Vulnerabilities
Vulnerable Software
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.
CVSS Score
7.5
EPSS Score
0.056
Published
2020-03-02
There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
CVSS Score
6.1
EPSS Score
0.021
Published
2020-01-02
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
CVSS Score
7.1
EPSS Score
0.014
Published
2020-01-02


Contact Us

Shodan ® - All rights reserved