CVE-2019-12384

2019-06-2400:00:00

ubuntu.com

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.533

Percentile

97.6%

JSON

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have
a variety of impacts by leveraging failure to block the logback-core class
from polymorphic deserialization. Depending on the classpath content,
remote code execution may be possible.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930750>

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchjackson-databind< anyUNKNOWN
ubuntu19.10noarchjackson-databind< 2.9.8-3UNKNOWN
ubuntu20.04noarchjackson-databind< 2.9.8-3UNKNOWN
ubuntu20.10noarchjackson-databind< 2.9.8-3UNKNOWN
ubuntu21.04noarchjackson-databind< 2.9.8-3UNKNOWN
ubuntu21.10noarchjackson-databind< 2.9.8-3UNKNOWN
ubuntu22.04noarchjackson-databind< 2.9.8-3UNKNOWN
ubuntu22.10noarchjackson-databind< 2.9.8-3UNKNOWN
ubuntu23.04noarchjackson-databind< 2.9.8-3UNKNOWN
ubuntu23.10noarchjackson-databind< 2.9.8-3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	jackson-databind	< any	UNKNOWN
ubuntu	19.10	noarch	jackson-databind	< 2.9.8-3	UNKNOWN
ubuntu	20.04	noarch	jackson-databind	< 2.9.8-3	UNKNOWN
ubuntu	20.10	noarch	jackson-databind	< 2.9.8-3	UNKNOWN
ubuntu	21.04	noarch	jackson-databind	< 2.9.8-3	UNKNOWN
ubuntu	21.10	noarch	jackson-databind	< 2.9.8-3	UNKNOWN
ubuntu	22.04	noarch	jackson-databind	< 2.9.8-3	UNKNOWN
ubuntu	22.10	noarch	jackson-databind	< 2.9.8-3	UNKNOWN
ubuntu	23.04	noarch	jackson-databind	< 2.9.8-3	UNKNOWN
ubuntu	23.10	noarch	jackson-databind	< 2.9.8-3	UNKNOWN