漏洞信息详情
FasterXML jackson-databind 代码问题漏洞
- CNNVD编号:CNNVD-201902-747 <!--
- 危害等级: 高危-->
- 危害等级: 高危
- CVE编号: CVE-2018-12022
- 漏洞类型: 代码问题
- 发布时间: 2019-02-19
- 威胁类型: 远程
- 更新时间: 2021-04-19
- 厂 商:
- 漏洞来源: Red Hat,Tatu Salor...
-
漏洞简介
FasterXML Jackson是美国FasterXML公司的一款适用于Java的数据处理工具。jackson-databind是其中的一个具有数据绑定功能的组件。
FasterXML jackson-databind 2.7.9.4之前版本、2.8.11.2之前版本和2.9.6之前版本中存在安全漏洞。远程攻击者可利用该漏洞执行执行代码。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://github.com/FasterXML/jackson-databind/commit/7487cf7eb14be2f65a1eb108e8629c07ef45e0a1
参考网址
来源:CONFIRM
链接:https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a
来源:REDHAT
链接:https://access.redhat.com/errata/RHBA-2019:0959
来源:CONFIRM
链接:https://github.com/FasterXML/jackson-databind/issues/2052
来源:N/A
链接:https://www.oracle.com/security-alerts/cpuapr2020.html
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:1106
来源:MLIST
链接:https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E
来源:MISC
链接:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:2858
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:3149
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2018-12022
来源:bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=1671097
来源:lists.fedoraproject.org
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/
来源:www.blackhat.com
链接:https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:0877
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:1108
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:1823
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:1107
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:1822
来源:MISC
链接:https://www.oracle.com/security-alerts/cpuoct2020.html
来源:CONFIRM
链接:https://bugzilla.redhat.com/show_bug.cgi?id=1671098
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:0782
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:3892
来源:medium.com
链接:https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
来源:MLIST
链接:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
来源:MISC
链接:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
来源:BUGTRAQ
链接:https://seclists.org/bugtraq/2019/May/68
来源:BID
链接:https://www.securityfocus.com/bid/107585
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:1797
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:2804
来源:CONFIRM
链接:https://security.netapp.com/advisory/ntap-20190530-0003/
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:3002
来源:MLIST
链接:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:4037
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:1140
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:1782
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2019:3140
来源:DEBIAN
链接:https://www.debian.org/security/2019/dsa-4452
来源:access.redhat.com
链接:https://access.redhat.com/errata/RHSA-2019:3892
来源:access.redhat.com
链接:https://access.redhat.com/errata/RHSA-2019:4037
来源:access.redhat.com
链接:https://access.redhat.com/errata/RHSA-2019:0877
来源:access.redhat.com
链接:https://access.redhat.com/errata/RHSA-2019:0782
来源:lists.debian.org
链接:https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/152558/Red-Hat-Security-Advisory-2019-0782-01.html
来源:www.nsfocus.net
链接:http://www.nsfocus.net/vulndb/48748
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/152620/Red-Hat-Security-Advisory-2019-0877-01.html
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-3/
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2018-12022
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/jackson-databind-code-execution-via-Jodd-db-Deserialization-28543
来源:www.securityfocus.com
链接:https://www.securityfocus.com/bid/107585
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/76470
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/79390
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.4532/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.4254/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.4332/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/155516/Red-Hat-Security-Advisory-2019-4037-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/79650
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/155352/Red-Hat-Security-Advisory-2019-3892-01.html
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-security-vulnerabilities-3/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-third-party-vulnerable-library-jackson-databind-affects-ibm-engineering-lifecycle-optimization-publishing/
受影响实体
暂无
补丁
- FasterXML jackson-databind 安全漏洞的修复措施<!--2019-2-19-->
还没有评论,来说两句吧...