Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-12022

Опубликовано: 21 мар. 2019
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5.1
CVSS3: 7.5

Описание

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.

РелизСтатусПримечание
bionic

not-affected

2.9.8-1~18.04
cosmic

not-affected

2.9.8-1~18.04
devel

not-affected

2.9.8-1
disco

not-affected

2.9.8-1
esm-apps/bionic

not-affected

2.9.8-1~18.04
esm-apps/focal

not-affected

2.9.8-1
esm-apps/jammy

not-affected

2.9.8-1
esm-apps/noble

not-affected

2.9.8-1
esm-apps/xenial

released

2.4.2-3ubuntu0.1~esm2
esm-infra-legacy/trusty

needed

Показывать по

Ссылки на источники

EPSS

Процентиль: 86%
0.03035
Низкий

5.1 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-12022

CVSS3: 7.3
redhat
больше 7 лет назад

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.

nvd логотип

CVE-2018-12022

CVSS3: 7.5
nvd
почти 7 лет назад

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.

debian логотип

CVE-2018-12022

CVSS3: 7.5
debian
почти 7 лет назад

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4 ...

github логотип

GHSA-cjjf-94ff-43w7

CVSS3: 7.5
github
почти 7 лет назад

jackson-databind Deserialization of Untrusted Data vulnerability

fstec логотип

BDU:2019-01766

CVSS3: 8.1
fstec
больше 7 лет назад

Уязвимость библиотеки jackson-databind, связанная с восстановлением в памяти недостоверной структуры данных, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 86%
0.03035
Низкий

5.1 Medium

CVSS2

7.5 High

CVSS3