Lucene search
K

3 matches found

RedHat Linux
RedHat Linux
added 2019/07/16 4:21 p.m.2 views

jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper. This issue extends upon the previous flaws CVE-2017-7525 and CVE-2017-15095 by blacklisti...

9.8CVSS7.6AI score0.49727EPSS
Exploits3References5
vulnersOsv
vulnersOsv
added 2018/10/18 5:42 p.m.2 views

ai.agnos:reactive-sparql_2.12 (>=0.3.0 <=0.3.1), ai.databand:dbnd-agent (>=0.42.1 <=0.80.6) +5546 more potentially affected by CVE-2017-15095 via com.fasterxml.jackson.core:jackson-databind (>=2.7.0 <=2.7.9.1)

com.fasterxml.jackson.core:jackson-databind MAVEN version =2.7.0, =0.3.0, =0.42.1, =0.42.1, =0.40.2, =0.42.1, =0.2, =0.8.0, =3.3.3, =0.0.1, =0.0.2, =0.0.3 - at.ac.ait.lablink.clients:sync =0.0.1 - at.ac.ait.lablink:core =0.0.1 and more Source cves: CVE-2017-15095 Source advisory:...

9.8CVSS6.8AI score0.08411EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2018/10/18 5:42 p.m.5 views

al.bluecryst:bluecrystal (>=2.3.0 <=2.3.4), al.bluecryst:bluecrystal.deps.service (>=1.5.6 <=1.16.0) +3843 more potentially affected by CVE-2017-15095 via com.fasterxml.jackson.core:jackson-databind (>=2.8.0 <=2.8.10)

com.fasterxml.jackson.core:jackson-databind MAVEN version =2.8.0, =2.3.0, =1.5.6, =4.2.1, =4.4.1, =1.0.0.RELEASE, =2.5.0-beta.0, =3.5.4-rc.0, =3.5.9, =3.5.9, =3.5.15, =3.5.15, =2.5.0-beta.0, =3.5.21 and more Source cves: CVE-2017-15095 Source advisory: OSV:GHSA-H592-38CM-4GGP...

9.8CVSS6.8AI score0.08411EPSS
Exploits2
Rows per page
Query Builder