Table of Contents

Premise

In this video walkthrough, we covered a vulnerability in Jackson library that uses JSON Deserialization and used ‘Time‘ machine from Hackthebox for demo purposes.

CVE Description

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.

Source: https://nvd.nist.gov/vuln/detail/CVE-2019-12384

Get OSCP Certificate Notes

Skills Learned

JSON

Video Walkthrough

CTF Writeups, CVE, HackTheBox Walkthrough, JSON

Show Comments

The MasterMinds Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles

JSON Deserialization Vulnerability – HackTheBox Time – CVE-2019-12384 Jackson RCE

CVE Description

Leave a Reply Cancel reply

The MasterMinds Notes

About the Author

Other stories

Soft and Hard Links in Linux Explained – Red Hat Linux Enterprise Training

Understanding Conditional Statements in Assembly – TryHackMe Advent of Cyber

Press ESC to close

JSON Deserialization Vulnerability – HackTheBox Time – CVE-2019-12384 Jackson RCE

CVE Description

Leave a Reply Cancel reply

The MasterMinds Notes

About the Author

Share Article:

You might also like

Chrome Extensions Can Hack You | Cyber Defenders FakeGPT Walkthrough

How to Use Nmap | TryHackMe Nmap: The Basics

TryHackMe Networking Secure Protocols Writeup

Other stories

Soft and Hard Links in Linux Explained – Red Hat Linux Enterprise Training

Understanding Conditional Statements in Assembly – TryHackMe Advent of Cyber