A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
07 Nov 2023, 03:04
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-07-30 11:15
Updated : 2024-02-28 17:08
NVD link : CVE-2019-14439
Mitre link : CVE-2019-14439
CVE.ORG link : CVE-2019-14439
JSON object : View
Products Affected
oracle
- siebel_ui_framework
- communications_diameter_signaling_router
- financial_services_analytical_applications_infrastructure
- retail_xstore_point_of_service
- global_lifecycle_management_opatch
- goldengate_stream_analytics
- primavera_gateway
- siebel_engineering_-_installer_\&_deployment
- jd_edwards_enterpriseone_orchestrator
- communications_instant_messaging_server
- banking_platform
- retail_customer_management_and_segmentation_foundation
- jd_edwards_enterpriseone_tools
redhat
- jboss_middleware_text-only_advisories
debian
- debian_linux
apache
- drill
fasterxml
- jackson-databind
fedoraproject
- fedora
CWE
CWE-502
Deserialization of Untrusted Data