QwikSec

Security Database

CVE

CWE

Training

CVE-2019-14439

Published: Jul 30, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update

mailing-list

x_refsource_MLIST

[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439

mailing-list

x_refsource_MLIST

[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439

mailing-list

x_refsource_MLIST

[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439

mailing-list

x_refsource_MLIST

[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439

mailing-list

x_refsource_MLIST

[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439

mailing-list

x_refsource_MLIST

[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439

mailing-list

x_refsource_MLIST

[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204

mailing-list

x_refsource_MLIST

[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439

mailing-list

x_refsource_MLIST

[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439

mailing-list

x_refsource_MLIST

[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to >= 2.9.9.3 to address security vulnerabilities

mailing-list

x_refsource_MLIST

FEDORA-2019-ae6a703b8f

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-fb23eccc03

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_DEBIAN

20191007 [SECURITY] [DSA 4542-1] jackson-databind security update

mailing-list

x_refsource_BUGTRAQ

[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities

mailing-list

x_refsource_MLIST

[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities

mailing-list

x_refsource_MLIST

[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html

mailing-list

x_refsource_MLIST

[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html

mailing-list

x_refsource_MLIST

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

x_refsource_MISC

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20190814-0001/

x_refsource_CONFIRM

https://github.com/FasterXML/jackson-databind/issues/2389

x_refsource_MISC

https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.