Jackson-databind

Jackson-databind Remote Code Execution Vulnerability Technical Analysis

August 7, 2019

  1. Vulnerability Overview

On June 21, Red Hat officially released a security bulletin to announce the fix for a vulnerability in jackson-dababind. This vulnerability with a CVSS score of 8.1 affects multiple Red Hat products and a sophisticated exploit using this vulnerability is observed in the wild. On July 22, a security researcher named Andrea Brancaleoni published an article to analyze this vulnerability. (more…)

Jackson-databind Remote Code Execution Vulnerability (CVE-2019-12384) Threat Alert

August 6, 2019

Overview

Recently, a security researcher discovered a vulnerability (CVE-2019-12384) in jackson-databind, noting that when certain conditions are met, an attacker, via a malicious request, could bypass the blacklist restriction and remotely execute code in an affected server during deserialization. (more…)