QwikSec

Security Database

CVE

CWE

Training

CVE-2019-16943

Published: Oct 1, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_DEBIAN

20191007 [SECURITY] [DSA 4542-1] jackson-databind security update

mailing-list

x_refsource_BUGTRAQ

FEDORA-2019-b171554877

vendor-advisory

x_refsource_FEDORA

[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities

mailing-list

x_refsource_MLIST

[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities

mailing-list

x_refsource_MLIST

[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities

mailing-list

x_refsource_MLIST

FEDORA-2019-cf87377f5f

vendor-advisory

x_refsource_FEDORA

[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379

mailing-list

x_refsource_MLIST

[iceberg-commits] 20191028 [incubator-iceberg] branch master updated: Update Jackson to 2.10.0 for CVE-2019-16943 (#583)

mailing-list

x_refsource_MLIST

[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

x_refsource_MISC

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

https://github.com/FasterXML/jackson-databind/issues/2478

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20191017-0006/

x_refsource_CONFIRM

[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image

mailing-list

x_refsource_MLIST

[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12

mailing-list

x_refsource_MLIST

https://www.oracle.com/security-alerts/cpuoct2020.html

x_refsource_MISC

https://www.oracle.com//security-alerts/cpujul2021.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.