Download
| Alert*
oval:org.secpod.oval:def:505067
The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: * A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending malicio ... oval:org.secpod.oval:def:504924 The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: * A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the mal ... oval:org.secpod.oval:def:113994 General data-binding functionality for Jackson: works on core streaming API. oval:org.secpod.oval:def:113995 General data-binding functionality for Jackson: works on core streaming API. oval:org.secpod.oval:def:603273 It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input. oval:org.secpod.oval:def:53254 It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input. oval:org.secpod.oval:def:1901058 FasterXML libjackson2-databind-java through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, ... oval:org.secpod.oval:def:50606 FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing ... |