Описание
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| cosmic | ignored | end of life |
| devel | released | 2.9.8-1 |
| disco | released | 2.9.8-1 |
| eoan | released | 2.9.8-1 |
| esm-apps/bionic | needed | |
| esm-apps/focal | released | 2.9.8-1 |
| esm-apps/jammy | released | 2.9.8-1 |
| esm-apps/noble | released | 2.9.8-1 |
| esm-apps/xenial | released | 2.4.2-3ubuntu0.1~esm2 |
Показывать по
Ссылки на источники
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to h ...
com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data
Уязвимость функции FasterXML Java-библиотеки для грамматического разбора JSON файлов jackson-databind, позволяющая нарушителю оказать воздействие на целостность данных, получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
7.5 High
CVSS2
9.8 Critical
CVSS3