Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

default typing gadget works in latest 2.10 #2394

Closed
stevenseeley opened this issue Jul 27, 2019 · 2 comments
Closed

default typing gadget works in latest 2.10 #2394

stevenseeley opened this issue Jul 27, 2019 · 2 comments
Labels
duplicate Duplicate of an existing (usually earlier) issue
Milestone
2.9.9.2

Comments

@stevenseeley
Copy link

Hey, buddy.

I found a new gadget can be used to exploit jackson which can cause RCE. I have sent the report to [email protected].
@cowtowncoder
Copy link
Member

cowtowncoder commented Jul 28, 2019
edited
Loading

Thank you. I have received the message referenced, will evaluate.

@cowtowncoder cowtowncoder added ACTIVE CVE Issues related to public CVEs (security vuln reports) labels Jul 28, 2019
@cowtowncoder
Copy link
Member

I think this is same as #2389 which was just reported few days ago, and fix included in 2.9.9.2 (and will be in 2.10.0.rc2 / 2.10.0).

@cowtowncoder cowtowncoder added duplicate Duplicate of an existing (usually earlier) issue and removed ACTIVE labels Jul 28, 2019
@cowtowncoder cowtowncoder added this to the 2.9.9.2 milestone Jul 28, 2019
@cowtowncoder cowtowncoder removed the CVE Issues related to public CVEs (security vuln reports) label Sep 12, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
duplicate Duplicate of an existing (usually earlier) issue
Projects
None yet
Milestone
2.9.9.2
Development

No branches or pull requests
2 participants
@cowtowncoder @stevenseeley