Show filters
43 Total Results
Displaying 11-20 of 43
Sort by:
Attacker Value
Unknown
CVE-2020-36187
Disclosure Date: January 06, 2021 (last updated November 28, 2024)
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
0
Attacker Value
Unknown
CVE-2020-36185
Disclosure Date: January 06, 2021 (last updated November 28, 2024)
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
0
Attacker Value
Unknown
CVE-2020-36189
Disclosure Date: January 06, 2021 (last updated November 28, 2024)
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
0
Attacker Value
Unknown
CVE-2020-36181
Disclosure Date: January 06, 2021 (last updated July 03, 2024)
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
0
Attacker Value
Unknown
CVE-2020-36188
Disclosure Date: January 06, 2021 (last updated November 28, 2024)
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
0
Attacker Value
Unknown
CVE-2020-36186
Disclosure Date: January 06, 2021 (last updated November 28, 2024)
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
0
Attacker Value
Unknown
CVE-2020-36184
Disclosure Date: January 06, 2021 (last updated July 03, 2024)
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
0
Attacker Value
Unknown
CVE-2020-35728
Disclosure Date: December 27, 2020 (last updated November 08, 2023)
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
0
Attacker Value
Unknown
CVE-2020-35491
Disclosure Date: December 17, 2020 (last updated November 28, 2024)
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
0
Attacker Value
Unknown
CVE-2020-5421
Disclosure Date: September 17, 2020 (last updated November 08, 2023)
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
0
