Tag
cve-2019-12384
Safeguard articles tagged "cve-2019-12384" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Vulnerability Analysis
Jackson-databind Polymorphic Deserialization Gadget (CVE-2019-12384) Explained
CVE-2019-12384 chained a logback gadget with H2's RUNSCRIPT to turn default typing into code execution. Here's the mechanism, the classpath caveat, and how to fix it for good.
Jul 3, 20265 min read
Vulnerability Analysis
Jackson-databind gadget chain RCE (CVE-2019-12384)
CVE-2019-12384 lets attacker-controlled JSON trigger a jackson-databind gadget chain via Logback, turning polymorphic deserialization into remote code execution.
Dec 25, 20258 min read
Vulnerability Analysis
CVE-2019-12384: Polymorphic deserialization gadget in Jac...
CVE-2019-12384 is a Jackson-databind polymorphic deserialization gadget flaw via Ehcache's transaction manager class, patched in 2.9.9.1.
Sep 30, 20257 min read