Java serialisation - The gift that keeps on taking (Part 3)

By Steve Poole on July 02, 2022 Cybersecurity

7 minute read time

Part 3 of our issues with Java serialisation shares a deep dive into gadget chains and denial of service attacks.
Read More...

Nexus Intelligence Insights Sonatype-2017-0312: jackson-databind, The End of the Blacklist

By Elisa Velarde on October 10, 2019 vulnerabilities

4 minute read time

Our October Nexus Intelligence Insight takes a second look at a popular component that's both a blessing and a curse to developers - jackson-databind.
Read More...

Nexus Intelligence Insights - CVE-2018-14721 - jackson-databind remote code execution

By Elisa Velarde on May 31, 2019 vulnerabilities

4 minute read time

We're demystifying the jackson-databind and block polymorphic deserialization (CVE-2018-14721), which is vulnerable to Remote Code Execution.
Read More...

A Struts2 Vulnerability Hurricane: Deserialization

By Derek Weeks on September 06, 2017 Struts

3 minute read time

Attackers are widely exploiting a new vulnerability in Apache Struts2 that allows them to remotely execute malicious code on web servers.
Read More...