Description

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

Remediation

References

CVE-2018-14720

Related Vulnerabilities

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Cross-Site Scripting (2.8.4)

Jboss EAP Improper Authentication Vulnerability (CVE-2020-14299)

MySQL CVE-2013-3795 Vulnerability (CVE-2013-3795)

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Cross-Site Scripting (3.0.15)

Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-20417)

Severity

Critical

Classification

CVE-2018-14720 CWE-502 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities