Lucene search

Information exposure in FasterXML jackson-databind

🗓️ 23 May 2019 09:24:32Reported by GitHub Advisory DatabaseType

github🔗 github.com👁 114 Views

Polymorphic Typing issue in FasterXML jackson-databind 2.x before 2.9.

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 140
Cvelist	CVE-2019-12086	17 May 201916:57	–	cvelist
Cvelist	CVE-2019-10202	1 Oct 201914:22	–	cvelist
IBM Security Bulletins	Security Bulletin: IBM Event Streams is affected by jackson-databind vulnerability CVE-2019-12086	9 Jul 201914:30	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability affects IBM Cloud Object Storage SDK Java (June 2019)	12 Jun 201923:40	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities have been identified in bundled libraries of IBM Tivoli Netcool/OMNIbus Common Integration Libraries (CVE-2019-12086, CVE-2019-0201)	30 Aug 201903:49	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in FasterXML Jackson libraries affect IBM Cúram Social Program Management (CVE-2019-14439, CVE-2019-14379, CVE-2019-12814, CVE-2019-12086)	1 Oct 201916:24	–	ibm
IBM Security Bulletins	Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Jackson databind	18 May 202022:54	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Open Source used in IBM Cloud Pak System	7 Jul 202016:58	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in FasterXML jackson-databind affect Apache Solr shipped with IBM Operations Analytics - Log Analysis	16 Apr 202115:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities	29 May 202015:44	–	ibm

Vulners

Node

com.fasterxml.jackson.core jackson-databindRange2.0.0–2.6.7.3

com.fasterxml.jackson.core jackson-databindRange2.7.0–2.7.9.6

com.fasterxml.jackson.core jackson-databindRange2.8.0–2.8.11.4

com.fasterxml.jackson.core jackson-databindRange2.9.0–2.9.9

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2019-12086
github	www.github.com/FasterXML/jackson-databind/issues/2326
github	www.github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9
medium	www.medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
access	www.access.redhat.com/errata/RHSA-2019:2858
access	www.access.redhat.com/errata/RHSA-2019:2935
access	www.access.redhat.com/errata/RHSA-2019:2936
access	www.access.redhat.com/errata/RHSA-2019:2937
access	www.access.redhat.com/errata/RHSA-2019:2938
access	www.access.redhat.com/errata/RHSA-2019:2998

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

23 May 2019 09:32Current

1.2Low risk

Vulners AI Score1.2

CVSS25

CVSS37.5

EPSS0.15745

CWE-502