CVE-2018-14720

Published: Jan 2, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44

x_refsource_CONFIRM

https://github.com/FasterXML/jackson-databind/issues/2097

x_refsource_CONFIRM

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

x_refsource_CONFIRM

https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7

x_refsource_CONFIRM

[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update

mailing-list

x_refsource_MLIST

[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...

mailing-list

x_refsource_MLIST

[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...

mailing-list

x_refsource_MLIST

[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1

mailing-list

x_refsource_MLIST

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

x_refsource_MISC

mailing-list

x_refsource_MLIST

RHSA-2019:0782

vendor-advisory

x_refsource_REDHAT

RHBA-2019:0959

vendor-advisory

x_refsource_REDHAT

RHSA-2019:1107

vendor-advisory

x_refsource_REDHAT

RHSA-2019:1108

vendor-advisory

x_refsource_REDHAT

RHSA-2019:1106

vendor-advisory

x_refsource_REDHAT

RHSA-2019:1140

vendor-advisory

x_refsource_REDHAT

DSA-4452

vendor-advisory

x_refsource_DEBIAN

20190527 [SECURITY] [DSA 4452-1] jackson-databind security update

mailing-list

x_refsource_BUGTRAQ

https://security.netapp.com/advisory/ntap-20190530-0003/

x_refsource_CONFIRM

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

x_refsource_MISC

RHSA-2019:1822

vendor-advisory

x_refsource_REDHAT

RHSA-2019:1823

vendor-advisory

x_refsource_REDHAT

RHSA-2019:2858

vendor-advisory

x_refsource_REDHAT

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

x_refsource_MISC

[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities

mailing-list

x_refsource_MLIST

RHSA-2019:3149

vendor-advisory

x_refsource_REDHAT

[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities

mailing-list

x_refsource_MLIST

[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities

mailing-list

x_refsource_MLIST

RHSA-2019:3892

vendor-advisory

x_refsource_REDHAT

RHSA-2019:4037

vendor-advisory

x_refsource_REDHAT

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-14720

Description

Affected Products

References