logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2019-12384

Description

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible. #### Bugs * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930750>


Affected Package


OS OS Version Package Name Package Version
ubuntu 19.10 jackson-databind 2.9.8-3
ubuntu 20.04 jackson-databind 2.9.8-3
ubuntu 20.10 jackson-databind 2.9.8-3
ubuntu 21.04 jackson-databind 2.9.8-3
ubuntu 21.10 jackson-databind 2.9.8-3
ubuntu 22.04 jackson-databind 2.9.8-3
ubuntu upstream jackson-databind 2.9.8-3
ubuntu 14.04 jackson-databind any
ubuntu upstream jackson-databind any
ubuntu 16.04 jackson-databind 2.4.2-3ubuntu0.1~esm2

Related