Lucene search
Veracode Vulnerability DatabaseVERACODE:22002HistoryNov 21, 2019 - 2:29 a.m.
Remote Code Execution
2019-11-2102:29:26
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
20
EPSS
0.004
Percentile
73.4%
jackson-databind is vulnerable to remote code execution. The application does not block the commons-configuration and commons-configuration2 classes during deserialization, which would allow a remote attacker to leverage the vulnerability to execute arbitrary code.
References
access.redhat.com/errata/RHSA-2020:0729
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14892
bugzilla.suse.com/show_bug.cgi?id=1157185
github.com/FasterXML/jackson-databind/issues/2462
lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
security.netapp.com/advisory/ntap-20200904-0005/
Related
prion
prion
Deserialization of untrusted data
2020-03-02 17:15:00
nvd
nvd
CVE-2019-14892
2020-03-02 17:15:17
cve
cve
CVE-2019-14892
2020-03-02 17:15:17
osv
osv
CVE-2019-14892
2020-03-02 17:15:17
Polymorphic deserialization of malicious object in jackson-databind
2020-05-15 18:58:58
ubuntucve
ubuntucve
CVE-2019-14892
2020-03-02 00:00:00
redhatcve
redhatcve
CVE-2019-14892
2020-04-07 17:14:53
debiancve
debiancve
CVE-2019-14892
2020-03-02 17:15:17
cvelist
cvelist
CVE-2019-14892
2020-03-02 16:28:40
github
github
Polymorphic deserialization of malicious object in jackson-databind
2020-05-15 18:58:58
ibm
ibm
redhat
redhat
(RHSA-2020:0729) Important: Red Hat Data Grid 7.3.5 security update
2020-03-05 13:05:49
(RHSA-2020:0895) Moderate: Red Hat Process Automation Manager 7.7.0 Security Update
2020-03-18 14:45:02
(RHSA-2020:0899) Important: Red Hat Decision Manager 7.7.0 Security Update
2020-03-18 17:30:04
nessus
nessus
RHEL 8 : opendaylight (Unpatched Vulnerability)
2024-06-03 00:00:00
hp
hp
HP Device Manager Security Updates
2023-10-20 00:00:00