logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2019-12384

Description

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.


Affected Package


OS OS Version Package Name Package Version
Debian 12 jackson-databind 2.13.2.2-1
Debian 11 jackson-databind 2.12.1-1
Debian 10 jackson-databind 2.9.8-3+deb10u3
Debian 999 jackson-databind 2.13.2.2-1

Related