CVE-2020-35728
- EPSS 39.67%
- Veröffentlicht 27.12.2020 05:15:11
- Zuletzt bearbeitet 27.08.2025 21:15:36
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.js...
CVE-2020-35491
- EPSS 8.06%
- Veröffentlicht 17.12.2020 19:15:14
- Zuletzt bearbeitet 21.11.2024 05:27:24
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
CVE-2019-10219
- EPSS 1.67%
- Veröffentlicht 08.11.2019 15:15:11
- Zuletzt bearbeitet 07.07.2025 14:15:21
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
CVE-2017-7525
- EPSS 77.34%
- Veröffentlicht 06.02.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:32:04
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the Obj...