5 matches found
CVE-2017-15095
Summary of CVE-2017-15095 and related sightings : The material consistently reports a deserialization flaw in jackson-databind, affecting versions prior to 2.8.10 and 2.9.1. An unauthenticated user could trigger code execution via ObjectMapper.readValue with malicious input. The issue is describe...
CVE-2018-1000873
CVE-2018-1000873 : A CWE-20 DoS vulnerability in Fasterxml Jackson, specifically in jackson-modules-java8 prior to 2.9.8, allows an attacker to trigger denial of service by deserializing malicious input (notably very large values in the nanoseconds field of a time value). The issue is fixed in 2....
CVE-2018-11307
CVE-2018-11307 concerns a deserialization issue in FasterXML Jackson-databind from 2.0.0 to 2.9.5 that enables content exfiltration when using Jackson default typing with an iBatis gadget class. Affected: jackson-databind components in these versions. Impact: potential exposure of serialized cont...
CVE-2018-14719
CVE-2018-14719 involves FasterXML Jackson Databind 2.x up to but before 2.9.7. The root cause is failure to block polymorphic deserialization of certain gadgets (blaze-ds-opt/blaze-ds-core), enabling remote code execution if the gadget classes can be reached. The IBM bulletin references Jackson D...
CVE-2019-2860
The CVE-2019-2860 issue affects Oracle Clusterware via the Trace File Analyzer (TFA) Collector in Oracle Support Tools, with affected version 12.1.0.2.0. The vulnerability allows an unauthenticated, network-accessible attacker (no user interaction) to perform unauthorized updates, inserts or dele...