dawetmaster

165 exploits Active since Aug 2013
CVE-2020-9546 NOMISEC CRITICAL WORKING POC
jackson-databind 2.7.0-2.7.9.6 - Deserialization of Untrusted Data via HikariConfig Gadget
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
CVSS 9.8
CVE-2020-9547 NOMISEC CRITICAL
jackson-databind 2.0.0-2.7.9.7 - Deserialization of Untrusted Data via com.ibatis.sqlmap Gadget
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
CVSS 9.8
CVE-2020-9548 NOMISEC CRITICAL WORKING POC
jackson-databind 2.0.0-2.7.9.7 - Deserialization of Untrusted Data via anteros-core Gadget
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
CVSS 9.8
CVE-2021-20190 NOMISEC HIGH WORKING POC
jackson-databind < 2.9.10.7 - Deserialization of Untrusted Data
A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 8.1
CVE-2021-21363 NOMISEC MEDIUM WORKING POC
swagger-codegen < 2.4.19 - Local Privilege Escalation via Temporary Directory Race Condition
swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. This vulnerability is local privilege escalation because the contents of the `outputFolder` can be appended to by an attacker. As such, code written to this directory, when executed can be attacker controlled. For more details refer to the referenced GitHub Security Advisory. This vulnerability is fixed in version 2.4.19. Note this is a distinct vulnerability from CVE-2021-21364.
CVSS 5.3
CVE-2021-21364 NOMISEC MEDIUM WORKING POC
swagger-codegen < 2.4.19 - Insecure Temporary File Permissions
swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix-Like systems, the system temporary directory is shared between all local users. When files/directories are created, the default `umask` settings for the process are respected. As a result, by default, most processes/apis will create files/directories with the permissions `-rw-r--r--` and `drwxr-xr-x` respectively, unless an API that explicitly sets safe file permissions is used. Because this vulnerability impacts generated code, the generated code will remain vulnerable until fixed manually! This vulnerability is fixed in version 2.4.19. Note this is a distinct vulnerability from CVE-2021-21363.
CVSS 5.3
CVE-2021-31684 NOMISEC HIGH WRITEUP
json-smart-v1 1.3-1.3.2 and 2.4-2.4.3 - Denial of Service via JSONParserByteArray indexOf Function
A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.
CVSS 7.5
CVE-2021-35515 NOMISEC HIGH STUB
Apache Commons Compress 1.6-1.19 - Denial of Service via Crafted 7Z Archive
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
CVSS 7.5
CVE-2021-35516 NOMISEC HIGH STUB
Apache Commons Compress 1.6-1.19 - Denial of Service via Malicious 7Z Archive
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
CVSS 7.5
CVE-2021-35517 NOMISEC HIGH WORKING POC
Apache Commons Compress 1.1-1.19 - Denial of Service via Malicious TAR Archive
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.
CVSS 7.5
CVE-2021-36090 NOMISEC HIGH STUB
Apache Commons Compress 1.0-1.20 - Denial of Service via Malicious ZIP Archive
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.
CVSS 7.5
CVE-2021-41269 NOMISEC CRITICAL WRITEUP
cron-utils < 9.1.6 - Unauthenticated Remote Code Execution via Java EL Expression Injection
cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. In affected versions A template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. Versions up to 9.1.2 are susceptible to this vulnerability. Please note, that only projects using the @Cron annotation to validate untrusted Cron expressions are affected. The issue was patched and a new version was released. Please upgrade to version 9.1.6. There are no known workarounds known.
CVSS 10.0
CVE-2021-43859 NOMISEC HIGH STUB
XStream <1.4.19 - DoS
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.
CVSS 7.5
CVE-2022-23457 NOMISEC HIGH STUB
OWASP Enterprise Security API < 2.3.0.0 - Path Traversal via Validator.getValidDirectoryPath
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire string representing the 'input' path. This vulnerability is patched in release 2.3.0.0 of ESAPI. As a workaround, it is possible to write one's own implementation of the Validator interface. However, maintainers do not recommend this.
CVSS 7.5
CVE-2022-29599 NOMISEC CRITICAL STUB
Apache Maven maven-shared-utils <3.3.3 - Command Injection
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
CVSS 9.8