Lucene search
K

17 matches found

RedHat Linux
RedHat Linux
added 2025/02/24 12:8 a.m.6 views

jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS7.1AI score0.02959EPSS
Exploits0References4
OSV
OSV
added 2022/12/26 8:15 p.m.2 views

DEBIAN-CVE-2020-10650

A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and...

8.1CVSS8.2AI score0.03301EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2022/07/15 7:41 p.m.46 views

jackson-databind vulnerable to unsafe deserialization

The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class ignite-jta...

8.1CVSS7.8AI score0.03301EPSS
Exploits1References11Affected Software1
OSV
OSV
added 2022/07/15 7:41 p.m.3 views

GHSA-RPR3-CW39-3PXH jackson-databind vulnerable to unsafe deserialization

The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class ignite-jta...

8.1CVSS6.9AI score0.03301EPSS
Exploits1References11
RedHat Linux
RedHat Linux
added 2020/10/27 12:58 p.m.4 views

jackson-databind: Serialization gadgets in shaded-hikari-config

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS7.1AI score0.04613EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/10/27 12:58 p.m.7 views

jackson-databind: Serialization gadgets in javax.swing.JEditorPane

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality...

8.8CVSS7.1AI score0.03473EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/09/07 12:58 p.m.2 views

jackson-databind: Serialization gadgets in shaded-hikari-config

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS7.1AI score0.04613EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/08/17 1:28 p.m.3 views

jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS7.1AI score0.07963EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/08/17 1:25 p.m.2 views

jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS7.1AI score0.07963EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/29 6:21 a.m.5 views

jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS7.1AI score0.07963EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/29 6:21 a.m.4 views

jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS7.1AI score0.03489EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/07/29 6:6 a.m.3 views

jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS7.1AI score0.02959EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/02 1:21 p.m.5 views

jackson-databind: Serialization gadgets in shaded-hikari-config

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS7.1AI score0.04613EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/05/28 3:58 p.m.10 views

jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS7.1AI score0.03489EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/04/21 12:35 p.m.3 views

jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

8.8CVSS7.1AI score0.03489EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2020/04/09 7:34 a.m.29 views

CVE-2020-11112

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions a...

8.8CVSS3.6AI score0.03583EPSS
Exploits0References4
CNVD
CNVD
added 2020/03/04 12:0 a.m.1 views

Unspecified vulnerability in FasterXML jackson-databind

FasterXML Jackson is a U.S. FasterXML company for Java data processing tools . jackson-databind is one of the components with data binding capabilities . A security vulnerability exists in FasterXML jackson-databind version 2.x prior to 2.9.10.4. No details of the vulnerability are provided at th...

9.8CVSS9AI score0.04613EPSS
Exploits0References1
Rows per page
Query Builder