Description

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

Remediation

References

CVE-2018-14720

Related Vulnerabilities

Oracle Application Server Other Vulnerability (CVE-2006-5353)

Liferay DXP CVE-2024-25148 Vulnerability (CVE-2024-25148)

Mailman Other Vulnerability (CVE-2003-0992)

WordPress Plugin WP Legal Pages Cross-Site Scripting (1.0.1)

WordPress Plugin Limit Login Attempts Reloaded Cross-Site Scripting (2.15.2)

Severity

Critical

Classification

CVE-2018-14720 CWE-502 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities