Skip to content

CVE-2018-11307 @ Maven-com.fasterxml.jackson.core:jackson-databind-2.6.7.1 #111

New issue
New issue
Open
Open
CVE-2018-11307 @ Maven-com.fasterxml.jackson.core:jackson-databind-2.6.7.1#111
Labels
CheckmarxCxSCAbranch:main
@scott-cx

Description

@scott-cx
scott-cx
opened on Aug 1, 2022

Vulnerable Package issue exists @ Maven-com.fasterxml.jackson.core:jackson-databind-2.6.7.1 in branch main

A vulnerability was found in FasterXML jackson-databind before versions 2.6.7.3, 2.7.9.4, 2.8.11.2, 2.9.6. A new potential gadget type from MyBatis has been reported, and may allow content exfiltration (remote access by sending contents over ftp) when untrusted content is deserialized with default typing enabled.

Namespace: scott-cx
Repository: edgemere
Repository Url: https://github.com/scott-cx/edgemere
CxAST-Project: scott-cx/edgemere
CxAST platform scan: 45abb8d9-377e-427c-92f9-26a15742bad7
Branch: main
Application: edgemere
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-502

Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: HIGH
Availability impact: HIGH
Remediation Upgrade Recommendation: 2.6.7.5

References
Issue
Commit
Advisory
Release Note
Release Note
Release Note

Metadata

Metadata

Assignees

No one assigned

    Labels

    CheckmarxCxSCAbranch:main

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions