FasterXML jackson databind 漏洞列表
共找到 4 个与 FasterXML jackson databind 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2020-9547: FasterXML jackson-databind - Deserialization Remote Code Execution POC
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap). This vulnerability allows attackers to execute arbitrary code through deserialization of untrusted data when polymorphic type handling (@JsonTypeInfo with use=JsonTypeInfo.Id.CLASS) is enabled. -
CVE-2020-9548: FasterXML Jackson Databind <=2.9.10.4 - Remote Code Execution POC
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). -
CVE-2020-9547: FasterXML jackson-databind - Deserialization Remote Code Execution POC
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap). This vulnerability allows attackers to execute arbitrary code through deserialization of untrusted data when polymorphic type handling (@JsonTypeInfo with use=JsonTypeInfo.Id.CLASS) is enabled. -
CVE-2020-9548: FasterXML Jackson Databind <=2.9.10.4 - Remote Code Execution POC
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).