cve/CVE-2018-1000873.md at ba3442246e7a77bf0390b3141c9cc692f0e8edea

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 17:22:02 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.

POC

Reference

https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Github

https://github.com/PalindromeLabs/Java-Deserialization-CVEs
https://github.com/ilmari666/cybsec

1.0 KiB Raw Blame History

CVE-2018-1000873

Description

POC

Reference

Github

1.0 KiB

Raw Blame History