Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:13328
HistoryFeb 11, 2019 - 3:25 a.m.

Remote Code Execution

2019-02-1103:25:34
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
16

EPSS

0.008

Percentile

81.3%

jackson-databind is vulnerable to remote code execution. The vulnerability exists because it does not restrict the data sources for the Jodd-db object type, leading to deserialisation of arbitrary data from external untrusted sources which would allow an attacker to execute arbitrary code.

References