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.
A new polymorphic typing flaw was discovered in FasterXML jackson-databind, versions 2.x through 2.9.9. With default typing enabled, an attacker can send a specifically crafted JSON message to the server that allows them to read arbitrary local files...
PT-2019-3866 · Fasterxml +3 · Jackson-Databind +3
Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions 2.x through 2.9.9 Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind. When Default Typing is enabled for an externally exposed JSON endpoint and the service has JDOM 1.x or...