Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-08 | CVE-2020-11630 | Deserialization of Untrusted Data vulnerability in Primekey Ejbca An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. | 9.8 |
| 2020-04-07 | CVE-2020-11620 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). | 8.1 |
| 2020-04-07 | CVE-2020-11619 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). | 8.1 |
| 2020-04-01 | CVE-2019-17564 | Deserialization of Untrusted Data vulnerability in Apache Dubbo Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. | 9.8 |
| 2020-04-01 | CVE-2020-11467 | Deserialization of Untrusted Data vulnerability in Deskpro An issue was discovered in Deskpro before 2019.8.0. | 7.2 |
| 2020-03-31 | CVE-2019-2391 | Deserialization of Untrusted Data vulnerability in Mongodb Js-Bson Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. | 5.4 |
| 2020-03-31 | CVE-2020-11113 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). | 8.8 |
| 2020-03-31 | CVE-2020-11112 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). | 8.8 |
| 2020-03-31 | CVE-2020-11111 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). | 8.8 |
| 2020-03-30 | CVE-2020-7610 | Deserialization of Untrusted Data vulnerability in Mongodb Bson All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. | 9.8 |