Page 4 of 32 results (0.002 seconds)

CVSS: 9.8EPSS: 6%CPEs: 31EXPL: 1

CVE-2020-9547 – jackson-databind: Serialization gadgets in ibatis-sqlmap

https://notcve.org/view.php?id=CVE-2020-9547

02 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre la serialización de gadgets y el tipeo, relacionada a com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (también se conoce como ibatis-sqlmap). A flaw was found in jackson-databind ... • https://github.com/fairyming/CVE-2020-9547 • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.8EPSS: 13%CPEs: 46EXPL: 1

CVE-2020-9548 – jackson-databind: Serialization gadgets in anteros-core

https://notcve.org/view.php?id=CVE-2020-9548

02 Mar 2020 — FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre la serialización de gadgets y el tipeo, relacionada a br.com.anteros.dbcp.AnterosDBCPConfig (también se conoce como anteros-core). A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the... • https://github.com/fairyming/CVE-2020-9548 • CWE-502: Deserialization of Untrusted Data •