CVE-2020-24750
- EPSS 1.61%
- Veröffentlicht 17.09.2020 19:15:13
- Zuletzt bearbeitet 21.11.2024 05:16:00
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
CVE-2020-24616
- EPSS 2.68%
- Veröffentlicht 25.08.2020 18:15:11
- Zuletzt bearbeitet 21.11.2024 05:15:09
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
CVE-2020-5413
- EPSS 2.18%
- Veröffentlicht 31.07.2020 20:15:13
- Zuletzt bearbeitet 21.11.2024 05:34:07
Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" ...
CVE-2020-8203
- EPSS 3.28%
- Veröffentlicht 15.07.2020 17:15:11
- Zuletzt bearbeitet 21.11.2024 05:38:29
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
CVE-2019-12399
- EPSS 1.62%
- Veröffentlicht 14.01.2020 15:15:12
- Zuletzt bearbeitet 21.11.2024 04:22:45
When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring...
CVE-2019-0228
- EPSS 13.42%
- Veröffentlicht 17.04.2019 15:29:00
- Zuletzt bearbeitet 21.11.2024 04:16:32
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.