CVE-2019-12384 @ Maven-com.fasterxml.jackson.core:jackson-databind-2.0.4 #166

cxronen · 2022-09-20T19:37:37Z

Checkmarx (SCA): Vulnerable Package
Vulnerability: Read More about CVE-2019-12384
Checkmarx Project: cxronen/BookStore_VSCode
Repository URL: https://github.com/cxronen/BookStore_VSCode
Branch: master
Scan ID: 3aaa12b3-552a-4874-ba98-3d364d7d56f6

FasterXML jackson-databind 2.x up to 2.9.9 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.

Additional Info
Attack vector: NETWORK
Attack complexity: HIGH
Confidentiality impact: HIGH
Availability impact: NONE
Remediation Upgrade Recommendation: 2.3.0.redhat-4

cxronen added SCA project:cxronen/BookStore_VSCode and removed CxSCA labels Sep 18, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2019-12384 @ Maven-com.fasterxml.jackson.core:jackson-databind-2.0.4 #166

CVE-2019-12384 @ Maven-com.fasterxml.jackson.core:jackson-databind-2.0.4 #166

cxronen commented Sep 20, 2022 •

edited

Loading

CVE-2019-12384 @ Maven-com.fasterxml.jackson.core:jackson-databind-2.0.4 #166

CVE-2019-12384 @ Maven-com.fasterxml.jackson.core:jackson-databind-2.0.4 #166

Comments

cxronen commented Sep 20, 2022 • edited Loading

cxronen commented Sep 20, 2022 •

edited

Loading