Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-16943

Опубликовано: 01 окт. 2019
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.8
CVSS3: 9.8

Описание

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

not-affected

2.10.0-2
disco

ignored

end of life
eoan

ignored

end of life
esm-apps/bionic

needs-triage

esm-apps/focal

not-affected

2.10.0-2
esm-apps/jammy

not-affected

2.10.0-2
esm-apps/noble

not-affected

2.10.0-2
esm-apps/xenial

released

2.4.2-3ubuntu0.1~esm2
esm-infra-legacy/trusty

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 82%
0.01841
Низкий

6.8 Medium

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-16943

CVSS3: 7.5
redhat
больше 5 лет назад

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.

nvd логотип

CVE-2019-16943

CVSS3: 9.8
nvd
больше 5 лет назад

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.

debian логотип

CVE-2019-16943

CVSS3: 9.8
debian
больше 5 лет назад

A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...

github логотип

GHSA-fmmc-742q-jg75

CVSS3: 9.8
github
больше 5 лет назад

jackson-databind polymorphic typing issue

fstec логотип

BDU:2019-04777

CVSS3: 9.8
fstec
больше 5 лет назад

Уязвимость компонента P6DataSource библиотеки Jackson-databind проекта FasterXML, позволяющая нарушителю получить несанкционированный доступ к информации или вызвать отказ в обслуживании

EPSS

Процентиль: 82%
0.01841
Низкий

6.8 Medium

CVSS2

9.8 Critical

CVSS3