A deserialization flaw exists in jackson-databind up to and including 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fasterxml jackson-databind |
||
oracle retail merchandising system 15.0 |
||
oracle retail sales audit 14.1 |