3 matches found
CVE-2019-20330
CVE-2019-20330 affects FasterXML jackson-databind 2.x before 2.9.10.2, which lacks blocking for net.sf.ehcache in deserialization. This is a deserialization-side issue with high–critical impact potential; remediation is to upgrade to jackson-databind 2.9.10.2 or newer as indicated by connected IB...
CVE-2019-17531
CVE-2019-17531 affects FasterXML jackson-databind 2.0.0–2.9.10; when Default Typing is enabled for an externally exposed JSON endpoint and apache-log4j-extra 1.2.x is on the classpath, an attacker capable of providing a JNDI service can trigger remote code execution. Connected documents corrobora...
CVE-2019-16943
CVE-2019-16943 affects FasterXML jackson-databind (versions 2.0.0–2.9.10) via a polymorphic typing flaw that, when Default Typing is enabled for an exposed JSON endpoint and a p6spy P6DataSource is present in the classpath with an accessible RMI endpoint, can lead to remote code execution. The ro...