CVE-2019-14379

Published: Jul 29, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update

mailing-list

x_refsource_MLIST

[ambari-commits] 20190813 [ambari] branch branch-2.7 updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379 (#3066)

mailing-list

x_refsource_MLIST

[ambari-commits] 20190813 [ambari] branch trunk updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379(trunk) (#3067)

mailing-list

x_refsource_MLIST

[pulsar-commits] 20190822 [GitHub] [pulsar] massakam opened a new pull request #5011: [security] Upgrade jackson-databind

mailing-list

x_refsource_MLIST

[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439

mailing-list

x_refsource_MLIST

[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439

mailing-list

x_refsource_MLIST

[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439

mailing-list

x_refsource_MLIST

[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439

mailing-list

x_refsource_MLIST

[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439

mailing-list

x_refsource_MLIST

[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439

mailing-list

x_refsource_MLIST

[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204

mailing-list

x_refsource_MLIST

[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439

mailing-list

x_refsource_MLIST

[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439

mailing-list

x_refsource_MLIST

RHSA-2019:2743

vendor-advisory

x_refsource_REDHAT

FEDORA-2019-99ff6aa32c

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-ae6a703b8f

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-fb23eccc03

vendor-advisory

x_refsource_FEDORA

[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues

mailing-list

x_refsource_MLIST

RHSA-2019:2858

vendor-advisory

x_refsource_REDHAT

RHSA-2019:2937

vendor-advisory

x_refsource_REDHAT

RHSA-2019:2935

vendor-advisory

x_refsource_REDHAT

RHSA-2019:2936

vendor-advisory

x_refsource_REDHAT

RHSA-2019:2938

vendor-advisory

x_refsource_REDHAT

RHSA-2019:2998

vendor-advisory

x_refsource_REDHAT

[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue opened a new pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379

mailing-list

x_refsource_MLIST

[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah opened a new pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379

mailing-list

x_refsource_MLIST

[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379

mailing-list

x_refsource_MLIST

[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379

mailing-list

x_refsource_MLIST

[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue closed pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379

mailing-list

x_refsource_MLIST

[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue merged pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379

mailing-list

x_refsource_MLIST

[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #533: Update Jackson to 2.9.10 for CVE-2019-14379

mailing-list

x_refsource_MLIST

RHBA-2019:2824

vendor-advisory

x_refsource_REDHAT

RHSA-2019:3044

vendor-advisory

x_refsource_REDHAT

RHSA-2019:3045

vendor-advisory

x_refsource_REDHAT

RHSA-2019:3050

vendor-advisory

x_refsource_REDHAT

RHSA-2019:3046

vendor-advisory

x_refsource_REDHAT

[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities

mailing-list

x_refsource_MLIST

RHSA-2019:3149

vendor-advisory

x_refsource_REDHAT

[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities

mailing-list

x_refsource_MLIST

[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities

mailing-list

x_refsource_MLIST

RHSA-2019:3200

vendor-advisory

x_refsource_REDHAT

[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379

mailing-list

x_refsource_MLIST

RHSA-2019:3292

vendor-advisory

x_refsource_REDHAT

RHSA-2019:3297

vendor-advisory

x_refsource_REDHAT

RHSA-2019:3901

vendor-advisory

x_refsource_REDHAT

RHSA-2020:0727

vendor-advisory

x_refsource_REDHAT

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

x_refsource_MISC

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

https://github.com/FasterXML/jackson-databind/issues/2387

x_refsource_MISC

https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20190814-0001/

x_refsource_CONFIRM

[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image

mailing-list

x_refsource_MLIST

[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12

mailing-list

x_refsource_MLIST

https://www.oracle.com/security-alerts/cpuoct2020.html

x_refsource_MISC

https://www.oracle.com/security-alerts/cpuApr2021.html

x_refsource_MISC

https://support.apple.com/kb/HT213189

x_refsource_CONFIRM

20220314 APPLE-SA-2022-03-14-7 Xcode 13.3

mailing-list

x_refsource_FULLDISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-14379

Description

Affected Products

References