logo
DATABASE RESOURCES PRICING ABOUT US

Various CVEs: UAA consumes vulnerable versions of FasterXML jackson-databind | Cloud Foundry

Description

## Severity Critical ## Vendor Cloud Foundry Foundation ## Description Cloud Foundry UAA, versions prior to 74.7.0, contain a dependency on a vulnerable version of FasterXML jackson-databind. These issues have the CVEs CVE-2019-17531, CVE-2019-14379, CVE-2019-16942, CVE-2019-14540, CVE-2019-17267, CVE-2019-16335, and CVE-2019-16943. ## Affected Cloud Foundry Products and Versions * CF Deployment * All versions prior to v12.7.0 * UAA * All versions prior to v74.7.0 ## Mitigation Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases: * CF Deployment * Upgrade All versions to v12.6.0 or greater * UAA * Upgrade All versions to v74.6.0 or greater ## History 2019-11-06: Initial vulnerability report published.


Related