In this video walkthrough, we covered a vulnerability in Jackson library that uses JSON Deserialization and used ‘Time‘ machine from Hackthebox for demo purposes.

CVE Description

FasterXML jackson-databind 2.x before might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.


Obtenga notas del certificado OSCP

Skills Learned


Tutorial en vídeo

Acerca del Autor

Instructor de Ciberseguridad y Nadador

Ver Artículos