2019-07-29 14:15:16 2020-08-31 16:15:00

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Advisory Patch Confirmed Link
https://security.netapp.com/advisory/ntap-20190814-0001/
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpu...
https://lists.fedoraproject.org/archives/list/package-an...
https://lists.fedoraproject.org/archives/list/package-an...
https://lists.fedoraproject.org/archives/list/package-an...
https://lists.debian.org/debian-lts-announce/2019/08/msg...
https://lists.apache.org/thread.html/ee0a051428d2c719acf...
https://lists.apache.org/thread.html/f17f63b0f8a57e4a575...
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1...
https://lists.apache.org/thread.html/r1b103833cb5bc8466e...
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf9...
https://lists.apache.org/thread.html/d161ff3d59c5a821340...
https://lists.apache.org/thread.html/e25e734c315f70d8876...
https://lists.apache.org/thread.html/87e46591de8925f7196...
https://lists.apache.org/thread.html/940b4c3fef002461b89...
https://lists.apache.org/thread.html/99944f86abefde389da...
https://lists.apache.org/thread.html/b0656d359c7d40ec9f3...
https://lists.apache.org/thread.html/8723b52c2544e6cb804...
https://lists.apache.org/thread.html/75f482fdc84abe6d0c8...
https://lists.apache.org/thread.html/859815b2e9f1575acbb...
https://lists.apache.org/thread.html/6788e4c991f75b89d29...
https://lists.apache.org/thread.html/689c6bcc6c7612eee71...
https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e...
https://lists.apache.org/thread.html/5ecc333113b139429f4...
https://lists.apache.org/thread.html/56c8042873595b8c863...
https://lists.apache.org/thread.html/525bcf949a4b0da87a3...
https://lists.apache.org/thread.html/519eb0fd45642dcecd9...
https://lists.apache.org/thread.html/34717424b4d08b74f65...
https://lists.apache.org/thread.html/2d2a76440becb610b9a...
https://lists.apache.org/thread.html/2766188be238a446a25...
https://lists.apache.org/thread.html/0fcef7321095ce0bc59...
https://access.redhat.com/errata/RHSA-2019:3901
https://access.redhat.com/errata/RHSA-2020:0727
https://github.com/FasterXML/jackson-databind/compare/ja...
https://github.com/FasterXML/jackson-databind/issues/238...
https://lists.apache.org/thread.html/0d4b630d9ee724aee50...
https://access.redhat.com/errata/RHSA-2019:3297
https://access.redhat.com/errata/RHSA-2019:3292
https://access.redhat.com/errata/RHSA-2019:3200
https://access.redhat.com/errata/RHSA-2019:3149
https://access.redhat.com/errata/RHSA-2019:3050
https://access.redhat.com/errata/RHSA-2019:3046
https://access.redhat.com/errata/RHSA-2019:3045
https://access.redhat.com/errata/RHSA-2019:2937
https://access.redhat.com/errata/RHSA-2019:2938
https://access.redhat.com/errata/RHSA-2019:2998
https://access.redhat.com/errata/RHSA-2019:3044
https://access.redhat.com/errata/RHSA-2019:2936
https://access.redhat.com/errata/RHSA-2019:2935
https://access.redhat.com/errata/RHBA-2019:2824
https://access.redhat.com/errata/RHSA-2019:2743
https://access.redhat.com/errata/RHSA-2019:2858