Seal Security

CVE-2018-19362

com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading

Vulnerability Details

Score

9.8

Score Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Versions

com.fasterxml.jackson.core:jackson-databind >= 2.9.0 < 2.9.8; com.fasterxml.jackson.core:jackson-databind >= 2.8.0 < 2.8.11.3; com.fasterxml.jackson.core:jackson-databind >= 2.7.0 < 2.7.9.5; com.fasterxml.jackson.core:jackson-databind >= 2.0.0 < 2.6.7.3

Severity

Ecosystem

Publish Date

January 4, 2019

Modified Date

March 14, 2024