{"containers":{"cna":{"affected":[{"product":"jackson-databind","vendor":"Red Hat","versions":[{"status":"affected","version":"Versions before 2.9.10"},{"status":"affected","version":"Versions before 2.8.11.5"},{"status":"affected","version":"Versions before 2.6.7.3"}]}],"descriptions":[{"lang":"en","value":"A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code."}],"metrics":[{"cvssV3_0":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-502","description":"CWE-502","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-200","description":"CWE-200","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2020-09-04T11:06:13.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14892"},{"tags":["x_refsource_MISC"],"url":"https://github.com/FasterXML/jackson-databind/issues/2462"},{"name":"RHSA-2020:0729","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2020:0729"},{"name":"[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"},{"name":"[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"},{"tags":["x_refsource_CONFIRM"],"url":"https://security.netapp.com/advisory/ntap-20200904-0005/"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secalert@redhat.com","ID":"CVE-2019-14892","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"jackson-databind","version":{"version_data":[{"version_value":"Versions before 2.9.10"},{"version_value":"Versions before 2.8.11.5"},{"version_value":"Versions before 2.6.7.3"}]}}]},"vendor_name":"Red Hat"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code."}]},"impact":{"cvss":[[{"vectorString":"7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.0"}]]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-502"}]},{"description":[{"lang":"eng","value":"CWE-200"}]}]},"references":{"reference_data":[{"name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14892","refsource":"CONFIRM","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14892"},{"name":"https://github.com/FasterXML/jackson-databind/issues/2462","refsource":"MISC","url":"https://github.com/FasterXML/jackson-databind/issues/2462"},{"name":"RHSA-2020:0729","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2020:0729"},{"name":"[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"},{"name":"[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12","refsource":"MLIST","url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"},{"name":"https://security.netapp.com/advisory/ntap-20200904-0005/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20200904-0005/"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T00:26:39.136Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14892"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/FasterXML/jackson-databind/issues/2462"},{"name":"RHSA-2020:0729","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2020:0729"},{"name":"[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"},{"name":"[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20200904-0005/"}]}]},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2019-14892","datePublished":"2020-03-02T16:28:40.000Z","dateReserved":"2019-08-10T00:00:00.000Z","dateUpdated":"2024-08-05T00:26:39.136Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}