CVE-2018-12023
CVE-2018-12023
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://access.redhat.com/errata/RHBA-2019:0959https://access.redhat.com/errata/RHSA-2019:0782https://access.redhat.com/errata/RHSA-2019:0877https://access.redhat.com/errata/RHSA-2019:1106https://access.redhat.com/errata/RHSA-2019:1107https://access.redhat.com/errata/RHSA-2019:1108https://access.redhat.com/errata/RHSA-2019:1140https://access.redhat.com/errata/RHSA-2019:1782https://access.redhat.com/errata/RHSA-2019:1797https://access.redhat.com/errata/RHSA-2019:1822https://access.redhat.com/errata/RHSA-2019:1823https://access.redhat.com/errata/RHSA-2019:2804