Premise

In this video walkthrough, we covered a vulnerability in Jackson library that uses JSON Deserialization and used ‘Time‘ machine from Hackthebox for demo purposes.

CVE Description

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.

Source: https://nvd.nist.gov/vuln/detail/CVE-2019-12384

Get OSCP Certificate Notes

Skills Learned

JSON

Video Walkthrough

About the Author

Cybersecurity Trainer MS in Cybersecurity Expertise in Healthcare and Finance Industries Penetration tester and compliance auditor

View Articles