CVE-2018-11307
- EPSS 13.01%
- Veröffentlicht 09.07.2019 16:15:12
- Zuletzt bearbeitet 21.11.2024 03:43:06
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.
CVE-2018-1320
- EPSS 0.11%
- Veröffentlicht 07.01.2019 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:37
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed co...
CVE-2018-14719
- EPSS 2.65%
- Veröffentlicht 02.01.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:49:40
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
CVE-2018-14718
- EPSS 14.75%
- Veröffentlicht 02.01.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:49:39
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
CVE-2018-1000873
- EPSS 2.55%
- Veröffentlicht 20.12.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:40:32
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious...