CVE-2020-24750
- EPSS 2.11%
- Published 17.09.2020 19:15:13
- Last modified 21.11.2024 05:16:00
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
CVE-2020-24616
- EPSS 3.78%
- Published 25.08.2020 18:15:11
- Last modified 21.11.2024 05:15:09
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
CVE-2020-5413
- EPSS 2.18%
- Published 31.07.2020 20:15:13
- Last modified 21.11.2024 05:34:07
Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" ...
CVE-2020-8203
- EPSS 2.44%
- Published 15.07.2020 17:15:11
- Last modified 21.11.2024 05:38:29
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
CVE-2019-12399
- EPSS 3.16%
- Published 14.01.2020 15:15:12
- Last modified 21.11.2024 04:22:45
When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring...
CVE-2019-0228
- EPSS 7.84%
- Published 17.04.2019 15:29:00
- Last modified 21.11.2024 04:16:32
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.