Download
| Alert*
|
oval:org.secpod.oval:def:504799
The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: * A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the mal ... oval:org.secpod.oval:def:504924 The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: * A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the mal ... oval:org.secpod.oval:def:70388 libjackson-json-java: Suite of data-processing tools for Java Jackson could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:113994 General data-binding functionality for Jackson: works on core streaming API. oval:org.secpod.oval:def:113995 General data-binding functionality for Jackson: works on core streaming API. oval:org.secpod.oval:def:603177 It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing: following DSA-4004-1 for CVE-2017-7525, an additional set of classes was identified as unsafe for deserialization. oval:org.secpod.oval:def:113412 General data-binding functionality for Jackson: works on core streaming API. oval:org.secpod.oval:def:53189 It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, improperly validated user input prior to deserializing: following DSA-4004-1 for CVE-2017-7525, an additional set of classes was identified as unsafe for deserialization. oval:org.secpod.oval:def:1901541 A deserialization flaw was discovered in the libjackson2-databind-java in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw C ... oval:org.secpod.oval:def:113561 General data-binding functionality for Jackson: works on core streaming API. oval:org.secpod.oval:def:705903 libjackson-json-java: Suite of data-processing tools for Java Jackson could be made to crash if it opened a specially crafted file. |
