CVEs-PoC/2018/CVE-2018-11307.md at 71b0cee710ed54e668d68c977dc8a01eece35241

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-27 14:32:30 +02:00

Files

T

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.

POC

Reference

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/Anonymous-Phunter/PHunter
https://github.com/CGCL-codes/PHunter
https://github.com/OWASP/www-project-ide-vulscanner
https://github.com/ilmari666/cybsec
https://github.com/seal-community/patches
https://github.com/yahoo/cubed

1.1 KiB Raw Blame History

CVE-2018-11307

Description

POC

Reference

Github

1.1 KiB

Raw Blame History