CVE-2019-14379

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used, leading to remote code execution.

Published : 2019-07-29 12:15 Updated : 2019-08-22 10:15

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
Fasterxml Jackson-databind 2.7.0 cpe:/a:fasterxml:jackson-databind:2.7.0
Fasterxml Jackson-databind 2.7.0 cpe:/a:fasterxml:jackson-databind:2.7.0:-
Fasterxml Jackson-databind 2.7.0 cpe:/a:fasterxml:jackson-databind:2.7.0:rc1
Fasterxml Jackson-databind 2.7.0 cpe:/a:fasterxml:jackson-databind:2.7.0:rc2
Fasterxml Jackson-databind 2.7.0 cpe:/a:fasterxml:jackson-databind:2.7.0:rc3
Fasterxml Jackson-databind 2.7.1 cpe:/a:fasterxml:jackson-databind:2.7.1
Fasterxml Jackson-databind 2.7.1-1 cpe:/a:fasterxml:jackson-databind:2.7.1-1
Fasterxml Jackson-databind 2.7.2 cpe:/a:fasterxml:jackson-databind:2.7.2
Fasterxml Jackson-databind 2.7.3 cpe:/a:fasterxml:jackson-databind:2.7.3
Fasterxml Jackson-databind 2.7.4 cpe:/a:fasterxml:jackson-databind:2.7.4
Fasterxml Jackson-databind 2.7.5 cpe:/a:fasterxml:jackson-databind:2.7.5
Fasterxml Jackson-databind 2.7.6 cpe:/a:fasterxml:jackson-databind:2.7.6
Fasterxml Jackson-databind 2.7.7 cpe:/a:fasterxml:jackson-databind:2.7.7
Fasterxml Jackson-databind 2.7.8 cpe:/a:fasterxml:jackson-databind:2.7.8
Fasterxml Jackson-databind 2.7.9 cpe:/a:fasterxml:jackson-databind:2.7.9
Fasterxml Jackson-databind 2.7.9.1 cpe:/a:fasterxml:jackson-databind:2.7.9.1
Fasterxml Jackson-databind 2.7.9.2 cpe:/a:fasterxml:jackson-databind:2.7.9.2
Fasterxml Jackson-databind 2.7.9.3 cpe:/a:fasterxml:jackson-databind:2.7.9.3
Fasterxml Jackson-databind 2.7.9.4 cpe:/a:fasterxml:jackson-databind:2.7.9.4
Fasterxml Jackson-databind 2.7.9.5 cpe:/a:fasterxml:jackson-databind:2.7.9.5
Fasterxml Jackson-databind 2.8.0 cpe:/a:fasterxml:jackson-databind:2.8.0
Fasterxml Jackson-databind 2.8.1 cpe:/a:fasterxml:jackson-databind:2.8.1
Fasterxml Jackson-databind 2.8.2 cpe:/a:fasterxml:jackson-databind:2.8.2
Fasterxml Jackson-databind 2.8.3 cpe:/a:fasterxml:jackson-databind:2.8.3
Fasterxml Jackson-databind 2.8.4 cpe:/a:fasterxml:jackson-databind:2.8.4
Fasterxml Jackson-databind 2.8.5 cpe:/a:fasterxml:jackson-databind:2.8.5
Fasterxml Jackson-databind 2.8.6 cpe:/a:fasterxml:jackson-databind:2.8.6
Fasterxml Jackson-databind 2.8.7 cpe:/a:fasterxml:jackson-databind:2.8.7
Fasterxml Jackson-databind 2.8.8 cpe:/a:fasterxml:jackson-databind:2.8.8
Fasterxml Jackson-databind 2.8.8.1 cpe:/a:fasterxml:jackson-databind:2.8.8.1
Fasterxml Jackson-databind 2.8.9 cpe:/a:fasterxml:jackson-databind:2.8.9
Fasterxml Jackson-databind 2.8.10 cpe:/a:fasterxml:jackson-databind:2.8.10
Fasterxml Jackson-databind 2.8.11 cpe:/a:fasterxml:jackson-databind:2.8.11
Fasterxml Jackson-databind 2.8.11.1 cpe:/a:fasterxml:jackson-databind:2.8.11.1
Fasterxml Jackson-databind 2.8.11.2 cpe:/a:fasterxml:jackson-databind:2.8.11.2
Fasterxml Jackson-databind 2.8.11.3 cpe:/a:fasterxml:jackson-databind:2.8.11.3
Fasterxml Jackson-databind 2.9.0 cpe:/a:fasterxml:jackson-databind:2.9.0
Fasterxml Jackson-databind 2.9.0 cpe:/a:fasterxml:jackson-databind:2.9.0:-
Fasterxml Jackson-databind 2.9.0 cpe:/a:fasterxml:jackson-databind:2.9.0:prerelease1
Fasterxml Jackson-databind 2.9.0 cpe:/a:fasterxml:jackson-databind:2.9.0:prerelease2
Fasterxml Jackson-databind 2.9.0 cpe:/a:fasterxml:jackson-databind:2.9.0:prerelease3
Fasterxml Jackson-databind 2.9.0 cpe:/a:fasterxml:jackson-databind:2.9.0:prerelease4
Fasterxml Jackson-databind 2.9.1 cpe:/a:fasterxml:jackson-databind:2.9.1
Fasterxml Jackson-databind 2.9.2 cpe:/a:fasterxml:jackson-databind:2.9.2
Fasterxml Jackson-databind 2.9.3 cpe:/a:fasterxml:jackson-databind:2.9.3
Fasterxml Jackson-databind 2.9.4 cpe:/a:fasterxml:jackson-databind:2.9.4
Fasterxml Jackson-databind 2.9.5 cpe:/a:fasterxml:jackson-databind:2.9.5
Fasterxml Jackson-databind 2.9.6 cpe:/a:fasterxml:jackson-databind:2.9.6
Fasterxml Jackson-databind 2.9.7 cpe:/a:fasterxml:jackson-databind:2.9.7
Fasterxml Jackson-databind 2.9.8 cpe:/a:fasterxml:jackson-databind:2.9.8
Fasterxml Jackson-databind 2.9.9 cpe:/a:fasterxml:jackson-databind:2.9.9
Fasterxml Jackson-databind 2.9.9.1 cpe:/a:fasterxml:jackson-databind:2.9.9.1
Netapp Oncommand Workflow Automation - cpe:/a:netapp:oncommand_workflow_automation:-
Netapp Snapcenter - cpe:/a:netapp:snapcenter:-
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
  1. Fasterxml (1) Search CVE
    1. Jackson-databind (43) Search CVE
      1. 2.7.0
      2. 2.7.1
      3. 2.7.1-1
      4. 2.7.2
      5. 2.7.3
      6. 2.7.4
      7. 2.7.5
      8. 2.7.6
      9. 2.7.7
      10. 2.7.8
      11. 2.7.9
      12. 2.7.9.1
      13. 2.7.9.2
      14. 2.7.9.3
      15. 2.7.9.4
      16. 2.7.9.5
      17. 2.8.0
      18. 2.8.1
      19. 2.8.2
      20. 2.8.3
      21. 2.8.4
      22. 2.8.5
      23. 2.8.6
      24. 2.8.7
      25. 2.8.8
      26. 2.8.8.1
      27. 2.8.9
      28. 2.8.10
      29. 2.8.11
      30. 2.8.11.1
      31. 2.8.11.2
      32. 2.8.11.3
      33. 2.9.0
      34. 2.9.1
      35. 2.9.2
      36. 2.9.3
      37. 2.9.4
      38. 2.9.5
      39. 2.9.6
      40. 2.9.7
      41. 2.9.8
      42. 2.9.9
      43. 2.9.9.1
  2. Debian (1) Search CVE
    1. Debian Linux (1) Search CVE
      1. 8.0
  3. Netapp (2) Search CVE
    1. Snapcenter (1) Search CVE
      1. -
    2. Oncommand Workflow Automation (1) Search CVE
      1. -

CWE

ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2019-08-22 10:15
2019-08-21 18:08
2019-08-13 00:15
2019-08-06 12:58
2019-07-29 13:29

New CVE