正文

Fasterxml Jackson 代码问题漏洞

admin
admin V管理员 /0 评论 /10 阅读
0223
此篇文章发布距今已超过1233天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

Fasterxml Jackson 代码问题漏洞

  • CNNVD编号:CNNVD-201911-1110
    • <!--
  • 危害等级: 高危-->
  • 危害等级: 高危
  • CVE编号: CVE-2019-10172
  • 漏洞类型: 代码问题
  • 发布时间: 2019-11-18
  • 威胁类型: 远程
  • 更新时间: 2021-10-08
  • 厂        商:
  • 漏洞来源: Red Hat

漏洞简介

Fasterxml Jackson是美国FasterXML(Fasterxml)公司的一款适用于Java的数据处理工具。

jackson mapper-asl 1.9.x版本中存在代码问题漏洞。远程攻击者可借助特制数据利用该漏洞获取敏感信息。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页:

https://mvnrepository.com/artifact/org.codehaus.jackson

参考网址

来源:MLIST

链接:https://lists.apache.org/thread.html/r0066c1e862613de402fee04e81cbe00bcd64b64a2711beb9a13c3b25@%3Ccommits.cassandra.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/r48a32f2dd6976d33f7a12b7e09ec7ea1895f8facba82b565587c28ac@%3Ccommon-issues.hadoop.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/r1f07e61b3ebabd3e5b4aa97bf1b26d98b793fdfa29a23dac60633f55@%3Ccommon-issues.hadoop.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/r33d25a342af84102903cd9dec8338a5bcba3ecfce10505bdfe793b92@%3Ccommon-issues.hadoop.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/r0fbf2c60967bc9f73d7f5a62ad3b955789f9a14b950f42e99fca9b4e@%3Cissues.hive.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/re07c51a8026c11e6e5513bfdc66d52d1c1027053e480fb8073356257@%3Ccommits.cassandra.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/re646dcc2739d92117bf9a76a33c600ed3b65e8b4e9b6f441e366b72b@%3Ccommits.cassandra.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/r21ac3570ce865b8f1e5d26e492aeb714a6aaa53a0c9a6f72ef181556@%3Ccommits.cassandra.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/ra37700b842790883b9082e6b281fb7596f571b13078a4856cd38f2c2@%3Ccommits.cassandra.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/r1cc8bce2cf3dfce08a64c4fa20bf38d33b56ad995cee2e382f522f83@%3Ccommon-issues.hadoop.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/r385c35a7c6f4acaacf37fe22922bb8e2aed9d322d0fa6dc1d45acddb@%3Ccommits.cassandra.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/rb47911c179c9f3e8ea3f134b5645e63cd20c6fc63bd0b43ab5864bd1@%3Ccommits.cassandra.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/r5f16a1bd31a7e94ca78eda686179930781aa3a4a990cd55986703581@%3Cdev.hive.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/rb8c09b14fd57d855dc21e0a037dc29258c2cbe9c1966bfff453a02e4@%3Ccommon-issues.hadoop.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/r0d8c3e32a0a2d8a0b6118f5b3487d363afdda80c996d7b930097383d@%3Ccommon-issues.hadoop.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/r4176155240cdc36aad7869932d9c29551742c7fa630f209fb4a8e649@%3Ccommon-issues.hadoop.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/r386966780034aadee69ffd82d44555117c9339545b9ce990fe490a3e@%3Ccommits.cassandra.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/r04ecadefb27cda84b699130b11b96427f1d8a7a4066d8292f7f15ed8@%3Ccommon-issues.hadoop.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/rd3a34d663e2a25b9ab1e8a1a94712cd5f100f098578aec79af48161e@%3Ccommon-dev.hadoop.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/r08e1b73fabd986dcd2ddd7d09480504d1472264bed2f19b1d2002a9c@%3Ccommon-issues.hadoop.apache.org%3E

来源:bugzilla.redhat.com

链接:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10172

来源:MLIST

链接:https://lists.apache.org/thread.html/rb036bf32e4dacc49335e3bdc1be8e53d6f54df692ac8e2251a6884bd@%3Ccommon-issues.hadoop.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/r25e25973e9577c62fd0221b4b52990851adf11cbe33036bd67d4b13d@%3Ccommits.cassandra.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/r500867b74f42230a3d65b8aec31fc93ac390eeae737c91a759ab94cb@%3Cissues.hive.apache.org%3E

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html

来源:MLIST

链接:https://lists.apache.org/thread.html/r80e8882c86c9c17a57396a5ef7c4f08878d629a0291243411be0de3a@%3Ccommits.cassandra.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/rd27730cfc3066dfcf15927c8e800603728d5dedf17eee1f8c6e3507c@%3Ccommon-issues.hadoop.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/r37eb6579fa0bf94a72b6c978e2fee96f68a2b1b3ac1b1ce60aee86cf@%3Ccommits.cassandra.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/r4bbfa1439d7a4e1712e260bfc3d90f7cf997abfd641cccde6432d4ab@%3Ccommits.cassandra.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/r356592d9874ab4bc9da4754592f8aa6edc894c95e17e58484bc2af7a@%3Cissues.hive.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589@%3Cissues.spark.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/r634468eb3218ab02713128ff6f4818c618622b2b3de4d958138dde49@%3Ccommits.cassandra.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/r1edabcfacdad42d3c830464e9cf07a9a489059a7b7a8642cf055542d@%3Cissues.hive.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/r6dea2a887f5eb1d68f124d64b14cd1a04f682f06de8cd01b7e4214e0@%3Cissues.hive.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/rce00a1c60f7df4b10e72fa87827c102f55b074bb91993631df2c21f9@%3Cdev.hive.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/r43c6f75d203b8afc4fbd6c3200db0384a18a11c59d085b1a9bb0ccfe@%3Cuser.hadoop.apache.org%3E

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html

来源:www.debian.org

链接:https://www.debian.org/lts/security/2020/dla-2091

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/158636/Red-Hat-Security-Advisory-2020-3192-01.html

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.1427/

来源:www.ibm.com

链接:https://www.ibm.com/support/pages/node/6495953

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.2992/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/159015/Red-Hat-Security-Advisory-2020-3585-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.2895/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.2588/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.0384/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.1662/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.2050/

来源:www.nsfocus.net

链接:http://www.nsfocus.net/vulndb/48039

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/157642/Red-Hat-Security-Advisory-2020-2058-01.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/158048/Red-Hat-Security-Advisory-2020-2512-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.2042/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/159208/Red-Hat-Security-Advisory-2020-3779-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.0630

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.3190/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/157664/Red-Hat-Security-Advisory-2020-2112-01.html

来源:access.redhat.com

链接:https://access.redhat.com/security/cve/cve-2019-10172

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2019-10172

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/FasterXML-jackson-databind-external-XML-entity-injection-via-jackson-mapper-asl-31485

受影响实体

    暂无


补丁

  • jackson-mapper-asl 代码问题漏洞的修复措施
    <!--
    2019-11-18
    -->