CVE-2019-14379

CVE-2019-14379 affects FasterXML jackson-databind prior to 2.9.9.2, where default typing mishandling when ehcache is present (via net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup) leads to remote code execution. Affected component is jackson-databind’s data-binding implementatio...

CVE-2019-14379

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup, leading to remote code execution...

PT-2019-3766 · Jackson +4 · Jackson-Databind +4

Name of the Vulnerable Software and Affected Versions: jackson-databind versions 2.7.0 through 2.7.9.5 jackson-databind versions 2.8.0 through 2.8.11.3 jackson-databind versions 2.9.0 through 2.9.9.1 Description: The issue is related to the mishandling of default typing in the SubTypeValidator.ja...

Internet Bug Bounty: Industry-Wide MITM Vulnerability Impacting the JVM Ecosystem

I've been exploring the industry-wide scope of the use of HTTP to resolve dependencies in build infrastructure across the industry. What I unearthed was that some of the most popular libraries and two compilers were impacted by this vulnerability. Vulnerability CWE-829: Inclusion of Functionality...