jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the mysql gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS...

jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution

A flaw was discovered in FasterXML jackson-databind in versions prior to 2.9.9. The vulnerability would permit polymorphic deserialization of malicious objects using the logback-core gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when...

jackson-databind: default typing mishandling leading to remote code execution

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLAS...

Security Bulletin: Vulnerability in Jackson-Databind Affects IBM Global High Availability Mailbox (CVE-2019-12814)

Summary Vulnerability CVE-2019-12814 in jackson-databind affects IBM Global High Availability Mailbox Vulnerability Details CVEID:CVE-2019-12814 DESCRIPTION: FasterXML jackson-databind could enable a remote attacker to obtain sensitive information, where the vulnerability is caused by a polymorph...

Remote Code Execution

FasterXML jackson-databind is vulnerable to deserialization of untrusted data. There is a polymorphic typing issue because there are more than one association gadget types related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup...

CVE-2019-17267

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup...

CVE-2019-17267

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup...

DEBIAN-CVE-2019-17267

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup...

CVE-2019-17267

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup...

UBUNTU-CVE-2019-17267

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup...

Design/Logic Flaw

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup...

CVE-2019-17267

Summary (CVE-2019-17267): A polymorphic typing deserialization issue in FasterXML Jackson Databind (versions prior to 2.9.10) related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. IBM/X-Force details show a base score of 7.3 (CVSSv3) with high impact on confidentiality, integrit...

CVE-2019-17267

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup...

CVE-2019-17267

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup...

[SECURITY] [DLA 1943-1] jackson-databind security update

Package : jackson-databind Version : 2.4.2-2+deb8u9 CVE ID : CVE-2019-14540 CVE-2019-16335 CVE-2019-16942 CVE-2019-16943 Debian Bug : 940498 941530 More deserialization flaws were discovered in jackson-databind relating to the classes in com.zaxxer.hikari.HikariConfig,...

RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.2.4 on RHEL 6 Security update (Important) (RHSA-2019:2935)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2935 advisory. This release of Red Hat JBoss Enterprise Application Platform 7.2.4 serves as a replacement for Red Hat JBoss Enterprise Application Platfor...

CVE-2019-16942

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the commons-dbcp 1.4 jar in the classpath, and an attacker can find a...

CVE-2019-16943

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the p6spy 3.8.6 jar in the classpath, and an attacker can find an RMI...

CVE-2019-16942

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the commons-dbcp 1.4 jar in the classpath, and an attacker can find a...

CVE-2019-16943

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the p6spy 3.8.6 jar in the classpath, and an attacker can find an RMI...