QwikSec

Security Database

CVE

CWE

Training

CVE-2019-17531

Published: Oct 12, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[pulsar-commits] 20191127 [GitHub] [pulsar] massakam opened a new pull request #5758: Bump jackson libraries to 2.10.1

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update

mailing-list

x_refsource_MLIST

[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

x_refsource_MISC

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

https://github.com/FasterXML/jackson-databind/issues/2498

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20191024-0005/

x_refsource_CONFIRM

[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image

mailing-list

x_refsource_MLIST

[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12

mailing-list

x_refsource_MLIST

https://www.oracle.com/security-alerts/cpuoct2020.html

x_refsource_MISC

https://www.oracle.com//security-alerts/cpujul2021.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.