EUVD-2019-0173

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

FasterXML jackson-databind 2.x prior to 2.9.7 allows remote code execution via polymorphic deserialization

Reporter	Title	Published	Views	Family All 161
IBM Security Bulletins	Security Bulletin: IBM Security Guardium Insights is affected by Components with known vulnerabilities	6 Oct 202112:30	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in jackson-databind affects IBM Process Mining (Multiple CVEs)	1 Feb 202321:46	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple CVEs affect IBM Integration Designer	1 Feb 202319:40	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)	12 Jan 202114:42	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerabilities	1 Oct 201919:20	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Event Streams is affected by jackson-databind vulnerabilities	26 Apr 201916:00	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in jackson-databind affect IBM Platform Symphony and IBM Spectrum Symphony	19 Jun 201917:05	–	ibm
IBM Security Bulletins	Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages	10 Oct 202222:34	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in jackson-databind affect IBM Application Performance Management products	15 Sep 202305:44	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Verify Governance is vulnerable to a denial of service caused by multiple vulnerabilities.	13 Apr 202310:31	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "4d45c4aa-02f3-33e6-b023-98de95529e65",
        "vendor": {
          "name": "n/a"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "65a20ea6-1dcb-3226-b7be-f6e45ba9a9fd",
        "product": {
          "name": "n/a"
        },
        "product_version": "n/a"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2018-14719
github	www.github.com/FasterXML/jackson-databind/issues/2097
github	www.github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
github	www.github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7
lists	www.lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
lists	www.lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
lists	www.lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
lists	www.lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E
lists	www.lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
lists	www.lists.debian.org/debian-lts-announce/2019/03/msg00005.html

07 Oct 2025 00:30Current

8.6High risk

Vulners AI Score8.6

CVSS 3.19.8

CVSS 27.5

EPSS0.03461