{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-20T21:14:57.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html"}, {"name": "[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957%40%3Cissues.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1%40%3Cissues.zookeeper.apache.org%3E"}, {"name": "[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731%40%3Cdev.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f%40%3Cissues.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3%40%3Cissues.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c%40%3Cissues.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560%40%3Cissues.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209%40%3Cissues.zookeeper.apache.org%3E"}, {"name": "[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd%40%3Ccommits.accumulo.apache.org%3E"}, {"name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E"}, {"name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"}, {"name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E"}, {"name": "FEDORA-2019-99ff6aa32c", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"}, {"name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E"}, {"name": "FEDORA-2019-ae6a703b8f", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"}, {"name": "FEDORA-2019-fb23eccc03", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"}, {"name": "RHSA-2019:2858", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2858"}, {"name": "RHSA-2019:2937", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2937"}, {"name": "RHSA-2019:2935", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2935"}, {"name": "RHSA-2019:2936", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2936"}, {"name": "RHSA-2019:2938", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2938"}, {"name": "[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E"}, {"name": "RHSA-2019:3044", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3044"}, {"name": "RHSA-2019:3045", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3045"}, {"name": "RHSA-2019:3050", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3050"}, {"name": "RHSA-2019:3046", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3046"}, {"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"}, {"name": "RHSA-2019:3149", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3149"}, {"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"}, {"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"}, {"name": "RHSA-2019:3200", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3200"}, {"name": "RHSA-2019:3292", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3292"}, {"name": "RHSA-2019:3297", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3297"}, {"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"}, {"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/FasterXML/jackson-databind/issues/2341"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190625-0006/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-12814", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html"}, {"name": "[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0@%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957@%3Cissues.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1@%3Cissues.zookeeper.apache.org%3E"}, {"name": "[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731@%3Cdev.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324@%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682@%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4@%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f@%3Cissues.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2@%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87@%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3@%3Cissues.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c@%3Cissues.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560@%3Cissues.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209@%3Cissues.zookeeper.apache.org%3E"}, {"name": "[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd@%3Ccommits.accumulo.apache.org%3E"}, {"name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E"}, {"name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E"}, {"name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E"}, {"name": "FEDORA-2019-99ff6aa32c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"}, {"name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E"}, {"name": "FEDORA-2019-ae6a703b8f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"}, {"name": "FEDORA-2019-fb23eccc03", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"}, {"name": "RHSA-2019:2858", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2858"}, {"name": "RHSA-2019:2937", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2937"}, {"name": "RHSA-2019:2935", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2935"}, {"name": "RHSA-2019:2936", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2936"}, {"name": "RHSA-2019:2938", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2938"}, {"name": "[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E"}, {"name": "RHSA-2019:3044", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3044"}, {"name": "RHSA-2019:3045", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3045"}, {"name": "RHSA-2019:3050", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3050"}, {"name": "RHSA-2019:3046", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3046"}, {"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"}, {"name": "RHSA-2019:3149", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3149"}, {"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"}, {"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"}, {"name": "RHSA-2019:3200", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3200"}, {"name": "RHSA-2019:3292", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3292"}, {"name": "RHSA-2019:3297", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3297"}, {"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"}, {"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"}, {"name": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"name": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"name": "https://github.com/FasterXML/jackson-databind/issues/2341", "refsource": "CONFIRM", "url": "https://github.com/FasterXML/jackson-databind/issues/2341"}, {"name": "https://security.netapp.com/advisory/ntap-20190625-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190625-0006/"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:32:55.182Z"}, "title": "CVE Program Container", "references": [{"name": "[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html"}, {"name": "[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957%40%3Cissues.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1%40%3Cissues.zookeeper.apache.org%3E"}, {"name": "[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731%40%3Cdev.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f%40%3Cissues.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3%40%3Cissues.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c%40%3Cissues.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560%40%3Cissues.zookeeper.apache.org%3E"}, {"name": "[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209%40%3Cissues.zookeeper.apache.org%3E"}, {"name": "[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd%40%3Ccommits.accumulo.apache.org%3E"}, {"name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E"}, {"name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"}, {"name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E"}, {"name": "FEDORA-2019-99ff6aa32c", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"}, {"name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E"}, {"name": "FEDORA-2019-ae6a703b8f", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"}, {"name": "FEDORA-2019-fb23eccc03", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"}, {"name": "RHSA-2019:2858", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2858"}, {"name": "RHSA-2019:2937", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2937"}, {"name": "RHSA-2019:2935", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2935"}, {"name": "RHSA-2019:2936", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2936"}, {"name": "RHSA-2019:2938", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2938"}, {"name": "[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E"}, {"name": "RHSA-2019:3044", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3044"}, {"name": "RHSA-2019:3045", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3045"}, {"name": "RHSA-2019:3050", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3050"}, {"name": "RHSA-2019:3046", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3046"}, {"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"}, {"name": "RHSA-2019:3149", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3149"}, {"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"}, {"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"}, {"name": "RHSA-2019:3200", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3200"}, {"name": "RHSA-2019:3292", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3292"}, {"name": "RHSA-2019:3297", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3297"}, {"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"}, {"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/FasterXML/jackson-databind/issues/2341"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190625-0006/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-502", "lang": "en", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-08-27T20:29:53.410352Z", "id": "CVE-2019-12814", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-27T20:30:34.890Z"}}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-12814", "datePublished": "2019-06-19T13:24:44.000Z", "dateReserved": "2019-06-13T00:00:00.000Z", "dateUpdated": "2025-08-27T20:30:34.890Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html", "name": "[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0%40%3Cnotifications.zookeeper.apache.org%3E", "name": "[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957%40%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1%40%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731%40%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324%40%3Cnotifications.zookeeper.apache.org%3E", "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3E", "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4%40%3Cnotifications.zookeeper.apache.org%3E", "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f%40%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2%40%3Cnotifications.zookeeper.apache.org%3E", "name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E", "name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3%40%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c%40%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560%40%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209%40%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd%40%3Ccommits.accumulo.apache.org%3E", "name": "[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E", "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/", "name": "FEDORA-2019-99ff6aa32c", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E", "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/", "name": "FEDORA-2019-ae6a703b8f", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/", "name": "FEDORA-2019-fb23eccc03", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:2858", "name": "RHSA-2019:2858", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:2937", "name": "RHSA-2019:2937", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:2935", "name": "RHSA-2019:2935", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:2936", "name": "RHSA-2019:2936", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:2938", "name": "RHSA-2019:2938", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E", "name": "[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3044", "name": "RHSA-2019:3044", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3045", "name": "RHSA-2019:3045", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3050", "name": "RHSA-2019:3050", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3046", "name": "RHSA-2019:3046", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3149", "name": "RHSA-2019:3149", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3200", "name": "RHSA-2019:3200", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3292", "name": "RHSA-2019:3292", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3297", "name": "RHSA-2019:3297", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2020.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/FasterXML/jackson-databind/issues/2341", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20190625-0006/", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:32:55.182Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2019-12814", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-27T20:29:53.410352Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-27T20:30:04.843Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html", "name": "[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0%40%3Cnotifications.zookeeper.apache.org%3E", "name": "[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957%40%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1%40%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731%40%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324%40%3Cnotifications.zookeeper.apache.org%3E", "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3E", "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4%40%3Cnotifications.zookeeper.apache.org%3E", "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f%40%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2%40%3Cnotifications.zookeeper.apache.org%3E", "name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E", "name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3%40%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c%40%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560%40%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209%40%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd%40%3Ccommits.accumulo.apache.org%3E", "name": "[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E", "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/", "name": "FEDORA-2019-99ff6aa32c", "tags": ["vendor-advisory", "x_refsource_FEDORA"]}, {"url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E", "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/", "name": "FEDORA-2019-ae6a703b8f", "tags": ["vendor-advisory", "x_refsource_FEDORA"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/", "name": "FEDORA-2019-fb23eccc03", "tags": ["vendor-advisory", "x_refsource_FEDORA"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:2858", "name": "RHSA-2019:2858", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:2937", "name": "RHSA-2019:2937", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:2935", "name": "RHSA-2019:2935", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:2936", "name": "RHSA-2019:2936", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:2938", "name": "RHSA-2019:2938", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E", "name": "[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3044", "name": "RHSA-2019:3044", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3045", "name": "RHSA-2019:3045", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3050", "name": "RHSA-2019:3050", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3046", "name": "RHSA-2019:3046", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3149", "name": "RHSA-2019:3149", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3200", "name": "RHSA-2019:3200", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3292", "name": "RHSA-2019:3292", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3297", "name": "RHSA-2019:3297", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "tags": ["x_refsource_MISC"]}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "tags": ["x_refsource_MISC"]}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "tags": ["x_refsource_MISC"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2020.html", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/FasterXML/jackson-databind/issues/2341", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://security.netapp.com/advisory/ntap-20190625-0006/", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2020-10-20T21:14:57.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html", "name": "[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0@%3Cnotifications.zookeeper.apache.org%3E", "name": "[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324@%3Cnotifications.zookeeper.apache.org%3E", "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682@%3Cnotifications.zookeeper.apache.org%3E", "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4@%3Cnotifications.zookeeper.apache.org%3E", "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2@%3Cnotifications.zookeeper.apache.org%3E", "name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87@%3Cnotifications.zookeeper.apache.org%3E", "name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd@%3Ccommits.accumulo.apache.org%3E", "name": "[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E", "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439", "refsource": "MLIST"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/", "name": "FEDORA-2019-99ff6aa32c", "refsource": "FEDORA"}, {"url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E", "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities", "refsource": "MLIST"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/", "name": "FEDORA-2019-ae6a703b8f", "refsource": "FEDORA"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/", "name": "FEDORA-2019-fb23eccc03", "refsource": "FEDORA"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2858", "name": "RHSA-2019:2858", "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2937", "name": "RHSA-2019:2937", "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2935", "name": "RHSA-2019:2935", "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2936", "name": "RHSA-2019:2936", "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2938", "name": "RHSA-2019:2938", "refsource": "REDHAT"}, {"url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E", "name": "[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix", "refsource": "MLIST"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3044", "name": "RHSA-2019:3044", "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3045", "name": "RHSA-2019:3045", "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3050", "name": "RHSA-2019:3050", "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3046", "name": "RHSA-2019:3046", "refsource": "REDHAT"}, {"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "refsource": "MLIST"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3149", "name": "RHSA-2019:3149", "refsource": "REDHAT"}, {"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource": "MLIST"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3200", "name": "RHSA-2019:3200", "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3292", "name": "RHSA-2019:3292", "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3297", "name": "RHSA-2019:3297", "refsource": "REDHAT"}, {"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E", "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", "refsource": "MLIST"}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "name": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC"}, {"url": "https://www.oracle.com/security-alerts/cpujan2020.html", "name": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC"}, {"url": "https://github.com/FasterXML/jackson-databind/issues/2341", "name": "https://github.com/FasterXML/jackson-databind/issues/2341", "refsource": "CONFIRM"}, {"url": "https://security.netapp.com/advisory/ntap-20190625-0006/", "name": "https://security.netapp.com/advisory/ntap-20190625-0006/", "refsource": "CONFIRM"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-12814", "STATE": "PUBLIC", "ASSIGNER": "cve@mitre.org"}}}}, "cveMetadata": {"cveId": "CVE-2019-12814", "state": "PUBLISHED", "dateUpdated": "2025-08-27T20:30:34.890Z", "dateReserved": "2019-06-13T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2019-06-19T13:24:44.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "matchCriteriaId": "7036DA13-110D-40B3-8494-E361BBF4AFCD", "versionEndExcluding": "2.6.7.3", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "matchCriteriaId": "89660FC3-9198-414C-B89D-C61A4438BA3B", "versionEndExcluding": "2.7.9.6", "versionStartIncluding": "2.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DB8A2D4-0FDE-4216-896B-52824106B97B", "versionEndExcluding": "2.8.11.4", "versionStartIncluding": "2.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "matchCriteriaId": "04641592-DAF4-47BB-A9DE-FC4C84A20401", "versionEndExcluding": "2.9.9.2", "versionStartIncluding": "2.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server."}, {"lang": "es", "value": "Se descubri\u00f3 un problema de tipificaci\u00f3n polim\u00f3rfica en FasterXML jackson-databind 2.x hasta la 2.9.9. Cuando la escritura predeterminada est\u00e1 habilitada (ya sea globalmente o para una propiedad espec\u00edfica) para un dispositivo remoto JSON expuesto externamente y el servicio cuenta con el JDOM 1.x or 2.x jar en el classpath, un atacante puede enviar un mensaje JSON espec\u00edficamente dise\u00f1ado que les permite leer archivos locales arbitrarios en el servidor."}], "id": "CVE-2019-12814", "lastModified": "2025-08-27T21:15:34.630", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2019-06-19T14:15:10.897", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2858"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2935"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2936"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2937"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2938"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3044"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3045"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3046"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3050"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3149"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3200"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3292"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3297"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/FasterXML/jackson-databind/issues/2341"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731%40%3Cdev.zookeeper.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1%40%3Cissues.zookeeper.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0%40%3Cnotifications.zookeeper.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c%40%3Cissues.zookeeper.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560%40%3Cissues.zookeeper.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324%40%3Cnotifications.zookeeper.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3%40%3Cissues.zookeeper.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4%40%3Cnotifications.zookeeper.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f%40%3Cissues.zookeeper.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957%40%3Cissues.zookeeper.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209%40%3Cissues.zookeeper.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2%40%3Cnotifications.zookeeper.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd%40%3Ccommits.accumulo.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190625-0006/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2858"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2935"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2936"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2937"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2938"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3044"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3045"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3046"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3050"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3149"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3200"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3292"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3297"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/FasterXML/jackson-databind/issues/2341"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731%40%3Cdev.zookeeper.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1%40%3Cissues.zookeeper.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0%40%3Cnotifications.zookeeper.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c%40%3Cissues.zookeeper.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560%40%3Cissues.zookeeper.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324%40%3Cnotifications.zookeeper.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3%40%3Cissues.zookeeper.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4%40%3Cnotifications.zookeeper.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f%40%3Cissues.zookeeper.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957%40%3Cissues.zookeeper.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209%40%3Cissues.zookeeper.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2%40%3Cnotifications.zookeeper.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd%40%3Ccommits.accumulo.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190625-0006/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-502"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2019:3200", "cpe": "cpe:/a:redhat:amq_streams:1", "product_name": "Red Hat AMQ Streams 1", "release_date": "2019-10-24T00:00:00Z"}, {"advisory": "RHSA-2019:3292", "cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7.5", "package": "jackson-databind", "product_name": "Red Hat Decision Manager 7", "release_date": "2019-10-31T00:00:00Z"}, {"advisory": "RHBA-2019:3416", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "pki-core:10.6-8010020190912123424.8ba0ffbe", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHBA-2019:3416", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "pki-deps:10.6-8010020190731203900.cdc1202b", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2019:2804", "cpe": "cpe:/a:redhat:jboss_amq:6.3", "product_name": "Red Hat Fuse 6.3", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2020:0983", "cpe": "cpe:/a:redhat:jboss_fuse:7", "package": "jackson-databind", "product_name": "Red Hat Fuse 7.6.0", "release_date": "2020-03-26T00:00:00Z"}, {"advisory": "RHSA-2019:2938", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2", "package": "jackson-databind", "product_name": "Red Hat JBoss EAP 7.2", "release_date": "2019-09-30T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-activemq-artemis-0:2.9.0-1.redhat_00005.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-codehaus-jackson-0:1.9.13-9.redhat_00006.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-glassfish-jsf-0:2.3.5-4.SP3_redhat_00002.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-hal-console-0:3.0.16-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-hibernate-0:5.3.11-2.SP1_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-infinispan-0:9.3.7-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-ironjacamar-0:1.4.17-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jackson-annotations-0:2.9.9-1.redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jackson-core-0:2.9.9-1.redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jackson-databind-0:2.9.9.3-1.redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jackson-jaxrs-providers-0:2.9.9-2.redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jackson-modules-base-0:2.9.9-1.redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jackson-modules-java8-0:2.9.9-1.redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jboss-ejb-client-0:4.0.23-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jboss-jaxrs-api_2.1_spec-0:1.0.3-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jboss-logging-0:3.3.3-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jboss-logmanager-0:2.1.14-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jboss-marshalling-0:2.0.9-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jboss-msc-0:1.4.8-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jboss-remoting-0:5.0.14-1.SP1_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jboss-server-migration-0:1.3.1-4.Final_redhat_00004.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jboss-xnio-base-0:3.7.3-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jgroups-0:4.0.20-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-narayana-0:5.9.6-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-netty-0:4.1.34-2.Final_redhat_00002.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-picketbox-0:5.0.3-5.Final_redhat_00004.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-picketlink-bindings-0:2.5.5-20.SP12_redhat_00007.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-picketlink-federation-0:2.5.5-20.SP12_redhat_00007.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-undertow-0:2.0.25-1.SP1_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-weld-core-0:3.0.6-2.Final_redhat_00002.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-wildfly-0:7.2.4-1.GA_redhat_00002.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-wildfly-elytron-0:1.6.4-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-wildfly-elytron-tool-0:1.4.3-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2935", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-wildfly-transaction-client-0:1.1.6-2.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-activemq-artemis-0:2.9.0-1.redhat_00005.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-codehaus-jackson-0:1.9.13-9.redhat_00006.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-glassfish-jsf-0:2.3.5-4.SP3_redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-hal-console-0:3.0.16-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-hibernate-0:5.3.11-2.SP1_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-infinispan-0:9.3.7-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-ironjacamar-0:1.4.17-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jackson-annotations-0:2.9.9-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jackson-core-0:2.9.9-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jackson-databind-0:2.9.9.3-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jackson-jaxrs-providers-0:2.9.9-2.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jackson-modules-base-0:2.9.9-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jackson-modules-java8-0:2.9.9-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jboss-ejb-client-0:4.0.23-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jboss-jaxrs-api_2.1_spec-0:1.0.3-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jboss-logging-0:3.3.3-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jboss-logmanager-0:2.1.14-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jboss-marshalling-0:2.0.9-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jboss-msc-0:1.4.8-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jboss-remoting-0:5.0.14-1.SP1_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jboss-server-migration-0:1.3.1-4.Final_redhat_00004.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jboss-xnio-base-0:3.7.3-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jgroups-0:4.0.20-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-narayana-0:5.9.6-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-netty-0:4.1.34-2.Final_redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-picketbox-0:5.0.3-5.Final_redhat_00004.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-picketlink-bindings-0:2.5.5-20.SP12_redhat_00007.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-picketlink-federation-0:2.5.5-20.SP12_redhat_00007.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-undertow-0:2.0.25-1.SP1_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-weld-core-0:3.0.6-2.Final_redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-wildfly-0:7.2.4-1.GA_redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-wildfly-elytron-0:1.6.4-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-wildfly-elytron-tool-0:1.4.3-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2936", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-wildfly-transaction-client-0:1.1.6-2.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-activemq-artemis-0:2.9.0-1.redhat_00005.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-codehaus-jackson-0:1.9.13-9.redhat_00006.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-glassfish-jsf-0:2.3.5-4.SP3_redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-hal-console-0:3.0.16-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-hibernate-0:5.3.11-2.SP1_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-infinispan-0:9.3.7-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-ironjacamar-0:1.4.17-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jackson-annotations-0:2.9.9-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jackson-core-0:2.9.9-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jackson-databind-0:2.9.9.3-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jackson-jaxrs-providers-0:2.9.9-2.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jackson-modules-base-0:2.9.9-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jackson-modules-java8-0:2.9.9-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jboss-ejb-client-0:4.0.23-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jboss-jaxrs-api_2.1_spec-0:1.0.3-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jboss-logging-0:3.3.3-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jboss-logmanager-0:2.1.14-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jboss-marshalling-0:2.0.9-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jboss-msc-0:1.4.8-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jboss-remoting-0:5.0.14-1.SP1_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jboss-server-migration-0:1.3.1-4.Final_redhat_00004.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jboss-xnio-base-0:3.7.3-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jgroups-0:4.0.20-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-narayana-0:5.9.6-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-netty-0:4.1.34-2.Final_redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-picketbox-0:5.0.3-5.Final_redhat_00004.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-picketlink-bindings-0:2.5.5-20.SP12_redhat_00007.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-picketlink-federation-0:2.5.5-20.SP12_redhat_00007.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-undertow-0:2.0.25-1.SP1_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-weld-core-0:3.0.6-2.Final_redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-wildfly-0:7.2.4-1.GA_redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-wildfly-elytron-0:1.6.4-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-wildfly-elytron-tool-0:1.4.3-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:2937", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-wildfly-transaction-client-0:1.1.6-2.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2019-10-01T00:00:00Z"}, {"advisory": "RHSA-2019:3149", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-logging-elasticsearch5:v3.11.153-2", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-10-18T00:00:00Z"}, {"advisory": "RHSA-2019:2858", "cpe": "cpe:/a:redhat:openshift:4.1::el7", "package": "openshift4/ose-logging-elasticsearch5:v4.1.18-201909201915", "product_name": "Red Hat OpenShift Container Platform 4.1", "release_date": "2019-09-27T00:00:00Z"}, {"advisory": "RHSA-2019:3297", "cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.5", "package": "jackson-databind", "product_name": "Red Hat Process Automation 7", "release_date": "2019-10-31T00:00:00Z"}, {"advisory": "RHSA-2019:3050", "cpe": "cpe:/a:redhat:jboss_single_sign_on:7.3", "package": "jackson-databind", "product_name": "Red Hat Single Sign-On 7.3.4 zip", "release_date": "2019-10-14T00:00:00Z"}, {"advisory": "RHSA-2019:3044", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7::el6", "package": "rh-sso7-keycloak-0:4.8.13-1.Final_redhat_00001.1.el6sso", "product_name": "Red Hat Single Sign-On 7.3 for RHEL 6", "release_date": "2019-10-14T00:00:00Z"}, {"advisory": "RHSA-2019:3045", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7::el7", "package": "rh-sso7-keycloak-0:4.8.13-1.Final_redhat_00001.1.el7sso", "product_name": "Red Hat Single Sign-On 7.3 for RHEL 7", "release_date": "2019-10-14T00:00:00Z"}, {"advisory": "RHSA-2019:3045", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7::el7", "package": "rh-sso7-libunix-dbus-java-0:0.8.0-2.el7sso", "product_name": "Red Hat Single Sign-On 7.3 for RHEL 7", "release_date": "2019-10-14T00:00:00Z"}, {"advisory": "RHSA-2019:3046", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7::el8", "package": "rh-sso7-keycloak-0:4.8.13-1.Final_redhat_00001.1.el8sso", "product_name": "Red Hat Single Sign-On 7.3 for RHEL 8", "release_date": "2019-10-14T00:00:00Z"}], "bugzilla": {"description": "jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.", "id": "1725795", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725795"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-502->CWE-200", "details": ["A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.", "A new polymorphic typing flaw was discovered in FasterXML jackson-databind, versions 2.x through 2.9.9. With default typing enabled, an attacker can send a specifically crafted JSON message to the server that allows them to read arbitrary local files."], "mitigation": {"lang": "en:us", "value": "This vulnerability relies on jdom (org.jdom) or jdom2 (org.jdom2) being present in the application's ClassPath. Applications using jackson-databind that do not also use jdom or jdom2 are not impacted by this vulnerability."}, "name": "CVE-2019-12814", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform", "fix_state": "Will not fix", "package_name": "jackson-databind", "product_name": "Red Hat BPM Suite 6"}, {"cpe": "cpe:/a:redhat:jboss_amq:6", "fix_state": "Affected", "package_name": "jackson-databind", "product_name": "Red Hat JBoss A-MQ 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Affected", "package_name": "jackson-databind", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:mobile_application_platform:4", "fix_state": "Not affected", "package_name": "jackson-databind", "product_name": "Red Hat Mobile Application Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Not affected", "package_name": "jackson-databind", "product_name": "Red Hat OpenShift Application Runtimes"}, {"cpe": "cpe:/a:redhat:openshift:3.10", "fix_state": "Affected", "package_name": "elasticsearch-cloud-kubernetes", "product_name": "Red Hat OpenShift Container Platform 3.10"}, {"cpe": "cpe:/a:redhat:openshift:3.10", "fix_state": "Affected", "package_name": "openshift-elasticsearch-plugin", "product_name": "Red Hat OpenShift Container Platform 3.10"}, {"cpe": "cpe:/a:redhat:openshift:3.6", "fix_state": "Out of support scope", "package_name": "elasticsearch-cloud-kubernetes", "product_name": "Red Hat OpenShift Container Platform 3.6"}, {"cpe": "cpe:/a:redhat:openshift:3.6", "fix_state": "Out of support scope", "package_name": "openshift-elasticsearch-plugin", "product_name": "Red Hat OpenShift Container Platform 3.6"}, {"cpe": "cpe:/a:redhat:openshift:3.7", "fix_state": "Out of support scope", "package_name": "elasticsearch-cloud-kubernetes", "product_name": "Red Hat OpenShift Container Platform 3.7"}, {"cpe": "cpe:/a:redhat:openshift:3.7", "fix_state": "Out of support scope", "package_name": "openshift-elasticsearch-plugin", "product_name": "Red Hat OpenShift Container Platform 3.7"}, {"cpe": "cpe:/a:redhat:openshift:3.9", "fix_state": "Affected", "package_name": "elasticsearch-cloud-kubernetes", "product_name": "Red Hat OpenShift Container Platform 3.9"}, {"cpe": "cpe:/a:redhat:openshift:3.9", "fix_state": "Affected", "package_name": "openshift-elasticsearch-plugin", "product_name": "Red Hat OpenShift Container Platform 3.9"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Not affected", "package_name": "opendaylight", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Not affected", "package_name": "opendaylight", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:14", "fix_state": "Not affected", "package_name": "opendaylight", "product_name": "Red Hat OpenStack Platform 14 (Rocky)"}, {"cpe": "cpe:/a:redhat:openstack:9", "fix_state": "Not affected", "package_name": "opendaylight", "product_name": "Red Hat OpenStack Platform 9 (Mitaka)"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "jackson-databind", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-maven35-jackson-databind", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:amq_streams:1", "fix_state": "Affected", "package_name": "jackson-databind", "product_name": "streams for Apache Kafka"}], "public_date": "2019-06-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-12814\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12814"], "statement": "* Red Hat Satellite 6 does not include the jdom or jdom2 packages, thus it is not affected by this vulnerability. \n* Red Hat OpenStack's OpenDaylight does not include the jdom or jdom2 packages, thus it is not affected by this vulnerability.", "threat_severity": "Moderate"}

{}