A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References
Link Providers
https://access.redhat.com/errata/RHSA-2019:2858 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:2935 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:2936 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:2937 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:2938 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3044 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3045 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3046 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3050 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3149 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3200 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3292 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3297 cve-icon cve-icon
https://github.com/FasterXML/jackson-databind/issues/2341 cve-icon cve-icon
https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731%40%3Cdev.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1%40%3Cissues.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0%40%3Cnotifications.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c%40%3Cissues.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560%40%3Cissues.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324%40%3Cnotifications.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3%40%3Cissues.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4%40%3Cnotifications.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f%40%3Cissues.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957%40%3Cissues.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209%40%3Cissues.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2%40%3Cnotifications.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd%40%3Ccommits.accumulo.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2019-12814 cve-icon
https://security.netapp.com/advisory/ntap-20190625-0006/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2019-12814 cve-icon
https://www.oracle.com/security-alerts/cpujan2020.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujul2020.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuoct2020.html cve-icon cve-icon
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html cve-icon cve-icon
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html cve-icon cve-icon
History

Wed, 27 Aug 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-08-27T20:30:34.890Z

Reserved: 2019-06-13T00:00:00.000Z

Link: CVE-2019-12814

cve-icon Vulnrichment

Updated: 2024-08-04T23:32:55.182Z

cve-icon NVD

Status : Modified

Published: 2019-06-19T14:15:10.897

Modified: 2025-08-27T21:15:34.630

Link: CVE-2019-12814

cve-icon Redhat

Severity : Moderate

Publid Date: 2019-06-04T00:00:00Z

Links: CVE-2019-12814 - Bugzilla

cve-icon OpenCVE Enrichment

No data.