9.8

CVE-2019-14379

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FasterxmlJackson-databind Version >= 2.0.0 < 2.6.7.3
FasterxmlJackson-databind Version >= 2.7.0 < 2.7.9.6
FasterxmlJackson-databind Version >= 2.8.0 < 2.8.11.4
FasterxmlJackson-databind Version >= 2.9.0 < 2.9.9.2
DebianDebian Linux Version8.0
NetappActive Iq Unified Manager SwPlatformlinux Version >= 7.3
NetappActive Iq Unified Manager SwPlatformwindows Version >= 7.3
NetappActive Iq Unified Manager SwPlatformvmware_vsphere Version >= 9.5
NetappSnapcenter Version-
FedoraprojectFedora Version29
FedoraprojectFedora Version30
FedoraprojectFedora Version31
RedhatOpenshift Container Platform Version4.1
   RedhatEnterprise Linux Version7.0
RedhatSingle Sign-on Version7.3
   RedhatEnterprise Linux Version7.0
RedhatSingle Sign-on Version7.3
   RedhatEnterprise Linux Version6.0
RedhatSingle Sign-on Version7.3
   RedhatEnterprise Linux Version8.0
OracleBanking Platform Version2.4.0
OracleBanking Platform Version2.4.1
OracleBanking Platform Version2.5.0
OracleBanking Platform Version2.6.0
OracleBanking Platform Version2.6.1
OracleBanking Platform Version2.7.0
OracleBanking Platform Version2.7.1
OracleGoldengate Stream Analytics Version < 19.1.0.0.1
OraclePrimavera Gateway Version15.2
OraclePrimavera Gateway Version16.2
OraclePrimavera Gateway Version17.12
OraclePrimavera Gateway Version18.8.0
OraclePrimavera Unifier Version >= 17.7 <= 17.12
OraclePrimavera Unifier Version16.1
OraclePrimavera Unifier Version16.2
OraclePrimavera Unifier Version18.8
OracleSiebel Ui Framework Version <= 19.10
AppleXCode Version < 13.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.05% 0.94
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

https://www.oracle.com/security-alerts/cpujan2020.html
Third Party Advisory
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
https://www.oracle.com/security-alerts/cpuapr2020.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Patch
Third Party Advisory
https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
https://access.redhat.com/errata/RHSA-2019:2858
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3149
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0727
Third Party Advisory
https://access.redhat.com/errata/RHBA-2019:2824
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2998
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2935
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2936
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2937
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2938
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3044
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3045
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3046
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3050
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3200
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/
https://access.redhat.com/errata/RHSA-2019:3292
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3297
Third Party Advisory
https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E
https://access.redhat.com/errata/RHSA-2019:3901
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Mar/23
Third Party Advisory
Mailing List
https://access.redhat.com/errata/RHSA-2019:2743
Third Party Advisory
https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2
Patch
Third Party Advisory
https://github.com/FasterXML/jackson-databind/issues/2387
Patch
Third Party Advisory
Issue Tracking
https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3Ccommits.tinkerpop.apache.org%3E
https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815%40%3Cissues.iceberg.apache.org%3E
https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb%40%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3Cissues.iceberg.apache.org%3E
https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d%40%3Cissues.iceberg.apache.org%3E
https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf%40%3Cissues.iceberg.apache.org%3E
https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f%40%3Cissues.iceberg.apache.org%3E
https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54%40%3Cissues.iceberg.apache.org%3E
https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17%40%3Cissues.iceberg.apache.org%3E
https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d%40%3Cissues.iceberg.apache.org%3E
https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f%40%3Ccommits.ambari.apache.org%3E
https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a%40%3Ccommits.ambari.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html
Third Party Advisory
Mailing List
https://security.netapp.com/advisory/ntap-20190814-0001/
Third Party Advisory
https://support.apple.com/kb/HT213189
Third Party Advisory