CVE-2020-10673
- EPSS 7.96%
- Veröffentlicht 18.03.2020 22:15:12
- Zuletzt bearbeitet 21.11.2024 04:55:49
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
CVE-2020-9281
- EPSS 4.33%
- Veröffentlicht 07.03.2020 01:15:15
- Zuletzt bearbeitet 21.11.2024 05:40:20
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
CVE-2020-9547
- EPSS 18.67%
- Veröffentlicht 02.03.2020 04:15:11
- Zuletzt bearbeitet 21.11.2024 05:40:50
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
CVE-2020-9548
- EPSS 18.35%
- Veröffentlicht 02.03.2020 04:15:11
- Zuletzt bearbeitet 21.11.2024 05:40:50
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
CVE-2020-9546
- EPSS 4.61%
- Veröffentlicht 02.03.2020 04:15:10
- Zuletzt bearbeitet 29.04.2026 20:24:13
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
CVE-2019-20330
- EPSS 8.64%
- Veröffentlicht 03.01.2020 04:15:12
- Zuletzt bearbeitet 21.11.2024 04:38:16
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
CVE-2019-17195
- EPSS 11.03%
- Veröffentlicht 15.10.2019 14:15:12
- Zuletzt bearbeitet 21.11.2024 04:31:50
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
CVE-2019-17531
- EPSS 5.33%
- Veröffentlicht 12.10.2019 21:15:08
- Zuletzt bearbeitet 21.11.2024 04:32:27
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-ext...
CVE-2019-16942
- EPSS 5.68%
- Veröffentlicht 01.10.2019 17:15:10
- Zuletzt bearbeitet 21.11.2024 04:31:23
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1....
CVE-2019-16943
- EPSS 4.86%
- Veröffentlicht 01.10.2019 17:15:10
- Zuletzt bearbeitet 21.11.2024 04:31:23
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) ja...