正文

FasterXML jackson-databind 代码问题漏洞

admin
admin V管理员 /0 评论 /26 阅读
0302
此篇文章发布距今已超过1203天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

FasterXML jackson-databind 代码问题漏洞

  • CNNVD编号:CNNVD-202001-906
    • <!--
  • 危害等级: 超危-->
  • 危害等级: 超危
  • CVE编号: CVE-2019-14893
  • 漏洞类型: 代码问题
  • 发布时间: 2020-01-21
  • 威胁类型: 远程
  • 更新时间: 2021-05-31
  • 厂        商:
  • 漏洞来源: Red Hat

漏洞简介

FasterXML jackson-databind是一个基于JAVA可以将XML和JSON等数据格式与JAVA对象进行转换的库。Jackson可以轻松的将Java对象转换成json对象和xml文档,同样也可以将json、xml转换成Java对象。

FasterXML jackson-databind 2.8.11.5之前版本和2.9.0版本及之后版本(2.9.10版本已修复)中存在代码问题漏洞。攻击者可利用该漏洞执行任意代码。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

https://github.com/FasterXML/jackson-databind/commit/998efd708284778f29d83d7962a9bd935c228317

参考网址

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2020:0729

来源:MISC

链接:https://github.com/FasterXML/jackson-databind/issues/2469

来源:MLIST

链接:https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

来源:MLIST

链接:https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

来源:CONFIRM

链接:https://security.netapp.com/advisory/ntap-20200327-0006/

来源:CONFIRM

链接:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14893

来源:MISC

链接:https://www.oracle.com/security-alerts/cpujul2020.html

来源:MISC

链接:https://www.oracle.com/security-alerts/cpuoct2020.html

来源:access.redhat.com

链接:https://access.redhat.com/errata/RHSA-2020:0445

来源:access.redhat.com

链接:https://access.redhat.com/errata/RHSA-2020:0164

来源:access.redhat.com

链接:https://access.redhat.com/errata/RHSA-2020:0161

来源:access.redhat.com

链接:https://access.redhat.com/errata/RHSA-2020:0160

来源:access.redhat.com

链接:https://access.redhat.com/errata/RHSA-2020:0159

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/158636/Red-Hat-Security-Advisory-2020-3192-01.html

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-b2b-api-of-ibm-sterling-b2b-integrator-2/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.0986/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-faster-xml-jackson-databind-affects-ibm-operations-analytics-predictive-insights-cve-2019-144892-cve-2019-144893/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-business-intelligence-has-addressed-multiple-vulnerabilities-q12021/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/157859/Red-Hat-Security-Advisory-2020-2333-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.2588/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/156630/Red-Hat-Security-Advisory-2020-0729-01.html

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-publicly-disclosed-vulnerability-found-in-network-performance-insight-cve-2019-14892-cve-2019-14893/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.1766/

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/FasterXML-jackson-databind-code-execution-via-Xalan-Serialization-Gadgets-31385

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.1882/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/157741/Red-Hat-Security-Advisory-2020-2067-01.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/156815/Red-Hat-Security-Advisory-2020-0899-01.html

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-b2b-api-of-ibm-sterling-b2b-integrator-3/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.0832/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/156241/Red-Hat-Security-Advisory-2020-0445-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.0216/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-jackson-databind-library-shipped-with-ibm-global-mailbox-cve-2019-14892-cve-2019-14893/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.0450/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/156011/Red-Hat-Security-Advisory-2020-0159-01.html

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2019-14893

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.1440/

来源:www.nsfocus.net

链接:http://www.nsfocus.net/vulndb/48653

受影响实体

    暂无


补丁

  • FasterXML Jackson databind 代码问题漏洞的修复措施
    <!--
    2020-1-21
    -->