Showing 1 - 3 of 3

CVE-2019-14439

Status Candidate

Overview

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.

Related Files

Red Hat Security Advisory 2020-0983-01: Posted Mar 27, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-0983-01 - This release of Red Hat Fuse 7.6.0 serves as a replacement for Red Hat Fuse 7.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and information leakage vulnerabilities.; tags | advisory, denial of service, vulnerability, code execution, xss; systems | linux, redhat; advisories | CVE-2015-9251, CVE-2017-16012, CVE-2017-5929, CVE-2018-11771, CVE-2018-15756, CVE-2019-10174, CVE-2019-10184, CVE-2019-11272, CVE-2019-12384, CVE-2019-12422, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439, CVE-2019-17570, CVE-2019-3802, CVE-2019-3888, CVE-2019-5427, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518; SHA-256 | c2b2bece438c10e903155ade04dc8eb70bbee2e9169a4e812ce54e8f4eebf85a; Download | Favorite | View

Red Hat Security Advisory 2019-3200-01: Posted Oct 24, 2019; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2019-3200-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 1.3.0 serves as a replacement for Red Hat AMQ Streams 1.2.0, and includes security and bug fixes, and enhancements. Polymorphic typing issues have been addressed.; tags | advisory; systems | linux, redhat; advisories | CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-17267; SHA-256 | 9df116295ee75d50fcd25230e47f23551158b01b6c2c8789a3ead5e3e518884f; Download | Favorite | View

Debian Security Advisory 4542-1: Posted Oct 7, 2019; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4542-1 - It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker providing maliciously crafted input to perform code execution, or read arbitrary files on the server.; tags | advisory, java, arbitrary, code execution; systems | linux, debian; advisories | CVE-2019-12384, CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943; SHA-256 | 3b0c7bdc4a347077c77854e783302a4d041ee2eb869b09d42d5f6680628b4bf5; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 197 files
Ubuntu 71 files
Debian 24 files
Ahmet Umit Bayram 6 files
Gentoo 5 files
Amit Roy 4 files
Furkan Eren Tetik 4 files
ron190 3 files
Jann Horn 3 files
Google Security Research 3 files

File Archives

Systems

AIX (429)
Apple (2,089)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,072)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,505)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,147)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (16,149)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,606)
UNIX (9,422)
UnixWare (187)
Windows (6,665)
Other

CVE-2019-14439

Overview

Related Files

File Archive:

June 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems