exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2017-15095

около 8 лет назад

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.

CVSS3: 9.8

EPSS: Низкий

CVE-2017-15095

больше 8 лет назад

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.

CVSS3: 8.1

EPSS: Низкий

CVE-2017-15095

около 8 лет назад

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.

CVSS3: 9.8

EPSS: Низкий

CVE-2017-15095

около 8 лет назад

A deserialization flaw was discovered in the jackson-databind in versi ...

CVSS3: 9.8

EPSS: Низкий

GHSA-h592-38cm-4ggp

больше 7 лет назад

jackson-databind vulnerable to deserialization flaw leading to unauthenticated remote code execution

CVSS3: 9.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2017-15095 A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.	CVSS3: 9.8	9% Низкий	около 8 лет назад
CVE-2017-15095 A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.	CVSS3: 8.1	9% Низкий	больше 8 лет назад
CVE-2017-15095 A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.	CVSS3: 9.8	9% Низкий	около 8 лет назад
CVE-2017-15095 A deserialization flaw was discovered in the jackson-databind in versi ...	CVSS3: 9.8	9% Низкий	около 8 лет назад
GHSA-h592-38cm-4ggp jackson-databind vulnerable to deserialization flaw leading to unauthenticated remote code execution	CVSS3: 9.8	9% Низкий	больше 7 лет назад

Уязвимостей на страницу