Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:20298
HistoryMay 21, 2019 - 2:21 a.m.

Remote Code Execution (RCE) Through Deserialization

2019-05-2102:21:56
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14

EPSS

0.004

Percentile

74.1%

jackson-databind is vulnerable to remote code execution (RCE) attacks. This is due to a polymorphic typing issue when Default Typing is enabled. An attacker can craft a malicious JSON to invoke com.mysql.cj.jdbc.admin.MiniAdmin class, allowing the attacker to host a MySQL server or read arbitrary local files on the server.

References