2 matches found
Authorization Bypass
jenkins is vulnerable to authorization bypass. The vulnerability allows users permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator...
jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the mysql gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS...