Show filters
205 Total Results
Displaying 181-190 of 205
Sort by:
Attacker Value
Unknown
CVE-2018-7489
Disclosure Date: February 26, 2018 (last updated November 08, 2023)
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.
0
Attacker Value
Unknown
CVE-2017-7525
Disclosure Date: February 06, 2018 (last updated December 06, 2023)
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
0
Attacker Value
Unknown
CVE-2017-7525
Disclosure Date: February 06, 2018 (last updated December 06, 2023)
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
0
Attacker Value
Unknown
CVE-2017-7525
Disclosure Date: February 06, 2018 (last updated December 06, 2023)
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
0
Attacker Value
Unknown
CVE-2017-7525
Disclosure Date: February 06, 2018 (last updated December 06, 2023)
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
0
Attacker Value
Unknown
CVE-2017-7525
Disclosure Date: February 06, 2018 (last updated December 06, 2023)
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
0
Attacker Value
Unknown
CVE-2017-7525
Disclosure Date: February 06, 2018 (last updated December 06, 2023)
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
0
Attacker Value
Unknown
CVE-2017-15095
Disclosure Date: February 06, 2018 (last updated November 08, 2023)
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.
0
Attacker Value
Unknown
CVE-2017-7525
Disclosure Date: April 11, 2017 (last updated December 06, 2023)
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
0
Attacker Value
Unknown
CVE-2016-3081
Disclosure Date: April 26, 2016 (last updated November 25, 2024)
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
0