cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2019-14893,https://securityvulnerability.io/vulnerability/CVE-2019-14893,Polymorphic Deserialization Flaw in FasterXML Jackson Databind,"A security vulnerability exists in FasterXML's jackson-databind that allows for the polymorphic deserialization of malicious objects. This flaw can be exploited when the ObjectMapper is set up with methods such as `enableDefaultTyping()` or when using the @JsonTypeInfo annotations with `Id.CLASS` or `Id.MINIMAL_CLASS`. Attackers can leverage this weakness to instantiate arbitrary objects from unsafe sources, leading to the potential execution of malicious code in impacted applications.",Red Hat,Jackson-databind,7.5,HIGH,0.021309999749064445,false,,false,false,false,,,false,false,,2020-03-02T20:11:32.000Z,0
CVE-2019-14892,https://securityvulnerability.io/vulnerability/CVE-2019-14892,Polymorphic Deserialization Vulnerability in Jackson Databind,"A vulnerability exists in Jackson Databind versions prior to 2.9.10, 2.8.11.5, and 2.6.7.3, which allows for polymorphic deserialization of untrusted data. This flaw can be exploited using commons-configuration JNDI classes, potentially enabling an attacker to dynamically execute arbitrary code on the affected system. Proper validation of incoming data and restrictive deserialization practices are crucial for mitigating this risk.",Red Hat,Jackson-databind,7.5,HIGH,0.0033100000582635403,false,,false,false,false,,,false,false,,2020-03-02T16:28:40.000Z,0