(RHSA-2019:2743) Important: rh-maven35-jackson-databind security update

2019-09-12T15:15:32
ID RHSA-2019:2743
Type redhat
Reporter RedHat
Modified 2019-09-12T16:26:51

Description

The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API.

Security Fix(es):

  • jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.