Search Results | AttackerKB

Show filters

Topics 8 Users 9,707

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

8 Total Results

Displaying 1-8 of 8

Attacker Value

Unknown

CVE-2020-36518

Disclosure Date: March 11, 2022 (last updated November 29, 2024)

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2017-7525

Disclosure Date: February 06, 2018 (last updated December 06, 2023)

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2017-7525

Disclosure Date: February 06, 2018 (last updated December 06, 2023)

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2017-7525

Disclosure Date: February 06, 2018 (last updated December 06, 2023)

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2017-7525

Disclosure Date: February 06, 2018 (last updated December 06, 2023)

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2017-7525

Disclosure Date: February 06, 2018 (last updated December 06, 2023)

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2017-7525

Disclosure Date: February 06, 2018 (last updated December 06, 2023)

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2017-7525

Disclosure Date: April 11, 2017 (last updated December 06, 2023)

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

Attack Vector: Network Privileges: None User Interaction: None

0