SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
|
Configuration 10 (hide)
|
History
No history.
Information
Published : 2019-07-29 12:15
Updated : 2024-11-21 04:26
NVD link : CVE-2019-14379
Mitre link : CVE-2019-14379
CVE.ORG link : CVE-2019-14379
JSON object : View
Products Affected
netapp
- snapcenter
- service_level_manager
- active_iq_unified_manager
- oncommand_workflow_automation
oracle
- banking_platform
- retail_customer_management_and_segmentation_foundation
- primavera_gateway
- primavera_unifier
- siebel_ui_framework
- financial_services_analytical_applications_infrastructure
- goldengate_stream_analytics
- jd_edwards_enterpriseone_tools
- siebel_engineering_-_installer_\&_deployment
- retail_xstore_point_of_service
- communications_instant_messaging_server
- jd_edwards_enterpriseone_orchestrator
- communications_diameter_signaling_router
redhat
- single_sign-on
- openshift_container_platform
- jboss_enterprise_application_platform
- enterprise_linux
apple
- xcode
fedoraproject
- fedora
fasterxml
- jackson-databind
debian
- debian_linux
CWE
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')