ALT-PU-2019-2262-1
Package jackson-databind updated to version 2.9.8-alt1_1jpp8 for branch sisyphus in task 234491.
Closed vulnerabilities
Published: 2018-02-26
BDU:2018-00945
Уязвимость компонента ObjectMapper библиотеки FasterXML jackson-databind, позволяющая нарушителю обойти ограничения «черного списка» и выполнить произвольный код
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2018-10-16
BDU:2019-00296
Уязвимость компонента Core (jackson-databind) приложения для автоматизации процессов управления проектами Primavera Unifier, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Severity: HIGH (8.1)
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-01-02
BDU:2019-01372
Уязвимость библиотеки Jackson-databind, вызванная отсутствием защиты класса slf4j-ext от полиморфной десериализации, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2018-07-27
BDU:2019-01755
Уязвимость библиотеки jackson-databind, связанная с недостаточной проверкой поступающих запросов, позволяющая нарушителю осуществить SSRF-атаку
Severity: CRITICAL (10.0)
Vector: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
References:
Published: 2018-08-17
BDU:2019-01756
Уязвимость библиотеки jackson-databind, связанная с ошибкой ограничения XML-ссылок на внешние объекты, позволяющая нарушителю осуществить XXE-атаку
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2018-08-17
BDU:2019-01757
Уязвимость библиотеки jackson-databind, связанная с восстановленим в памяти недостоверной структуры данных, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2018-05-29
BDU:2019-01765
Уязвимость библиотеки jackson-databind, связанная с восстановлением в памяти недостоверной структуры данных, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (8.1)
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2018-05-29
BDU:2019-01766
Уязвимость библиотеки jackson-databind, связанная с восстановлением в памяти недостоверной структуры данных, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (8.1)
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2018-05-10
BDU:2019-01771
Уязвимость библиотеки jackson-databind, связанная с недостатками механизма десериализации, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (8.1)
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-01-02
BDU:2019-02896
Уязвимость функции FasterXML Java-библиотеки для грамматического разбора JSON файлов jackson-databind, позволяющая нарушителю оказать воздействие на целостность данных, получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-01-02
BDU:2019-02897
Уязвимость функции FasterXML Java-библиотеки для грамматического разбора JSON файлов jackson-databind, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-01-02
BDU:2019-02898
Уязвимость функции FasterXML Java-библиотеки для грамматического разбора JSON файлов jackson-databind, позволяющая нарушителю оказать воздействие на целостность данных, получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-07-09
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-11307
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- https://access.redhat.com/errata/RHSA-2019:0782
- https://access.redhat.com/errata/RHSA-2019:0782
- RHSA-2019:1822
- RHSA-2019:1822
- RHSA-2019:1823
- RHSA-2019:1823
- RHSA-2019:2804
- RHSA-2019:2804
- RHSA-2019:2858
- RHSA-2019:2858
- RHSA-2019:3002
- RHSA-2019:3002
- RHSA-2019:3140
- RHSA-2019:3140
- RHSA-2019:3149
- RHSA-2019:3149
- RHSA-2019:3892
- RHSA-2019:3892
- RHSA-2019:4037
- RHSA-2019:4037
- https://github.com/FasterXML/jackson-databind/issues/2032
- https://github.com/FasterXML/jackson-databind/issues/2032
- [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [lucene-issues] 20191004 [GitHub] [lucene-solr] marungo opened a new pull request #925: SOLR-13818: Upgrade jackson to 2.10.0
- [lucene-issues] 20191004 [GitHub] [lucene-solr] marungo opened a new pull request #925: SOLR-13818: Upgrade jackson to 2.10.0
- [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
- [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
- [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
- https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
- https://nvd.nist.gov/vuln/detail/CVE-2017-7525
- https://nvd.nist.gov/vuln/detail/CVE-2017-7525
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Published: 2019-03-21
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-12022
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- 107585
- 107585
- RHBA-2019:0959
- RHBA-2019:0959
- RHSA-2019:0782
- RHSA-2019:0782
- RHSA-2019:0877
- RHSA-2019:0877
- RHSA-2019:1106
- RHSA-2019:1106
- RHSA-2019:1107
- RHSA-2019:1107
- RHSA-2019:1108
- RHSA-2019:1108
- RHSA-2019:1140
- RHSA-2019:1140
- RHSA-2019:1782
- RHSA-2019:1782
- RHSA-2019:1797
- RHSA-2019:1797
- RHSA-2019:1822
- RHSA-2019:1822
- RHSA-2019:1823
- RHSA-2019:1823
- RHSA-2019:2804
- RHSA-2019:2804
- RHSA-2019:2858
- RHSA-2019:2858
- RHSA-2019:3002
- RHSA-2019:3002
- RHSA-2019:3140
- RHSA-2019:3140
- RHSA-2019:3149
- RHSA-2019:3149
- RHSA-2019:3892
- RHSA-2019:3892
- RHSA-2019:4037
- RHSA-2019:4037
- https://bugzilla.redhat.com/show_bug.cgi?id=1671098
- https://bugzilla.redhat.com/show_bug.cgi?id=1671098
- https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a
- https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a
- https://github.com/FasterXML/jackson-databind/issues/2052
- https://github.com/FasterXML/jackson-databind/issues/2052
- [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [lucene-issues] 20191004 [GitHub] [lucene-solr] marungo opened a new pull request #925: SOLR-13818: Upgrade jackson to 2.10.0
- [lucene-issues] 20191004 [GitHub] [lucene-solr] marungo opened a new pull request #925: SOLR-13818: Upgrade jackson to 2.10.0
- [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
- [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
- [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/
- https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
- https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
- 20190527 [SECURITY] [DSA 4452-1] jackson-databind security update
- 20190527 [SECURITY] [DSA 4452-1] jackson-databind security update
- https://security.netapp.com/advisory/ntap-20190530-0003/
- https://security.netapp.com/advisory/ntap-20190530-0003/
- https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf
- https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf
- DSA-4452
- DSA-4452
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Published: 2019-03-21
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-12023
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.
Severity: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://www.securityfocus.com/bid/105659
- http://www.securityfocus.com/bid/105659
- RHBA-2019:0959
- RHBA-2019:0959
- RHSA-2019:0782
- RHSA-2019:0782
- RHSA-2019:0877
- RHSA-2019:0877
- RHSA-2019:1106
- RHSA-2019:1106
- RHSA-2019:1107
- RHSA-2019:1107
- RHSA-2019:1108
- RHSA-2019:1108
- RHSA-2019:1140
- RHSA-2019:1140
- RHSA-2019:1782
- RHSA-2019:1782
- RHSA-2019:1797
- RHSA-2019:1797
- RHSA-2019:1822
- RHSA-2019:1822
- RHSA-2019:1823
- RHSA-2019:1823
- RHSA-2019:2804
- RHSA-2019:2804
- RHSA-2019:2858
- RHSA-2019:2858
- RHSA-2019:3002
- RHSA-2019:3002
- RHSA-2019:3140
- RHSA-2019:3140
- RHSA-2019:3149
- RHSA-2019:3149
- RHSA-2019:3892
- RHSA-2019:3892
- RHSA-2019:4037
- RHSA-2019:4037
- https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a
- https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a
- https://github.com/FasterXML/jackson-databind/issues/2058
- https://github.com/FasterXML/jackson-databind/issues/2058
- [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [lucene-issues] 20191004 [GitHub] [lucene-solr] marungo opened a new pull request #925: SOLR-13818: Upgrade jackson to 2.10.0
- [lucene-issues] 20191004 [GitHub] [lucene-solr] marungo opened a new pull request #925: SOLR-13818: Upgrade jackson to 2.10.0
- [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
- [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
- [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/
- 20190527 [SECURITY] [DSA 4452-1] jackson-databind security update
- 20190527 [SECURITY] [DSA 4452-1] jackson-databind security update
- https://security.netapp.com/advisory/ntap-20190530-0003/
- https://security.netapp.com/advisory/ntap-20190530-0003/
- https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf
- https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf
- DSA-4452
- DSA-4452
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Published: 2019-01-02
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-14718
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- 106601
- RHBA-2019:0959
- RHSA-2019:0782
- RHSA-2019:0877
- RHSA-2019:1782
- RHSA-2019:1797
- RHSA-2019:1822
- RHSA-2019:1823
- RHSA-2019:2804
- RHSA-2019:2858
- RHSA-2019:3002
- RHSA-2019:3140
- RHSA-2019:3149
- RHSA-2019:3892
- RHSA-2019:4037
- https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7
- https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
- https://github.com/FasterXML/jackson-databind/issues/2097
- [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...
- [lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...
- [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
- [lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...
- [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves
- [debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update
- 20190527 [SECURITY] [DSA 4452-1] jackson-databind security update
- https://security.netapp.com/advisory/ntap-20190530-0003/
- DSA-4452
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- 106601
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- DSA-4452
- https://security.netapp.com/advisory/ntap-20190530-0003/
- 20190527 [SECURITY] [DSA 4452-1] jackson-databind security update
- [debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update
- [druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves
- [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...
- [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
- [lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...
- [lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...
- [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- https://github.com/FasterXML/jackson-databind/issues/2097
- https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
- https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7
- RHSA-2019:4037
- RHSA-2019:3892
- RHSA-2019:3149
- RHSA-2019:3140
- RHSA-2019:3002
- RHSA-2019:2858
- RHSA-2019:2804
- RHSA-2019:1823
- RHSA-2019:1822
- RHSA-2019:1797
- RHSA-2019:1782
- RHSA-2019:0877
- RHSA-2019:0782
- RHBA-2019:0959
Published: 2019-01-02
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-14719
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- RHBA-2019:0959
- RHSA-2019:0782
- RHSA-2019:0877
- RHSA-2019:1782
- RHSA-2019:1797
- RHSA-2019:1822
- RHSA-2019:1823
- RHSA-2019:2804
- RHSA-2019:2858
- RHSA-2019:3002
- RHSA-2019:3140
- RHSA-2019:3149
- RHSA-2019:3892
- RHSA-2019:4037
- https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7
- https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
- https://github.com/FasterXML/jackson-databind/issues/2097
- [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
- [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1
- [geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12
- [debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update
- 20190527 [SECURITY] [DSA 4452-1] jackson-databind security update
- https://security.netapp.com/advisory/ntap-20190530-0003/
- DSA-4452
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- RHBA-2019:0959
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- DSA-4452
- https://security.netapp.com/advisory/ntap-20190530-0003/
- 20190527 [SECURITY] [DSA 4452-1] jackson-databind security update
- [debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update
- [geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12
- [pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1
- [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
- [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- https://github.com/FasterXML/jackson-databind/issues/2097
- https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
- https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7
- RHSA-2019:4037
- RHSA-2019:3892
- RHSA-2019:3149
- RHSA-2019:3140
- RHSA-2019:3002
- RHSA-2019:2858
- RHSA-2019:2804
- RHSA-2019:1823
- RHSA-2019:1822
- RHSA-2019:1797
- RHSA-2019:1782
- RHSA-2019:0877
- RHSA-2019:0782
Published: 2019-01-02
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-14720
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- RHBA-2019:0959
- RHSA-2019:0782
- RHSA-2019:1106
- RHSA-2019:1107
- RHSA-2019:1108
- RHSA-2019:1140
- RHSA-2019:1822
- RHSA-2019:1823
- RHSA-2019:2858
- RHSA-2019:3149
- RHSA-2019:3892
- RHSA-2019:4037
- https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7
- https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
- https://github.com/FasterXML/jackson-databind/issues/2097
- [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...
- [lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...
- [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
- [lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...
- [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1
- [geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12
- [debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update
- 20190527 [SECURITY] [DSA 4452-1] jackson-databind security update
- https://security.netapp.com/advisory/ntap-20190530-0003/
- DSA-4452
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- RHBA-2019:0959
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- DSA-4452
- https://security.netapp.com/advisory/ntap-20190530-0003/
- 20190527 [SECURITY] [DSA 4452-1] jackson-databind security update
- [debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update
- [geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12
- [pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1
- [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...
- [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
- [lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...
- [lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...
- [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- https://github.com/FasterXML/jackson-databind/issues/2097
- https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
- https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7
- RHSA-2019:4037
- RHSA-2019:3892
- RHSA-2019:3149
- RHSA-2019:2858
- RHSA-2019:1823
- RHSA-2019:1822
- RHSA-2019:1140
- RHSA-2019:1108
- RHSA-2019:1107
- RHSA-2019:1106
- RHSA-2019:0782
Published: 2019-01-02
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-14721
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
Severity: CRITICAL (10.0)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
References:
- RHBA-2019:0959
- RHSA-2019:0782
- RHSA-2019:1106
- RHSA-2019:1107
- RHSA-2019:1108
- RHSA-2019:1140
- RHSA-2019:1822
- RHSA-2019:1823
- RHSA-2019:2858
- RHSA-2019:3149
- RHSA-2019:3892
- RHSA-2019:4037
- https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7
- https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
- https://github.com/FasterXML/jackson-databind/issues/2097
- [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
- [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1
- [geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12
- [debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update
- 20190527 [SECURITY] [DSA 4452-1] jackson-databind security update
- https://security.netapp.com/advisory/ntap-20190530-0003/
- DSA-4452
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- RHBA-2019:0959
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- DSA-4452
- https://security.netapp.com/advisory/ntap-20190530-0003/
- 20190527 [SECURITY] [DSA 4452-1] jackson-databind security update
- [debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update
- [geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12
- [pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1
- [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
- [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- https://github.com/FasterXML/jackson-databind/issues/2097
- https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
- https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7
- RHSA-2019:4037
- RHSA-2019:3892
- RHSA-2019:3149
- RHSA-2019:2858
- RHSA-2019:1823
- RHSA-2019:1822
- RHSA-2019:1140
- RHSA-2019:1108
- RHSA-2019:1107
- RHSA-2019:1106
- RHSA-2019:0782
Published: 2019-01-02
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-19360
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- 107985
- 107985
- RHBA-2019:0959
- RHBA-2019:0959
- RHSA-2019:0782
- RHSA-2019:0782
- RHSA-2019:0877
- RHSA-2019:0877
- RHSA-2019:1782
- RHSA-2019:1782
- RHSA-2019:1797
- RHSA-2019:1797
- RHSA-2019:1822
- RHSA-2019:1822
- RHSA-2019:1823
- RHSA-2019:1823
- RHSA-2019:2804
- RHSA-2019:2804
- RHSA-2019:2858
- RHSA-2019:2858
- RHSA-2019:3002
- RHSA-2019:3002
- RHSA-2019:3140
- RHSA-2019:3140
- RHSA-2019:3149
- RHSA-2019:3149
- RHSA-2019:3892
- RHSA-2019:3892
- RHSA-2019:4037
- RHSA-2019:4037
- https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8
- https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8
- https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
- https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
- https://github.com/FasterXML/jackson-databind/issues/2186
- https://github.com/FasterXML/jackson-databind/issues/2186
- https://issues.apache.org/jira/browse/TINKERPOP-2121
- https://issues.apache.org/jira/browse/TINKERPOP-2121
- [infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities
- [infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities
- [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
- [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
- [nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html
- [nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html
- [pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities
- [pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities
- [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1
- [pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1
- [bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image
- [bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image
- [nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html
- [nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html
- [geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12
- [geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12
- [debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update
- [debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update
- 20190527 [SECURITY] [DSA 4452-1] jackson-databind security update
- 20190527 [SECURITY] [DSA 4452-1] jackson-databind security update
- https://security.netapp.com/advisory/ntap-20190530-0003/
- https://security.netapp.com/advisory/ntap-20190530-0003/
- DSA-4452
- DSA-4452
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Published: 2019-01-02
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-19361
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- 107985
- 107985
- RHBA-2019:0959
- RHBA-2019:0959
- RHSA-2019:0782
- RHSA-2019:0782
- RHSA-2019:0877
- RHSA-2019:0877
- RHSA-2019:1782
- RHSA-2019:1782
- RHSA-2019:1797
- RHSA-2019:1797
- RHSA-2019:1822
- RHSA-2019:1822
- RHSA-2019:1823
- RHSA-2019:1823
- RHSA-2019:2804
- RHSA-2019:2804
- RHSA-2019:2858
- RHSA-2019:2858
- RHSA-2019:3002
- RHSA-2019:3002
- RHSA-2019:3140
- RHSA-2019:3140
- RHSA-2019:3149
- RHSA-2019:3149
- RHSA-2019:3892
- RHSA-2019:3892
- RHSA-2019:4037
- RHSA-2019:4037
- https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8
- https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8
- https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
- https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
- https://github.com/FasterXML/jackson-databind/issues/2186
- https://github.com/FasterXML/jackson-databind/issues/2186
- https://issues.apache.org/jira/browse/TINKERPOP-2121
- https://issues.apache.org/jira/browse/TINKERPOP-2121
- [infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities
- [infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities
- [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
- [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
- [nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html
- [nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html
- [pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities
- [pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities
- [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1
- [pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1
- [bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image
- [bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image
- [nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html
- [nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html
- [geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12
- [geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12
- [debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update
- [debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update
- 20190527 [SECURITY] [DSA 4452-1] jackson-databind security update
- 20190527 [SECURITY] [DSA 4452-1] jackson-databind security update
- https://security.netapp.com/advisory/ntap-20190530-0003/
- https://security.netapp.com/advisory/ntap-20190530-0003/
- DSA-4452
- DSA-4452
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Published: 2019-01-02
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-19362
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- 107985
- 107985
- RHBA-2019:0959
- RHBA-2019:0959
- RHSA-2019:0782
- RHSA-2019:0782
- RHSA-2019:0877
- RHSA-2019:0877
- RHSA-2019:1782
- RHSA-2019:1782
- RHSA-2019:1797
- RHSA-2019:1797
- RHSA-2019:1822
- RHSA-2019:1822
- RHSA-2019:1823
- RHSA-2019:1823
- RHSA-2019:2804
- RHSA-2019:2804
- RHSA-2019:2858
- RHSA-2019:2858
- RHSA-2019:3002
- RHSA-2019:3002
- RHSA-2019:3140
- RHSA-2019:3140
- RHSA-2019:3149
- RHSA-2019:3149
- RHSA-2019:3892
- RHSA-2019:3892
- RHSA-2019:4037
- RHSA-2019:4037
- https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8
- https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8
- https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
- https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
- https://github.com/FasterXML/jackson-databind/issues/2186
- https://github.com/FasterXML/jackson-databind/issues/2186
- https://issues.apache.org/jira/browse/TINKERPOP-2121
- https://issues.apache.org/jira/browse/TINKERPOP-2121
- [infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities
- [infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities
- [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
- [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
- [nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html
- [nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html
- [pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities
- [pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities
- [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
- [pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1
- [pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1
- [bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image
- [bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image
- [nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html
- [nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html
- [geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12
- [geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12
- [debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update
- [debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update
- 20190527 [SECURITY] [DSA 4452-1] jackson-databind security update
- 20190527 [SECURITY] [DSA 4452-1] jackson-databind security update
- https://security.netapp.com/advisory/ntap-20190530-0003/
- https://security.netapp.com/advisory/ntap-20190530-0003/
- DSA-4452
- DSA-4452
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Published: 2018-02-26
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-7489
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- 103203
- 103203
- 1040693
- 1040693
- 1041890
- 1041890
- RHSA-2018:1447
- RHSA-2018:1447
- RHSA-2018:1448
- RHSA-2018:1448
- RHSA-2018:1449
- RHSA-2018:1449
- RHSA-2018:1450
- RHSA-2018:1450
- RHSA-2018:1451
- RHSA-2018:1451
- RHSA-2018:1786
- RHSA-2018:1786
- RHSA-2018:2088
- RHSA-2018:2088
- RHSA-2018:2089
- RHSA-2018:2089
- RHSA-2018:2090
- RHSA-2018:2090
- RHSA-2018:2938
- RHSA-2018:2938
- RHSA-2018:2939
- RHSA-2018:2939
- RHSA-2019:2858
- RHSA-2019:2858
- RHSA-2019:3149
- RHSA-2019:3149
- https://github.com/FasterXML/jackson-databind/issues/1931
- https://github.com/FasterXML/jackson-databind/issues/1931
- [druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves
- [druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves
- https://security.netapp.com/advisory/ntap-20180328-0001/
- https://security.netapp.com/advisory/ntap-20180328-0001/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
- DSA-4190
- DSA-4190
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html