CVE-2018-12022
- EPSS 2.93%
- Published 21.03.2019 16:00:12
- Last modified 21.11.2024 03:44:25
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in ...
CVE-2018-12023
- EPSS 4.9%
- Published 21.03.2019 16:00:12
- Last modified 21.11.2024 03:44:26
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provid...
CVE-2018-19360
- EPSS 6.78%
- Published 02.01.2019 18:29:00
- Last modified 21.11.2024 03:57:48
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
CVE-2018-19361
- EPSS 4.06%
- Published 02.01.2019 18:29:00
- Last modified 21.11.2024 03:57:48
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
CVE-2018-19362
- EPSS 6.78%
- Published 02.01.2019 18:29:00
- Last modified 21.11.2024 03:57:48
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.