A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References
Link Providers
https://access.redhat.com/errata/RHSA-2019:3200 cve-icon cve-icon
https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b cve-icon cve-icon
https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2 cve-icon cve-icon
https://github.com/FasterXML/jackson-databind/issues/2389 cve-icon cve-icon
https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2019-14439 cve-icon
https://seclists.org/bugtraq/2019/Oct/6 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20190814-0001/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2019-14439 cve-icon
https://www.debian.org/security/2019/dsa-4542 cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuapr2020.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujan2020.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujul2020.html cve-icon cve-icon
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T00:19:41.289Z

Reserved: 2019-07-30T00:00:00

Link: CVE-2019-14439

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-07-30T11:15:11.123

Modified: 2024-11-21T04:26:44.957

Link: CVE-2019-14439

cve-icon Redhat

Severity : Moderate

Publid Date: 2019-07-30T00:00:00Z

Links: CVE-2019-14439 - Bugzilla

cve-icon OpenCVE Enrichment

No data.