CVE-2019-16335

FasterXML/jackson-databind

on github

Published

September 15, 2019

Severity

CVSS v3:

9.8 CRITICAL

CVSS v2:

7.5 HIGH

Description

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.

References

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:fasterxml:jackson-databind::::::::	2.8.0 (including)	2.8.11.5	*
cpe:2.3:a:fasterxml:jackson-databind::::::::	2.9.0 (including)	2.9.10	*
cpe:2.3:a:fasterxml:jackson-databind::::::::	2.6.0 (including)	2.6.7.3	*
cpe:2.3:o:fedoraproject:fedora:30:::::::*	n/a	n/a	30
cpe:2.3:o:fedoraproject:fedora:31:::::::*	n/a	n/a	31
cpe:2.3:o:debian:debian_linux:8.0:::::::*	n/a	n/a	8.0
cpe:2.3:o:debian:debian_linux:9.0:::::::*	n/a	n/a	9.0
cpe:2.3:o:debian:debian_linux:10.0:::::::*	n/a	n/a	10.0
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*	n/a	n/a	-
cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*	n/a	n/a	-
cpe:2.3:a:netapp:oncommand_api_services:-:::::::*	n/a	n/a	-
cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:::::::*	n/a	n/a	15.0
cpe:2.3:a:oracle:banking_platform:2.4.0:::::::*	n/a	n/a	2.4.0
cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*	n/a	n/a	7.1
cpe:2.3:a:oracle:banking_platform:2.4.1:::::::*	n/a	n/a	2.4.1
cpe:2.3:a:oracle:primavera_gateway:16.1:::::::*	n/a	n/a	16.1
cpe:2.3:a:oracle:primavera_gateway:16.2:::::::*	n/a	n/a	16.2
cpe:2.3:a:oracle:primavera_gateway:15.2:::::::*	n/a	n/a	15.2
cpe:2.3:a:oracle:banking_platform:2.5.0:::::::*	n/a	n/a	2.5.0
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*	n/a	n/a	12.2.1.3.0
cpe:2.3:a:oracle:banking_platform:2.6.0:::::::*	n/a	n/a	2.6.0
cpe:2.3:a:oracle:banking_platform:2.6.1:::::::*	n/a	n/a	2.6.1
cpe:2.3:a:oracle:banking_platform:2.7.0:::::::*	n/a	n/a	2.7.0
cpe:2.3:a:oracle:banking_platform:2.7.1:::::::*	n/a	n/a	2.7.1
cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:::::::*	n/a	n/a	18.0
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::	8.0.2 (including)	8.0.8 (including)	*
cpe:2.3:a:oracle:global_lifecycle_management_opatch::::::::	n/a	11.2.0.3.23	*
cpe:2.3:a:oracle:global_lifecycle_management_opatch::::::::	12.2.0.1.0 (including)	12.2.0.1.19	*
cpe:2.3:a:oracle:global_lifecycle_management_opatch::::::::	13.9.4.0.0 (including)	13.9.4.2.1	*
cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:::::::*	n/a	n/a	19.1.0.0.0
cpe:2.3:a:oracle:goldengate_stream_analytics::::::::	n/a	19.1.0.0.1	*
cpe:2.3:a:oracle:primavera_gateway::::::::	17.7 (including)	17.12 (including)	*
cpe:2.3:a:oracle:primavera_gateway:18.8.0:::::::*	n/a	n/a	18.8.0
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:::::::*	n/a	n/a	17.0
cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:::::::*	n/a	n/a	16.0
cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:::::::*	n/a	n/a	17.0
cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:::::::*	n/a	n/a	18.0
cpe:2.3:a:fasterxml:jackson-databind::::::::	2.0.0 (including)	2.6.7.3	*
cpe:2.3:a:fasterxml:jackson-databind::::::::	2.7.0 (including)	2.8.11.5	*

External Links

NVD - CVE-2019-16335