正文

FasterXML jackson-databind 代码问题漏洞

admin
admin V管理员 /0 评论 /10 阅读
0221
此篇文章发布距今已超过1211天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

FasterXML jackson-databind 代码问题漏洞

  • CNNVD编号:CNNVD-201905-776
    • <!--
  • 危害等级: 高危-->
  • 危害等级: 高危
  • CVE编号: CVE-2019-12086
  • 漏洞类型: 代码问题
  • 发布时间: 2019-05-17
  • 威胁类型: 远程
  • 更新时间: 2021-06-15
  • 厂        商:
  • 漏洞来源: Debian,Red Hat

漏洞简介

FasterXML jackson-databind是一个基于JAVA可以将XML和JSON等数据格式与JAVA对象进行转换的库。Jackson可以轻松的将Java对象转换成json对象和xml文档,同样也可以将json、xml转换成Java对象。

FasterXML jackson-databind 2.9.9之前的2.x版本中存在代码问题漏洞。该漏洞源于网络系统或产品在运行过程中存在配置等错误。未授权的攻击者可利用漏洞获取受影响组件敏感信息。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9

参考网址

来源:www.oracle.com

链接:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

来源:www.oracle.com

链接:http://www.oracle.com/index.html

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2019:2937

来源:MISC

链接:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2019:2938

来源:N/A

链接:https://www.oracle.com/security-alerts/cpuapr2020.html

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2019:2858

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2019:2935

来源:CONFIRM

链接:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2019:2936

来源:MLIST

链接:https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E

来源:www.oracle.com

链接:https://www.oracle.com/security-alerts/cpujan2020.html

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2019:3149

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2019:2998

来源:MISC

链接:https://www.oracle.com/security-alerts/cpuoct2020.html

来源:MISC

链接:http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/

来源:MLIST

链接:https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2019:3050

来源:MLIST

链接:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

来源:medium.com

链接:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

来源:github.com

链接:https://github.com/FasterXML/jackson-databind/issues/2326

来源:MLIST

链接:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

来源:MISC

链接:https://www.oracle.com/security-alerts/cpuApr2021.html

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/

来源:MLIST

链接:https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E

来源:BUGTRAQ

链接:https://seclists.org/bugtraq/2019/May/68

来源:BID

链接:https://www.securityfocus.com/bid/109227

来源:MLIST

链接:https://lists.apache.org/thread.html/88cd25375805950ae7337e669b0cb0eeda98b9604c1b8d806dccbad2@%3Creviews.spark.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E

来源:CONFIRM

链接:https://security.netapp.com/advisory/ntap-20190530-0003/

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2019:3046

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2019:3200

来源:MLIST

链接:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2019:3044

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2019:3045

来源:DEBIAN

链接:https://www.debian.org/security/2019/dsa-4452

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/

来源:MISC

链接:https://www.oracle.com/security-alerts/cpujul2020.html

来源:www.ibm.com

链接:https://www.ibm.com/support/pages/node/1118283

来源:www.ibm.com

链接:https://www.ibm.com/support/pages/node/1086039

来源:lists.debian.org

链接:https://lists.debian.org/debian-lts-announce/2019/05/msg00030.html

来源:www.debian.org

链接:http://www.debian.org/security/2019/dsa-4452

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/157215/Red-Hat-Security-Advisory-2020-1454-01.html

来源:www.oracle.com

链接:https://www.oracle.com/security-alerts/cpujul2020.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/158636/Red-Hat-Security-Advisory-2020-3192-01.html

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-3/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2019.4588/

来源:www.oracle.com

链接:https://www.oracle.com/security-alerts/cpujan2020verbose.html

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-business-intelligence-has-addressed-multiple-vulnerabilities-q12021/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2019.2270/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.2588/

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/jackson-databind-file-reading-29375

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-open-source-used-in-ibm-cloud-pak-system/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/

来源:www.securityfocus.com

链接:https://www.securityfocus.com/bid/109227

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2019.1827/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/153090/Debian-Security-Advisory-4452-1.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.1351/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2019.1878/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.1440/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-security-vulnerabilities-2/

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2019-12086

来源:www.ibm.com

链接:http://www.ibm.com/support/docview.wss?uid=ibm10887529

受影响实体

    暂无


补丁

    暂无