Home

CVE-2019-14439

Description

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
10.318

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in Jackson-databind 2.6.7.3Windows
Vulnerabilities CVE-2019-14439,CVE-2019-14379 are fixed in Jackson-databind 2.9.9.2Windows
Vulnerabilities CVE-2019-14439,CVE-2019-14379,CVE-2019-12814,CVE-2019-12384,CVE-2019-12086 are fixed in Jackson-databind 2.7.9.6Windows
Vulnerabilities CVE-2019-14439,CVE-2019-14379,CVE-2019-12814,CVE-2019-12384,CVE-2019-12086 are fixed in Jackson-databind 2.8.11.4Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 5.2.6.5Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.4Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.0Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.0.6Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.2Windows
Multiple vulnerabilities are fixed in Jackson-databind for Linux 2.6.7.3Linux
Vulnerabilities CVE-2019-14439,CVE-2019-14379 are fixed in Jackson-databind for Linux 2.9.9.2Linux
Vulnerabilities CVE-2019-14439,CVE-2019-14379,CVE-2019-12814,CVE-2019-12384,CVE-2019-12086 are fixed in Jackson-databind for Linux 2.7.9.6Linux
Vulnerabilities CVE-2019-14439,CVE-2019-14379,CVE-2019-12814,CVE-2019-12384,CVE-2019-12086 are fixed in Jackson-databind for Linux 2.8.11.4Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234