CVE-2018-14719

Published: Jan 2, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44

x_refsource_CONFIRM

https://github.com/FasterXML/jackson-databind/issues/2097

x_refsource_CONFIRM

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

x_refsource_CONFIRM

https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7

x_refsource_CONFIRM

[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update

mailing-list

x_refsource_MLIST

[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1

mailing-list

x_refsource_MLIST

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

x_refsource_MISC

RHSA-2019:0782

vendor-advisory

x_refsource_REDHAT

RHSA-2019:0877

vendor-advisory

x_refsource_REDHAT

RHBA-2019:0959

vendor-advisory

x_refsource_REDHAT

DSA-4452

vendor-advisory

x_refsource_DEBIAN

20190527 [SECURITY] [DSA 4452-1] jackson-databind security update

mailing-list

x_refsource_BUGTRAQ

https://security.netapp.com/advisory/ntap-20190530-0003/

x_refsource_CONFIRM

RHSA-2019:1782

vendor-advisory

x_refsource_REDHAT

RHSA-2019:1797

vendor-advisory

x_refsource_REDHAT

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

x_refsource_MISC

RHSA-2019:1822

vendor-advisory

x_refsource_REDHAT

RHSA-2019:1823

vendor-advisory

x_refsource_REDHAT

RHSA-2019:2804

vendor-advisory

x_refsource_REDHAT

RHSA-2019:2858

vendor-advisory

x_refsource_REDHAT

RHSA-2019:3002

vendor-advisory

x_refsource_REDHAT

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

x_refsource_MISC

RHSA-2019:3140

vendor-advisory

x_refsource_REDHAT

[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities

mailing-list

x_refsource_MLIST

RHSA-2019:3149

vendor-advisory

x_refsource_REDHAT

[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities

mailing-list

x_refsource_MLIST

[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities

mailing-list

x_refsource_MLIST

RHSA-2019:3892

vendor-advisory

x_refsource_REDHAT

RHSA-2019:4037

vendor-advisory

x_refsource_REDHAT

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-14719

Description

Affected Products

References