Show filters
37 Total Results
Displaying 1-10 of 37
Sort by:
Attacker Value
Unknown
CVE-2020-36518
Disclosure Date: March 11, 2022 (last updated November 29, 2024)
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
0
Attacker Value
Unknown
CVE-2022-23437
Disclosure Date: January 24, 2022 (last updated November 28, 2024)
There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.
0
Attacker Value
Unknown
CVE-2020-11620
Disclosure Date: April 07, 2020 (last updated November 08, 2023)
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).
0
Attacker Value
Unknown
CVE-2020-11619
Disclosure Date: April 07, 2020 (last updated November 08, 2023)
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
0
Attacker Value
Unknown
CVE-2020-11112
Disclosure Date: March 31, 2020 (last updated November 08, 2023)
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
0
Attacker Value
Unknown
CVE-2020-11111
Disclosure Date: March 31, 2020 (last updated November 08, 2023)
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
0
Attacker Value
Unknown
CVE-2020-11113
Disclosure Date: March 31, 2020 (last updated November 08, 2023)
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
0
Attacker Value
Unknown
CVE-2020-10969
Disclosure Date: March 26, 2020 (last updated November 08, 2023)
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
0
Attacker Value
Unknown
CVE-2020-10968
Disclosure Date: March 26, 2020 (last updated November 08, 2023)
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
0
Attacker Value
Unknown
CVE-2020-10672
Disclosure Date: March 18, 2020 (last updated November 08, 2023)
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
0
