An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.13009.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Fasterxml
  • Jackson-databind
Oracle
  • Clusterware
  • Communications Instant Messaging Server
  • Global Lifecycle Management Opatch
  • Retail Customer Management And Segmentation Foundation
  • Utilities Advanced Spatial And Operational Analytics
Redhat
  • Enterprise Linux
  • Jboss Bpms
  • Jboss Data Grid
  • Jboss Data Virtualization
  • Jboss Enterprise Application Platform
  • Jboss Enterprise Brms Platform
  • Jboss Fuse
  • Jboss Single Sign On
  • Openshift
  • Openshift Application Runtimes
  • Openshift Container Platform
  • Rhel Software Collections

Configuration 1 [-]

OR cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:a:oracle:clusterware:12.1.0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_advanced_spatial_and_operational_analytics:2.7.0.1:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Data Grid
jackson-databind cpe:/a:redhat:jboss_data_grid:7.3 RHSA-2019:4037 2019-12-02T00:00:00Z
Red Hat Fuse 6.3
jackson-databind cpe:/a:redhat:jboss_fuse:6.3 RHSA-2019:2804 2019-09-17T00:00:00Z
Red Hat Fuse 7.5.0
jackson-databind cpe:/a:redhat:jboss_fuse:7 RHSA-2019:3892 2019-11-14T00:00:00Z
Red Hat Fuse Intergration Services 2.0 based on Fuse 6.3 R13
jackson-databind cpe:/a:redhat:jboss_fuse:6.3 RHSA-2019:3002 2019-10-10T00:00:00Z
Red Hat JBoss BPMS 7.4
jackson-databind cpe:/a:redhat:jboss_bpms:7.4 RHSA-2019:1823 2019-07-22T00:00:00Z
Red Hat JBoss BRMS 7.4
jackson-databind cpe:/a:redhat:jboss_enterprise_brms_platform:7.4 RHSA-2019:1822 2019-07-22T00:00:00Z
Red Hat JBoss Data Virtualization 6.4.8
jackson-databind cpe:/a:redhat:jboss_data_virtualization:6.4 RHSA-2019:3140 2019-10-17T00:00:00Z
Red Hat JBoss EAP 7.2
jackson-databind cpe:/a:redhat:jboss_enterprise_application_platform:7.2 RHSA-2019:1106 2019-05-08T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6
eap7-activemq-artemis-0:2.6.3-5.redhat_00020.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-apache-commons-lang-0:3.8.0-1.redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-apache-cxf-0:3.2.7-1.redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-apache-cxf-xjc-utils-0:3.2.3-2.redhat_00002.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-artemis-native-0:2.6.3-15.redhat_00020.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-byte-buddy-0:1.9.5-1.redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-dom4j-0:2.1.1-2.redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-elytron-web-0:1.2.4-1.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-hibernate-0:5.3.9-2.Final_redhat_00002.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-httpcomponents-asyncclient-0:4.1.4-1.redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-infinispan-0:9.3.6-1.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-ironjacamar-0:1.4.15-1.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-jackson-annotations-0:2.9.8-2.redhat_00004.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-jackson-core-0:2.9.8-2.redhat_00004.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-jackson-databind-0:2.9.8-2.redhat_00004.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-jackson-jaxrs-providers-0:2.9.8-2.redhat_00004.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-jackson-modules-base-0:2.9.8-1.redhat_00004.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-jackson-modules-java8-0:2.9.8-1.redhat_00004.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-jberet-0:1.3.2-1.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-jboss-ejb-client-0:4.0.15-1.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-jboss-el-api_3.0_spec-0:1.0.13-2.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-jboss-genericjms-0:2.0.1-2.Final_redhat_00002.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-jboss-logmanager-0:2.1.7-3.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-jboss-remoting-jmx-0:3.0.1-1.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-jboss-security-negotiation-0:3.0.5-2.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-jboss-server-migration-0:1.3.0-7.Final_redhat_00004.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-narayana-0:5.9.1-1.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-picketlink-bindings-0:2.5.5-16.SP12_redhat_4.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-picketlink-federation-0:2.5.5-16.SP12_redhat_4.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-resteasy-0:3.6.1-4.SP3_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-sun-istack-commons-0:3.0.7-2.redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-undertow-0:2.0.19-1.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-undertow-jastow-0:2.0.7-2.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-wildfly-0:7.2.1-6.GA_redhat_00004.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-wildfly-elytron-0:1.6.2-1.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-wildfly-elytron-tool-0:1.4.1-1.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-wildfly-http-client-0:1.0.13-1.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-wildfly-transaction-client-0:1.1.3-1.Final_redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
eap7-yasson-0:1.0.2-1.redhat_00001.1.el6eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6 RHSA-2019:1107 2019-05-08T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7
eap7-activemq-artemis-0:2.6.3-5.redhat_00020.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-apache-commons-lang-0:3.8.0-1.redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-apache-cxf-0:3.2.7-1.redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-apache-cxf-xjc-utils-0:3.2.3-2.redhat_00002.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-artemis-native-0:2.6.3-15.redhat_00020.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-byte-buddy-0:1.9.5-1.redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-dom4j-0:2.1.1-2.redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-elytron-web-0:1.2.4-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-hibernate-0:5.3.9-2.Final_redhat_00002.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-httpcomponents-asyncclient-0:4.1.4-1.redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-infinispan-0:9.3.6-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-ironjacamar-0:1.4.15-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-jackson-annotations-0:2.9.8-2.redhat_00004.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-jackson-core-0:2.9.8-2.redhat_00004.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-jackson-databind-0:2.9.8-2.redhat_00004.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-jackson-jaxrs-providers-0:2.9.8-2.redhat_00004.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-jackson-modules-base-0:2.9.8-1.redhat_00004.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-jackson-modules-java8-0:2.9.8-1.redhat_00004.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-jberet-0:1.3.2-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-jboss-ejb-client-0:4.0.15-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-jboss-el-api_3.0_spec-0:1.0.13-2.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-jboss-genericjms-0:2.0.1-2.Final_redhat_00002.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-jboss-logmanager-0:2.1.7-3.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-jboss-remoting-jmx-0:3.0.1-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-jboss-security-negotiation-0:3.0.5-2.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-jboss-server-migration-0:1.3.0-7.Final_redhat_00004.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-narayana-0:5.9.1-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-picketlink-bindings-0:2.5.5-16.SP12_redhat_4.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-picketlink-federation-0:2.5.5-16.SP12_redhat_4.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-resteasy-0:3.6.1-4.SP3_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-sun-istack-commons-0:3.0.7-2.redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-undertow-0:2.0.19-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-undertow-jastow-0:2.0.7-2.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-wildfly-0:7.2.1-6.GA_redhat_00004.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-wildfly-elytron-0:1.6.2-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-wildfly-elytron-tool-0:1.4.1-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-wildfly-http-client-0:1.0.13-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-wildfly-transaction-client-0:1.1.3-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
eap7-yasson-0:1.0.2-1.redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7 RHSA-2019:1108 2019-05-08T00:00:00Z
Red Hat OpenShift Container Platform 3.11
openshift3/ose-logging-elasticsearch5:v3.11.153-2 cpe:/a:redhat:openshift:3.11::el7 RHSA-2019:3149 2019-10-18T00:00:00Z
Red Hat OpenShift Container Platform 4.1
openshift4/ose-logging-elasticsearch5:v4.1.18-201909201915 cpe:/a:redhat:openshift:4.1::el7 RHSA-2019:2858 2019-09-27T00:00:00Z
Red Hat Single Sign-On 7.3.1 zip
jackson-databind cpe:/a:redhat:jboss_single_sign_on:7.3 RHSA-2019:1140 2019-05-09T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7
rh-maven35-jackson-databind-0:2.7.6-2.5.el7 cpe:/a:redhat:rhel_software_collections:3::el7 RHSA-2019:0782 2019-04-17T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS
rh-maven35-jackson-databind-0:2.7.6-2.5.el7 cpe:/a:redhat:rhel_software_collections:3::el7 RHSA-2019:0782 2019-04-17T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
rh-maven35-jackson-databind-0:2.7.6-2.5.el7 cpe:/a:redhat:rhel_software_collections:3::el7 RHSA-2019:0782 2019-04-17T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS
rh-maven35-jackson-databind-0:2.7.6-2.5.el7 cpe:/a:redhat:rhel_software_collections:3::el7 RHSA-2019:0782 2019-04-17T00:00:00Z
Text-Only RHOAR
cpe:/a:redhat:openshift_application_runtimes:1.0 RHSA-2019:0877 2019-04-24T00:00:00Z

No data.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-1703-1 jackson-databind security update
Debian DSA Debian DSA DSA-4452-1 jackson-databind security update
Github GHSA Github GHSA GHSA-qr7j-h6gg-jmgc Deserialization of Untrusted Data in jackson-databind
Ubuntu USN Ubuntu USN USN-4813-1 Jackson Databind vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://access.redhat.com/errata/RHSA-2019:0782 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1822 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1823 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:2804 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:2858 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3002 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3140 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3149 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3892 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:4037 cve-icon cve-icon
https://github.com/FasterXML/jackson-databind/issues/2032 cve-icon cve-icon
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d%40%3Cissues.lucene.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E cve-icon cve-icon
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2017-7525 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2018-11307 cve-icon
https://www.cve.org/CVERecord?id=CVE-2018-11307 cve-icon
https://www.oracle.com/security-alerts/cpuapr2020.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujan2020.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuoct2020.html cve-icon cve-icon
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T08:01:52.866Z

Reserved: 2018-05-18T00:00:00

Link: CVE-2018-11307

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-07-09T16:15:12.807

Modified: 2024-11-21T03:43:06.380

Link: CVE-2018-11307

cve-icon Redhat

Severity : Important

Publid Date: 2018-05-10T00:00:00Z

Links: CVE-2018-11307 - Bugzilla

cve-icon OpenCVE Enrichment

No data.