A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApache Geode
APPApache1.12.0Fasterxml Jackson Databind
APPFasterxml2.7.0 – 2.8.11.5 (bez)2.9.0 – 2.9.10 (bez)2.0.0 – 2.6.7.3 (bez)Red Hat Decision Manager
APPRedhat7.0Red Hat Jboss Data Grid
APPRedhat7.0.0Red Hat Jboss Enterprise Application Platform
APPRedhat7.0Red Hat Jboss Fuse
APPRedhat7.0.0Red Hat OpenShift Container Platform
APPRedhat4.3Red Hat Process Automation
APPRedhat7.0
Powiązane podatności
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache To...
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. A...
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/...
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main...
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.13...