JSON Deserialization Vulnerability

Table of Contents

Premise

In this video walkthrough, we covered a vulnerability in Jackson library that uses JSON Deserialization and used ‘Time‘ machine from Hackthebox for demo purposes.

CVE Description

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.

Source: https://nvd.nist.gov/vuln/detail/CVE-2019-12384

Get OSCP Certificate Notes

Skills Learned

JSON

Video Walkthrough

CTF Writeups, CVE, HackTheBox, JSON

Show Comments

MasterMind Study Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles

JSON Deserialization Vulnerability – HackTheBox Time – CVE-2019-12384 Jackson RCE

CVE Description

Leave a Reply Cancel reply

MasterMind Study Notes

About the Author

Press ESC to close

JSON Deserialization Vulnerability – HackTheBox Time – CVE-2019-12384 Jackson RCE

CVE Description

Leave a Reply Cancel reply

MasterMind Study Notes

About the Author

Share Article:

You might also like

OffSec Proving Grounds: Crane Walkthrough | OSCP Prep

HackTheBox Spookypass Challenge Writeup

HackTheBox Permx Writeup