GHSA-x2w5-5m2g-7h5m
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
Package Versions Affected
Automatically patch vulnerabilities without upgrading
CVSS Version
Related Resources
References
https://nvd.nist.gov/vuln/detail/CVE-2018-14720, https://github.com/FasterXML/jackson-databind/issues/2097, https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44, https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f@%3Cdev.lucene.apache.org%3E, https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E, https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df@%3Cdev.lucene.apache.org%3E, https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E, https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E, https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E, https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html, https://seclists.org/bugtraq/2019/May/68, https://security.netapp.com/advisory/ntap-20190530-0003, https://www.debian.org/security/2019/dsa-4452, https://www.oracle.com/security-alerts/cpuapr2020.html, https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html, https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html, https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html, https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html, https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286@%3Cdev.lucene.apache.org%3E, https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E, https://github.com/advisories/GHSA-x2w5-5m2g-7h5m, https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7, https://access.redhat.com/errata/RHSA-2019:4037, https://access.redhat.com/errata/RHSA-2019:3892, https://access.redhat.com/errata/RHSA-2019:3149, https://access.redhat.com/errata/RHSA-2019:2858, https://access.redhat.com/errata/RHSA-2019:1823, https://access.redhat.com/errata/RHSA-2019:1822, https://access.redhat.com/errata/RHSA-2019:1140, https://access.redhat.com/errata/RHSA-2019:1108, https://access.redhat.com/errata/RHSA-2019:1107, https://access.redhat.com/errata/RHSA-2019:1106, https://access.redhat.com/errata/RHSA-2019:0782, https://access.redhat.com/errata/RHBA-2019:0959
Basic Information
