CVE-2019-16335

Description

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.

Reserved 2019-09-15 | Published 2019-09-15 | Updated 2024-08-05 | Assigner mitre

References

lists.apache.org/...4d20e1c69@ ([tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues) mailing-list

lists.apache.org/...28db597cbf27e1@ ([hbase-issues] 20190925 [GitHub] [hbase] SteNicholas opened a new pull request #660: HBASE-23075 Upgrade jackson version) mailing-list

lists.apache.org/...5c9c9f046fe016@ ([hbase-issues] 20190926 [GitHub] [hbase-connectors] SteNicholas opened a new pull request #45: HBASE-23075 Upgrade jackson version) mailing-list

lists.apache.org/...140fb757505ca0@ ([hbase-issues] 20190926 [jira] [Updated] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540) mailing-list

lists.apache.org/...a93183825e18b9@ ([hbase-issues] 20190926 [jira] [Commented] (HBASE-23075) Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540) mailing-list

lists.apache.org/...23fa403fb93fb@ ([hbase-commits] 20190927 [hbase-connectors] 02/02: HBASE-23075 Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540) mailing-list

lists.debian.org/debian-lts-announce/2019/10/msg00001.html ([debian-lts-announce] 20191002 [SECURITY] [DLA 1943-1] jackson-databind security update) mailing-list

www.debian.org/security/2019/dsa-4542 (DSA-4542) vendor-advisory

seclists.org/bugtraq/2019/Oct/6 (20191007 [SECURITY] [DSA 4542-1] jackson-databind security update) mailing-list

lists.fedoraproject.org/...TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/ (FEDORA-2019-b171554877) vendor-advisory

lists.apache.org/...a12ee199f5b0c1442@ ([drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities) mailing-list

lists.apache.org/...d82e2f07864b5108f@ ([drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities) mailing-list

lists.apache.org/...869b4d798e13cc@ ([drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities) mailing-list

access.redhat.com/errata/RHSA-2019:3200 (RHSA-2019:3200) vendor-advisory

lists.fedoraproject.org/...Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/ (FEDORA-2019-cf87377f5f) vendor-advisory

lists.apache.org/...1766e76391caa3@ ([nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html) mailing-list

access.redhat.com/errata/RHSA-2020:0164 (RHSA-2020:0164) vendor-advisory

access.redhat.com/errata/RHSA-2020:0159 (RHSA-2020:0159) vendor-advisory

access.redhat.com/errata/RHSA-2020:0160 (RHSA-2020:0160) vendor-advisory

access.redhat.com/errata/RHSA-2020:0161 (RHSA-2020:0161) vendor-advisory

lists.apache.org/...678e6e6ce0c69b@ ([nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html) mailing-list

access.redhat.com/errata/RHSA-2020:0445 (RHSA-2020:0445) vendor-advisory

access.redhat.com/errata/RHSA-2020:0729 (RHSA-2020:0729) vendor-advisory

www.oracle.com/security-alerts/cpuapr2020.html

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/.../security-advisory/cpuoct2019-5072832.html

www.oracle.com/security-alerts/cpujan2020.html

github.com/FasterXML/jackson-databind/issues/2449

security.netapp.com/advisory/ntap-20191004-0002/

lists.apache.org/...e64e840a0@ ([bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image) mailing-list

lists.apache.org/...dbc87f2fd52ff2@ ([geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12) mailing-list

www.oracle.com/security-alerts/cpuoct2020.html

cve.org (CVE-2019-16335)

nvd.nist.gov (CVE-2019-16335)

Download JSON