QwikSec

Security Database

CVE

CWE

Training

CVE-2019-12384

Published: Jun 24, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439

mailing-list

x_refsource_MLIST

[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439

mailing-list

x_refsource_MLIST

[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439

mailing-list

x_refsource_MLIST

[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439

mailing-list

x_refsource_MLIST

[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439

mailing-list

x_refsource_MLIST

[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439

mailing-list

x_refsource_MLIST

[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204

mailing-list

x_refsource_MLIST

[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439

mailing-list

x_refsource_MLIST

[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

FEDORA-2019-99ff6aa32c

vendor-advisory

x_refsource_FEDORA

[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities

mailing-list

x_refsource_MLIST

FEDORA-2019-ae6a703b8f

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-fb23eccc03

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_DEBIAN

20191007 [SECURITY] [DSA 4542-1] jackson-databind security update

mailing-list

x_refsource_BUGTRAQ

[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities

mailing-list

x_refsource_MLIST

[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html

mailing-list

x_refsource_MLIST

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

x_refsource_MISC

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

https://doyensec.com/research.html

x_refsource_MISC

https://github.com/FasterXML/jackson-databind/compare/74b90a4...a977aad

x_refsource_MISC

https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20190703-0002/

x_refsource_CONFIRM

https://blog.doyensec.com/2019/07/22/jackson-gadgets.html

x_refsource_MISC

https://www.oracle.com/security-alerts/cpuoct2020.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.