Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Moderate

CVE-2022-22963

Disclosure Date: April 01, 2022 (last updated October 07, 2023)
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
5
1
Attacker Value
Unknown

CVE-2020-24750

Disclosure Date: September 17, 2020 (last updated November 28, 2024)
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-24616

Disclosure Date: August 25, 2020 (last updated November 08, 2023)
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-8203

Disclosure Date: July 15, 2020 (last updated January 21, 2024)
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0