SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
|
Configuration 10 (hide)
|
History
No history.
Information
Published : 2019-07-29 12:15
Updated : 2024-11-21 04:26
NVD link : CVE-2019-14379
Mitre link : CVE-2019-14379
CVE.ORG link : CVE-2019-14379
JSON object : View
Products Affected
oracle
- primavera_unifier
- communications_instant_messaging_server
- jd_edwards_enterpriseone_tools
- retail_xstore_point_of_service
- primavera_gateway
- banking_platform
- financial_services_analytical_applications_infrastructure
- retail_customer_management_and_segmentation_foundation
- siebel_ui_framework
- communications_diameter_signaling_router
- jd_edwards_enterpriseone_orchestrator
- goldengate_stream_analytics
- siebel_engineering_-_installer_\&_deployment
apple
- xcode
redhat
- enterprise_linux
- jboss_enterprise_application_platform
- openshift_container_platform
- single_sign-on
netapp
- service_level_manager
- oncommand_workflow_automation
- active_iq_unified_manager
- snapcenter
debian
- debian_linux
fedoraproject
- fedora
fasterxml
- jackson-databind
CWE
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')