CVE-2020-1714
- EPSS 2.15%
- Veröffentlicht 13.05.2020 19:15:11
- Zuletzt bearbeitet 21.11.2024 05:11:13
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privi...
CVE-2019-14892
- EPSS 0.87%
- Veröffentlicht 02.03.2020 17:15:17
- Zuletzt bearbeitet 21.11.2024 04:27:37
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to ex...
CVE-2019-14862
- EPSS 0.23%
- Veröffentlicht 02.01.2020 15:15:12
- Zuletzt bearbeitet 21.11.2024 04:27:31
There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
CVE-2019-14863
- EPSS 0.1%
- Veröffentlicht 02.01.2020 15:15:12
- Zuletzt bearbeitet 20.11.2025 18:00:14
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.