Lucene search

Veracode Vulnerability DatabaseVERACODE:6822

HistoryJun 19, 2018 - 9:04 a.m.

Remote Code Execution (RCE)

2018-06-1909:04:53

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

0.007

Percentile

81.1%

JSON

jackson-databind is vulnerable to remote code execution (RCE) attacks. The vulnerability exists because it does not prevent the deserialization of certain gadget types from the JDBC driver which could be used to perform remote code execution attacks through deserialization.

References

www.securityfocus.com/bid/105659

access.redhat.com/errata/RHBA-2019:0959

access.redhat.com/errata/RHSA-2019:0782

access.redhat.com/errata/RHSA-2019:0877

access.redhat.com/errata/RHSA-2019:1106

access.redhat.com/errata/RHSA-2019:1107

access.redhat.com/errata/RHSA-2019:1108

access.redhat.com/errata/RHSA-2019:1140

access.redhat.com/errata/RHSA-2019:1782

access.redhat.com/errata/RHSA-2019:1797

access.redhat.com/errata/RHSA-2019:1822

access.redhat.com/errata/RHSA-2019:1823

access.redhat.com/errata/RHSA-2019:2804

access.redhat.com/errata/RHSA-2019:2858

access.redhat.com/errata/RHSA-2019:3002

access.redhat.com/errata/RHSA-2019:3140

access.redhat.com/errata/RHSA-2019:3149

access.redhat.com/errata/RHSA-2019:3892

access.redhat.com/errata/RHSA-2019:4037

github.com/advisories/GHSA-6wqp-v4v6-c87c

github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a

github.com/FasterXML/jackson-databind/issues/2058

lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E

lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

lists.fedoraproject.org/archives/list/[email protected]/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC/

seclists.org/bugtraq/2019/May/68

security.netapp.com/advisory/ntap-20190530-0003/

www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf

www.debian.org/security/2019/dsa-4452

www.oracle.com/security-alerts/cpuapr2020.html

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/security-alerts/cpuoct2020.html

www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

EPSS

0.007

Percentile

81.1%

JSON

Related for VERACODE:6822