Lucene search

Veracode Vulnerability DatabaseVERACODE:22622

HistoryMar 03, 2020 - 4:20 a.m.

Remote Code Execution (RCE)

2020-03-0304:20:13

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.004 Low

EPSS

Percentile

73.8%

JSON

jackson-databind is vulnerable to remote code execution (RCE). The vulnerability exists through the deserialization of a JSON payload that uses the br.com.anteros.dbcp.AnterosDBCPConfig gadget.

CPENameOperatorVersion
data mapper for jacksoneq0.9.8
data mapper for jacksonle0.9.7
data mapper for jacksonle1.9.13
data mapper for jacksonle0.9.9-3
data mapper for jacksonle1.6.9
data mapper for jacksoneq0.9.8
data mapper for jacksonle0.9.7
data mapper for jacksonle1.9.13
data mapper for jacksonle1.6.9
data mapper for jacksonle0.9.9-3

Name	Operator	Version
data mapper for jackson	eq	0.9.8
data mapper for jackson	le	0.9.7
data mapper for jackson	le	1.9.13
data mapper for jackson	le	0.9.9-3
data mapper for jackson	le	1.6.9
data mapper for jackson	eq	0.9.8
data mapper for jackson	le	0.9.7
data mapper for jackson	le	1.9.13
data mapper for jackson	le	1.6.9
data mapper for jackson	le	0.9.9-3

Rows per page:

1-10 of 51641

References

github.com/FasterXML/jackson-databind/commit/9f4e97019fb0dd836533d0b6198c88787e235ae2

github.com/FasterXML/jackson-databind/issues/2634

lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E

lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E

lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E

lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E

lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E

lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E

lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E

lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

lists.debian.org/debian-lts-announce/2020/03/msg00008.html

medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

security.netapp.com/advisory/ntap-20200904-0006/

www.oracle.com/security-alerts/cpujan2021.html

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/security-alerts/cpuoct2020.html

www.oracle.com/security-alerts/cpuoct2021.html

0.004 Low

EPSS

Percentile

73.8%

JSON

Related for VERACODE:22622