Tag
polymorphic-typing
Safeguard articles tagged "polymorphic-typing" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Vulnerability Analysis
Jackson-databind polymorphic deserialization RCE (CVE-2017-15095)
A critical jackson-databind deserialization vulnerability (CVE-2017-15095) lets unauthenticated attackers achieve RCE via HikariCP gadget classes.
Dec 25, 20257 min read
Vulnerability Analysis
Jackson-databind gadget chain RCE (CVE-2019-12384)
CVE-2019-12384 lets attacker-controlled JSON trigger a jackson-databind gadget chain via Logback, turning polymorphic deserialization into remote code execution.
Dec 25, 20258 min read