logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2019-12384

Description

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.


Affected Software


CPE Name Name Version
fasterxml:jackson-databind fasterxml jackson-databind 2.7.9.5
fasterxml:jackson-databind fasterxml jackson-databind 2.9.9.1
fasterxml:jackson-databind fasterxml jackson-databind 2.8.11.3
debian:debian_linux debian debian linux 8.0
redhat:enterprise_linux redhat enterprise linux 7.0
redhat:enterprise_linux redhat enterprise linux 7.4
redhat:enterprise_linux redhat enterprise linux 7.6
redhat:enterprise_linux redhat enterprise linux 7.5
redhat:enterprise_linux redhat enterprise linux 7.7

Related