-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Findings for High #55
Comments
Finding [138476485|https://app.armorcode.com/#/findings/185/656/138476485] status changed from Open to Confirmed |
Finding [138476520|https://app.armorcode.com/#/findings/185/656/138476520] status changed from False Positive to Confirmed |
Finding [138476495|https://app.armorcode.com/#/findings/185/656/138476495] status changed from Open to Confirmed |
Finding [138476471|https://app.armorcode.com/#/findings/185/656/138476471] status changed from Open to Confirmed |
Finding [138476487|https://app.armorcode.com/#/findings/185/656/138476487] status changed from Open to Confirmed |
Finding [138476494|https://app.armorcode.com/#/findings/185/656/138476494] status changed from Open to Confirmed |
Finding [138476513|https://app.armorcode.com/#/findings/185/656/138476513] status changed from Open to Confirmed |
Finding [138476489|https://app.armorcode.com/#/findings/185/656/138476489] status changed from Open to Confirmed |
Finding [138476483|https://app.armorcode.com/#/findings/185/656/138476483] status changed from Open to Confirmed |
Finding [138476481|https://app.armorcode.com/#/findings/185/656/138476481] status changed from Open to Confirmed |
Finding [138476480|https://app.armorcode.com/#/findings/185/656/138476480] status changed from Open to Confirmed |
Finding [138476512|https://app.armorcode.com/#/findings/185/656/138476512] status changed from Open to Confirmed |
Finding [138476484|https://app.armorcode.com/#/findings/185/656/138476484] status changed from Open to Confirmed |
Finding [151109666|https://app.armorcode.com/#/findings/185/656/151109666] status changed from Open to Confirmed |
Finding [138476510|https://app.armorcode.com/#/findings/185/656/138476510] status changed from Open to Confirmed |
Finding [138476488|https://app.armorcode.com/#/findings/185/656/138476488] status changed from Open to Confirmed |
Finding [138476490|https://app.armorcode.com/#/findings/185/656/138476490] status changed from Open to Confirmed |
Finding [138476482|https://app.armorcode.com/#/findings/185/656/138476482] status changed from Open to Confirmed |
Finding [138476493|https://app.armorcode.com/#/findings/185/656/138476493] status changed from Open to Confirmed |
Finding [138476517|https://app.armorcode.com/#/findings/185/656/138476517] status changed from Open to Confirmed |
Finding [138476516|https://app.armorcode.com/#/findings/185/656/138476516] status changed from Open to Confirmed |
Finding [138476511|https://app.armorcode.com/#/findings/185/656/138476511] status changed from Open to Confirmed |
Finding [138476474|https://app.armorcode.com/#/findings/185/656/138476474] status changed from Open to Confirmed |
Finding [138476492|https://app.armorcode.com/#/findings/185/656/138476492] status changed from Open to Confirmed |
Finding [138476486|https://app.armorcode.com/#/findings/185/656/138476486] status changed from Open to Confirmed |
Finding [138476505|https://app.armorcode.com/#/findings/185/656/138476505] status changed from Open to Confirmed |
Finding [138476491|https://app.armorcode.com/#/findings/185/656/138476491] status changed from Open to Confirmed |
Finding [138476478|https://app.armorcode.com/#/findings/185/656/138476478] status changed from Open to Confirmed |
Findings for High
In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
References:
BeanDeserializer._deserializeFromArray()
to prevent use of deeply nested arrays [CVE-2022-42004] FasterXML/jackson-databind#3582A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.
References:
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
References:
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
References:
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
References:
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
References:
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3.
Affected packages
Only the
org.apache.logging.log4j:log4j-core
package is directly affected by this vulnerability. Theorg.apache.logging.log4j:log4j-api
should be kept at the same version as theorg.apache.logging.log4j:log4j-core
package to ensure compatability if in use.References:
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
References:
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
References:
A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
References:
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.
References:
jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.
References:
UntypedObjectDeserializer
wrt recursion [CVE-2020-36518] FasterXML/jackson-databind#2816FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
References:
In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0.
References:
UNWRAP_SINGLE_VALUE_ARRAYS
[CVE-2022-42003] FasterXML/jackson-databind#3590An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.
References:
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
References:
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
References:
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
References:
DOMDeserializer
: setExpandEntityReferences(false) may not prevent external entity expansion in all cases [CVE-2020-25649] FasterXML/jackson-databind#2589FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
References:
The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class
ignite-jta
.References:
FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
References:
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
References:
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar to CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.
References:
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
References:
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
References:
This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
References:
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
References:
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.
References:
The text was updated successfully, but these errors were encountered: