Lucene search
K

12 matches found

Github Security Blog
Github Security Blog
added 2022/05/24 4:57 p.m.67 views

Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl

A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist...

9.8CVSS3.1AI score0.49727EPSS
Exploits3References19Affected Software1
OSV
OSV
added 2022/05/24 4:57 p.m.6 views

GHSA-C27H-MCMW-48HV Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl

A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist...

9.8CVSS7.2AI score0.05175EPSS
Exploits0References18
RedHat Linux
RedHat Linux
added 2020/12/16 12:11 p.m.4 views

codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities

A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist...

9.8CVSS7.2AI score0.49727EPSS
Exploits10References4
Debian
Debian
added 2020/12/15 12:12 p.m.30 views

[SECURITY] [DSA 4811-1] libxstream-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4811-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 15, 2020 https://www.debian.org/security/faq -...

9.3CVSS8.5AI score0.85001EPSS
Exploits7
RedhatCVE
RedhatCVE
added 2019/10/12 2:27 a.m.99 views

CVE-2019-10202

A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist...

9.8CVSS2.7AI score0.49727EPSS
Exploits10References3
NVD
NVD
added 2019/10/01 3:15 p.m.39 views

CVE-2019-10202

A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist...

9.8CVSS8.9AI score0.05175EPSS
Exploits0References9
OSV
OSV
added 2019/10/01 3:15 p.m.3 views

CVE-2019-10202

A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist...

9.8CVSS6.8AI score0.05175EPSS
Exploits0References9
Prion
Prion
added 2019/10/01 3:15 p.m.43 views

Deserialization of untrusted data

A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist...

7.5CVSS8.8AI score0.49727EPSS
Exploits10References9Affected Software1
Cvelist
Cvelist
added 2019/10/01 2:22 p.m.33 views

CVE-2019-10202

A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist...

8.1CVSS9.1AI score0.05175EPSS
Exploits0References9
CVE
CVE
added 2019/10/01 2:22 p.m.495 views

CVE-2019-10202

Connected sources describe Jackson Databind deserialization flaws linked to CVEs around 2017–2019, notably CVE-2017-7525, CVE-2017-15095, CVE-2018-7489, CVE-2019-10172. The issues enable unauthenticated deserialization that can lead to remote code execution via ObjectMapper.readValue in affected ...

9.8CVSS8.9AI score0.05175EPSS
Exploits0References9Affected Software1
Veracode
Veracode
added 2017/12/01 7:13 a.m.11 views

Cross-Site Scripting (XSS)

sentry is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to the usage of a blacklist approach instead of a whitelist approach. It is possible for an adversary to create links which can cause JavaScript code to be executed...

6.2AI score
Exploits0
0day.today
0day.today
added 2015/02/18 12:0 a.m.46 views

jQuery jui_filter_rules PHP Code Execution Vulnerability

The jQuery juifilterrules parsing library suffers from an arbitrary php remote code execution vulnerability. PHP Code Execution in juifilterrules Parsing Library ====================================================== Researcher: Timo Schmid Description =========== juifilterrules1 is a jQuery plug...

8.1AI score
Exploits0
Rows per page
Query Builder