Описание
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | 2.9.8-1 |
| cosmic | ignored | end of life |
| devel | released | 2.9.8-1 |
| disco | released | 2.9.8-1 |
| eoan | released | 2.9.8-1 |
| esm-apps/bionic | not-affected | 2.9.8-1 |
| esm-apps/focal | released | 2.9.8-1 |
| esm-apps/jammy | released | 2.9.8-1 |
| esm-apps/noble | released | 2.9.8-1 |
| esm-apps/xenial | released | 2.4.2-3ubuntu0.1~esm2 |
Показывать по
Ссылки на источники
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to h ...
Deserialization of Untrusted Data in jackson-databind due to polymorphic deserialization
Уязвимость функции FasterXML Java-библиотеки для грамматического разбора JSON файлов jackson-databind, позволяющая нарушителю оказать воздействие на целостность данных, получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
7.5 High
CVSS2
9.8 Critical
CVSS3