cve-2019-12814
Vulnerability from cvelistv5
Published
2019-06-19 13:24
Modified
2024-08-04 23:32
Severity ?
Summary
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.
References
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:2858Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:2935Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:2936Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:2937Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:2938Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3044Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3045Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3046Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3050Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3149Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3200Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3292Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3297Third Party Advisory
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2341Third Party Advisory
cve@mitre.orghttps://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731%40%3Cdev.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0%40%3Cnotifications.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324%40%3Cnotifications.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4%40%3Cnotifications.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2%40%3Cnotifications.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd%40%3Ccommits.accumulo.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2019/06/msg00019.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20190625-0006/Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:32:55.182Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html"
          },
          {
            "name": "[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731%40%3Cdev.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd%40%3Ccommits.accumulo.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "FEDORA-2019-99ff6aa32c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"
          },
          {
            "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to \u003e= 2.9.9.3 to address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E"
          },
          {
            "name": "FEDORA-2019-ae6a703b8f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
          },
          {
            "name": "FEDORA-2019-fb23eccc03",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
          },
          {
            "name": "RHSA-2019:2858",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2858"
          },
          {
            "name": "RHSA-2019:2937",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2937"
          },
          {
            "name": "RHSA-2019:2935",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2935"
          },
          {
            "name": "RHSA-2019:2936",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2936"
          },
          {
            "name": "RHSA-2019:2938",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2938"
          },
          {
            "name": "[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3044",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3044"
          },
          {
            "name": "RHSA-2019:3045",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3045"
          },
          {
            "name": "RHSA-2019:3050",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3050"
          },
          {
            "name": "RHSA-2019:3046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3046"
          },
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3149",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3149"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3200",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3200"
          },
          {
            "name": "RHSA-2019:3292",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3292"
          },
          {
            "name": "RHSA-2019:3297",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3297"
          },
          {
            "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2341"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190625-0006/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:57",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html"
        },
        {
          "name": "[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731%40%3Cdev.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd%40%3Ccommits.accumulo.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "FEDORA-2019-99ff6aa32c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"
        },
        {
          "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to \u003e= 2.9.9.3 to address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E"
        },
        {
          "name": "FEDORA-2019-ae6a703b8f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
        },
        {
          "name": "FEDORA-2019-fb23eccc03",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
        },
        {
          "name": "RHSA-2019:2858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2858"
        },
        {
          "name": "RHSA-2019:2937",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2937"
        },
        {
          "name": "RHSA-2019:2935",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2935"
        },
        {
          "name": "RHSA-2019:2936",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2936"
        },
        {
          "name": "RHSA-2019:2938",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2938"
        },
        {
          "name": "[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3044",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3044"
        },
        {
          "name": "RHSA-2019:3045",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3045"
        },
        {
          "name": "RHSA-2019:3050",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3050"
        },
        {
          "name": "RHSA-2019:3046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3046"
        },
        {
          "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3149",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3149"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3200",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3200"
        },
        {
          "name": "RHSA-2019:3292",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3292"
        },
        {
          "name": "RHSA-2019:3297",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3297"
        },
        {
          "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2341"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190625-0006/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12814",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html"
            },
            {
              "name": "[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731@%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd@%3Ccommits.accumulo.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "FEDORA-2019-99ff6aa32c",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"
            },
            {
              "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to \u003e= 2.9.9.3 to address security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E"
            },
            {
              "name": "FEDORA-2019-ae6a703b8f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
            },
            {
              "name": "FEDORA-2019-fb23eccc03",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
            },
            {
              "name": "RHSA-2019:2858",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2858"
            },
            {
              "name": "RHSA-2019:2937",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2937"
            },
            {
              "name": "RHSA-2019:2935",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2935"
            },
            {
              "name": "RHSA-2019:2936",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2936"
            },
            {
              "name": "RHSA-2019:2938",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2938"
            },
            {
              "name": "[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3044",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3044"
            },
            {
              "name": "RHSA-2019:3045",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3045"
            },
            {
              "name": "RHSA-2019:3050",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3050"
            },
            {
              "name": "RHSA-2019:3046",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3046"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3149",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3149"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3200",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3200"
            },
            {
              "name": "RHSA-2019:3292",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3292"
            },
            {
              "name": "RHSA-2019:3297",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3297"
            },
            {
              "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2341",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2341"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190625-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190625-0006/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-12814",
    "datePublished": "2019-06-19T13:24:44",
    "dateReserved": "2019-06-13T00:00:00",
    "dateUpdated": "2024-08-04T23:32:55.182Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-12814\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-06-19T14:15:10.897\",\"lastModified\":\"2023-11-07T03:03:41.477\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 un problema de tipificaci\u00f3n polim\u00f3rfica en FasterXML jackson-databind 2.x hasta la 2.9.9. Cuando la escritura predeterminada est\u00e1 habilitada (ya sea globalmente o para una propiedad espec\u00edfica) para un dispositivo remoto JSON expuesto externamente y el servicio cuenta con el JDOM 1.x or 2.x jar en el classpath, un atacante puede enviar un mensaje JSON espec\u00edficamente dise\u00f1ado que les permite leer archivos locales arbitrarios en el servidor.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.6.7.3\",\"matchCriteriaId\":\"7036DA13-110D-40B3-8494-E361BBF4AFCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.7.0\",\"versionEndExcluding\":\"2.7.9.6\",\"matchCriteriaId\":\"89660FC3-9198-414C-B89D-C61A4438BA3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.8.0\",\"versionEndExcluding\":\"2.8.11.4\",\"matchCriteriaId\":\"5DB8A2D4-0FDE-4216-896B-52824106B97B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.9.0\",\"versionEndExcluding\":\"2.9.9.2\",\"matchCriteriaId\":\"04641592-DAF4-47BB-A9DE-FC4C84A20401\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2858\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2935\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2936\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2937\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2938\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3044\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3045\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3046\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3050\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3149\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3200\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3292\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3297\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/2341\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731%40%3Cdev.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd%40%3Ccommits.accumulo.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20190625-0006/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.