|Max CVSS||7.5||Min CVSS||5.0||Total Count||3|
|ID||CVSS||Summary||Last (major) update||Published|
A deserialization flaw was discovered in the jackson-databind, versions before 18.104.22.168, 22.214.171.124 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the Obj
|06-02-2018 - 10:29||06-02-2018 - 10:29|
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request
|06-06-2017 - 10:29||06-06-2017 - 10:29|
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
|24-04-2017 - 20:32||17-04-2017 - 17:59|