CVE-2019-12814 (debian_linux, jackson-databind)

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.

View Full Alert

Related Posts

  • CVE-2003-0367 (debian_linux, gzip)

    znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.

  • CVE-2019-12749 (dbus, ubuntu_linux)

    dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie…

  • CVE-2019-9673 (freenet)

    Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI.