View all vulnerabilities

CVE-2019-16335

Polymorphic Typing issue in FasterXML jackson-databind

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10, 2.8.11.5, and 2.6.7.3. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
9.8
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Versions
com.fasterxml.jackson.core:jackson-databind >= 2.9.0 < 2.9.10; com.fasterxml.jackson.core:jackson-databind >= 2.7.0 < 2.8.11.5; com.fasterxml.jackson.core:jackson-databind < 2.6.7.3
Severity
Ecosystem
Publish Date
September 23, 2019
Modified Date
March 15, 2024