Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:8102
HistoryJan 03, 2019 - 1:18 a.m.

Deserialisation Of Untrusted Data

2019-01-0301:18:22
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14

EPSS

0.005

Percentile

76.7%

jackson-databind can deserialize untrusted data. The vulnerability exists as the SubtypeValidator blacklist did not deny the axis2-transport-jms class from polymorphic deserialization, allowing issues such as remote code execution (RCE) to exist.

References