CVE-2017-7525
- EPSS 79.65%
- Veröffentlicht 06.02.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:32:04
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the Obj...
CVE-2018-5968
- EPSS 2.31%
- Veröffentlicht 22.01.2018 04:29:00
- Zuletzt bearbeitet 21.11.2024 04:09:46
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets ...
CVE-2017-17485
- EPSS 79.79%
- Veröffentlicht 10.01.2018 18:29:01
- Zuletzt bearbeitet 27.08.2025 21:15:33
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to t...
CVE-2015-8103
- EPSS 90.82%
- Veröffentlicht 25.11.2015 20:59:19
- Zuletzt bearbeitet 12.04.2025 10:46:40
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the ...