KDWSS / dd-trace-java

Datadog APM client for Java
https://docs.datadoghq.com/tracing/languages/java
Apache License 2.0
0 stars 0 forks source link

CVE-2019-12814 (Medium) detected in multiple libraries - autoclosed #151

Closed mend-for-github-com[bot] closed 1 year ago

mend-for-github-com[bot] commented 2 years ago

CVE-2019-12814 - Medium Severity Vulnerability

Vulnerable Libraries - jackson-databind-2.8.11.3.jar, jackson-databind-2.8.5.jar, jackson-databind-2.7.9.3.jar, jackson-databind-2.7.1.jar, jackson-databind-2.7.5.jar, jackson-databind-2.9.0.jar, jackson-databind-2.8.7.jar, jackson-databind-2.5.3.jar, jackson-databind-2.9.9.jar, jackson-databind-2.7.8.jar, jackson-databind-2.5.4.jar, jackson-databind-2.9.7.jar, jackson-databind-2.3.2.jar, jackson-databind-2.8.11.1.jar, jackson-databind-2.9.1.jar, jackson-databind-2.8.9.jar, jackson-databind-2.7.4.jar, jackson-databind-2.6.4.jar, jackson-databind-2.6.6.jar, jackson-databind-2.7.9.1.jar, jackson-databind-2.9.8.jar, jackson-databind-2.8.3.jar, jackson-databind-2.8.11.2.jar, jackson-databind-2.3.3.jar, jackson-databind-2.8.11.jar, jackson-databind-2.8.4.jar, jackson-databind-2.9.4.jar, jackson-databind-2.6.5.jar

jackson-databind-2.8.11.3.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /dd-smoke-tests/springboot-grpc/springboot-grpc.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.11.3/844df5aba5a1a56e00905b165b12bb34116ee858/jackson-databind-2.8.11.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.11.3/844df5aba5a1a56e00905b165b12bb34116ee858/jackson-databind-2.8.11.3.jar

Dependency Hierarchy: - spring-boot-starter-web-1.5.18.RELEASE.jar (Root Library) - :x: **jackson-databind-2.8.11.3.jar** (Vulnerable Library)

jackson-databind-2.8.5.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /dd-java-agent/instrumentation/kafka-streams-0.11/kafka-streams-0.11.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.5/b3035f37e674c04dafe36a660c3815cc59f764e2/jackson-databind-2.8.5.jar

Dependency Hierarchy: - kafka-streams-0.11.0.0.jar (Root Library) - connect-json-0.11.0.0.jar - :x: **jackson-databind-2.8.5.jar** (Vulnerable Library)

jackson-databind-2.7.9.3.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /dd-java-agent/instrumentation/datastax-cassandra-3/datastax-cassandra-3.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.7.9.3/fc6d8373d2f5a012473c764c3556704be6da15e/jackson-databind-2.7.9.3.jar

Dependency Hierarchy: - cassandra-driver-core-3.11.0.jar (Root Library) - :x: **jackson-databind-2.7.9.3.jar** (Vulnerable Library)

jackson-databind-2.7.1.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /dd-java-agent/instrumentation/play-2.4/play-2.4.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.7.1/14d88822bca655de7aa6ed3e4c498d115505710a/jackson-databind-2.7.1.jar

Dependency Hierarchy: - play-java_2.11-2.5.0.jar (Root Library) - play_2.11-2.5.0.jar - :x: **jackson-databind-2.7.1.jar** (Vulnerable Library)

jackson-databind-2.7.5.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /dd-java-agent/instrumentation/spring-cloud-zuul-2/spring-cloud-zuul-2.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.7.5/ca7084021d9f213003eafe2583d1783d3d6a3685/jackson-databind-2.7.5.jar

Dependency Hierarchy: - zuul-core-1.3.1.jar (Root Library) - archaius-core-0.7.6.jar - :x: **jackson-databind-2.7.5.jar** (Vulnerable Library)

jackson-databind-2.9.0.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /dd-java-agent/instrumentation/vertx-rx-3.5/vertx-rx-3.5.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.9.0/14fb5f088cc0b0dc90a73ba745bcade4961a3ee3/jackson-databind-2.9.0.jar

Dependency Hierarchy: - vertx-rx-java2-3.5.0.jar (Root Library) - vertx-core-3.5.0.jar - :x: **jackson-databind-2.9.0.jar** (Vulnerable Library)

jackson-databind-2.8.7.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /dd-java-agent/instrumentation/twilio/twilio.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.7/6c3257ef458ac58a8da69a6dca3d2a15286d88c8/jackson-databind-2.8.7.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.7/6c3257ef458ac58a8da69a6dca3d2a15286d88c8/jackson-databind-2.8.7.jar

Dependency Hierarchy: - twilio-0.0.1.jar (Root Library) - :x: **jackson-databind-2.8.7.jar** (Vulnerable Library)

jackson-databind-2.5.3.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /dd-java-agent/instrumentation/aws-java-sdk-1.11.0/aws-java-sdk-1.11.0.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.5.3/c37875ff66127d93e5f672708cb2dcc14c8232ab/jackson-databind-2.5.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.5.3/c37875ff66127d93e5f672708cb2dcc14c8232ab/jackson-databind-2.5.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.5.3/c37875ff66127d93e5f672708cb2dcc14c8232ab/jackson-databind-2.5.3.jar

Dependency Hierarchy: - aws-java-sdk-sqs-1.11.0.jar (Root Library) - aws-java-sdk-core-1.11.0.jar - :x: **jackson-databind-2.5.3.jar** (Vulnerable Library)

jackson-databind-2.9.9.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /dd-java-agent/instrumentation/mule-4/mule-4.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.9.9/d6eb9817d9c7289a91f043ac5ee02a6b3cc86238/jackson-databind-2.9.9.jar

Dependency Hierarchy: - mule-module-launcher-4.2.2.jar (Root Library) - mule-module-deployment-4.2.2.jar - mule-module-extensions-xml-support-4.2.2.jar - mule-metadata-model-catalog-1.2.2.jar - mule-metadata-model-raml-1.2.2.jar - raml-parser-2-1.0.40.jar - yagi-1.0.40.jar - jackson-module-jsonSchema-2.9.9.jar - :x: **jackson-databind-2.9.9.jar** (Vulnerable Library)

jackson-databind-2.7.8.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /dd-smoke-tests/play-2.5/play-2.5.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.7.8/9bc551426f1e19b4e2d87bb4bb2e19f8ecf8d578/jackson-databind-2.7.8.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.7.8/9bc551426f1e19b4e2d87bb4bb2e19f8ecf8d578/jackson-databind-2.7.8.jar

Dependency Hierarchy: - play_2.11-2.5.19.jar (Root Library) - :x: **jackson-databind-2.7.8.jar** (Vulnerable Library)

jackson-databind-2.5.4.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /dd-smoke-tests/play-2.4/play-2.4.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.5.4/5dfa42af84584b4a862ea488da84bbbebbb06c35/jackson-databind-2.5.4.jar

Dependency Hierarchy: - play_2.11-2.4.11.jar (Root Library) - :x: **jackson-databind-2.5.4.jar** (Vulnerable Library)

jackson-databind-2.9.7.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /dd-java-agent/instrumentation/couchbase-2.6/couchbase-2.6.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.9.7/e6faad47abd3179666e89068485a1b88a195ceb7/jackson-databind-2.9.7.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.9.7/e6faad47abd3179666e89068485a1b88a195ceb7/jackson-databind-2.9.7.jar

Dependency Hierarchy: - spring-data-couchbase-3.1.0.RELEASE.jar (Root Library) - :x: **jackson-databind-2.9.7.jar** (Vulnerable Library)

jackson-databind-2.3.2.jar

General data-binding functionality for Jackson: works on core streaming API

Path to dependency file: /dd-java-agent/instrumentation/dropwizard/dropwizard-views/dropwizard-views.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.3.2/c75edc740a6d8cb1cef6fa82fa594e0bce561916/jackson-databind-2.3.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.3.2/c75edc740a6d8cb1cef6fa82fa594e0bce561916/jackson-databind-2.3.2.jar

Dependency Hierarchy: - play-java-ws_2.11-2.3.10.jar (Root Library) - play_2.11-2.3.10.jar - :x: **jackson-databind-2.3.2.jar** (Vulnerable Library)

jackson-databind-2.8.11.1.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /dd-java-agent/benchmark-integration/play-perftest/play-perftest.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.11.1/341edc63fdd8b44e17b2c36abbc9b451d8fd05a5/jackson-databind-2.8.11.1.jar

Dependency Hierarchy: - play_2.12-2.6.20.jar (Root Library) - :x: **jackson-databind-2.8.11.1.jar** (Vulnerable Library)

jackson-databind-2.9.1.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/transport-5.3/transport-5.3.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.9.1/716da1830a2043f18882fc036ec26eb32cbe5aff/jackson-databind-2.9.1.jar

Dependency Hierarchy: - spring-data-elasticsearch-3.0.0.RELEASE.jar (Root Library) - :x: **jackson-databind-2.9.1.jar** (Vulnerable Library)

jackson-databind-2.8.9.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /dd-java-agent/instrumentation/play-2.6/play-2.6.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.9/4dfca3975be3c1a98eacb829e70f02e9a71bc159/jackson-databind-2.8.9.jar

Dependency Hierarchy: - play_2.11-2.6.0.jar (Root Library) - :x: **jackson-databind-2.8.9.jar** (Vulnerable Library)

jackson-databind-2.7.4.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /dd-java-agent/instrumentation/vertx-web-3.4/vertx-web-3.4.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.7.4/1e9c6f3659644aeac84872c3b62d8e363bf4c96d/jackson-databind-2.7.4.jar

Dependency Hierarchy: - vertx-web-3.4.0.jar (Root Library) - vertx-core-3.4.0.jar - :x: **jackson-databind-2.7.4.jar** (Vulnerable Library)

jackson-databind-2.6.4.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /dd-java-agent/instrumentation/couchbase-2.0/couchbase-2.0.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.6.4/f2abadd10891512268b16a1a1a6f81890f3e2976/jackson-databind-2.6.4.jar

Dependency Hierarchy: - spring-data-couchbase-2.0.0.RELEASE.jar (Root Library) - :x: **jackson-databind-2.6.4.jar** (Vulnerable Library)

jackson-databind-2.6.6.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /dd-java-agent/instrumentation/aws-java-sqs-1.0/aws-java-sqs-1.0.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.6.6/5108dde6049374ba980b360e1ecff49847baba4a/jackson-databind-2.6.6.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.6.6/5108dde6049374ba980b360e1ecff49847baba4a/jackson-databind-2.6.6.jar

Dependency Hierarchy: - aws-java-sdk-kinesis-1.11.106.jar (Root Library) - jmespath-java-1.11.106.jar - :x: **jackson-databind-2.6.6.jar** (Vulnerable Library)

jackson-databind-2.7.9.1.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /dd-java-agent/appsec/weblog/weblog-spring-app/weblog-spring-app.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.7.9.1/85343e40e4f68d4a25226d53736646abaf0ae039/jackson-databind-2.7.9.1.jar,/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.7.9.1/85343e40e4f68d4a25226d53736646abaf0ae039/jackson-databind-2.7.9.1.jar

Dependency Hierarchy: - :x: **jackson-databind-2.7.9.1.jar** (Vulnerable Library)

jackson-databind-2.9.8.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/transport-5.3/transport-5.3.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.9.8/11283f21cc480aa86c4df7a0a3243ec508372ed2/jackson-databind-2.9.8.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.9.8/11283f21cc480aa86c4df7a0a3243ec508372ed2/jackson-databind-2.9.8.jar

Dependency Hierarchy: - spring-boot-starter-webflux-2.0.9.RELEASE.jar (Root Library) - spring-boot-starter-json-2.0.9.RELEASE.jar - :x: **jackson-databind-2.9.8.jar** (Vulnerable Library)

jackson-databind-2.8.3.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /dd-smoke-tests/log-injection/log-injection.gradle

Path to vulnerable library: /caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.3/cea3788c72271d45676ce32c0665991674b24cc5/jackson-databind-2.8.3.jar

Dependency Hierarchy: - :x: **jackson-databind-2.8.3.jar** (Vulnerable Library)

jackson-databind-2.8.11.2.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /dd-java-agent/instrumentation/spring-webmvc-3.1/spring-webmvc-3.1.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.11.2/2c5051e8e84d2c16316b758ebf746f9e90bef5a4/jackson-databind-2.8.11.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.11.2/2c5051e8e84d2c16316b758ebf746f9e90bef5a4/jackson-databind-2.8.11.2.jar

Dependency Hierarchy: - spring-boot-starter-web-1.5.17.RELEASE.jar (Root Library) - :x: **jackson-databind-2.8.11.2.jar** (Vulnerable Library)

jackson-databind-2.3.3.jar

General data-binding functionality for Jackson: works on core streaming API

Path to dependency file: /dd-java-agent/instrumentation/jax-rs-annotations-1/jax-rs-annotations-1.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.3.3/63b77400b5f1cf83a81823562c48d3120ef5518e/jackson-databind-2.3.3.jar

Dependency Hierarchy: - dropwizard-testing-0.7.1.jar (Root Library) - dropwizard-core-0.7.1.jar - dropwizard-jackson-0.7.1.jar - :x: **jackson-databind-2.3.3.jar** (Vulnerable Library)

jackson-databind-2.8.11.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /dd-java-agent/instrumentation/akka-http-10.0/akka-http-10.0.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.11/569a9f220273024523799dba9dd358121b0ee09/jackson-databind-2.8.11.jar

Dependency Hierarchy: - lagom-javadsl-testkit_2.11-1.4.0.jar (Root Library) - lagom-persistence-core_2.11-1.4.0.jar - play_2.11-2.6.11.jar - :x: **jackson-databind-2.8.11.jar** (Vulnerable Library)

jackson-databind-2.8.4.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /dd-java-agent/instrumentation/spring-rabbit/spring-rabbit.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.4/1c36c81e79cacdf48116afba8495e3393d267ba1/jackson-databind-2.8.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.4/1c36c81e79cacdf48116afba8495e3393d267ba1/jackson-databind-2.8.4.jar

Dependency Hierarchy: - spring-rabbit-2.0.0.RELEASE.jar (Root Library) - http-client-1.3.0.RELEASE.jar - :x: **jackson-databind-2.8.4.jar** (Vulnerable Library)

jackson-databind-2.9.4.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /dd-java-agent/instrumentation/spring-webflux-5/spring-webflux-5.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.9.4/498bbc3b94f566982c7f7c6d4d303fce365529be/jackson-databind-2.9.4.jar

Dependency Hierarchy: - spring-boot-starter-webflux-2.0.0.RELEASE.jar (Root Library) - spring-boot-starter-json-2.0.0.RELEASE.jar - :x: **jackson-databind-2.9.4.jar** (Vulnerable Library)

jackson-databind-2.6.5.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/transport-2/transport-2.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.6.5/d50be1723a09befd903887099ff2014ea9020333/jackson-databind-2.6.5.jar

Dependency Hierarchy: - spring-data-elasticsearch-2.0.0.RELEASE.jar (Root Library) - :x: **jackson-databind-2.6.5.jar** (Vulnerable Library)

Found in HEAD commit: 2819174635979a19573ec0ce8e3e2b63a3848079

Found in base branch: master

Vulnerability Details

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.

Publish Date: 2019-06-19

URL: CVE-2019-12814

CVSS 3 Score Details (5.9)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2019-06-19

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.4

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.0.0.RELEASE

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.4

Direct dependency fix Resolution (org.apache.kafka:kafka-streams): 1.0.0

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.7.9.6

Direct dependency fix Resolution (com.datastax.cassandra:cassandra-driver-core): 3.11.2

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.7.9.6

Direct dependency fix Resolution (com.typesafe.play:play-java_2.11): 2.6.0

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.7.9.6

Direct dependency fix Resolution (com.netflix.zuul:zuul-core): 2.1.1

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.9.9.1

Direct dependency fix Resolution (io.vertx:vertx-rx-java2): 3.5.4

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.4

Direct dependency fix Resolution (com.twilio.sdk:twilio): 7.0.0

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.6.7.3

Direct dependency fix Resolution (com.amazonaws:aws-java-sdk-sqs): 1.11.660

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.7.9.6

Direct dependency fix Resolution (com.typesafe.play:play_2.11): 2.6.0

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.6.7.3

Direct dependency fix Resolution (com.typesafe.play:play_2.11): 2.5.0

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.9.9.1

Direct dependency fix Resolution (org.springframework.data:spring-data-couchbase): 3.1.11.RELEASE

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.6.7.3

Direct dependency fix Resolution (com.typesafe.play:play-java-ws_2.11): 2.5.0

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.4

Direct dependency fix Resolution (com.typesafe.play:play_2.12): 2.6.25

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.9.9.1

Direct dependency fix Resolution (org.springframework.data:spring-data-elasticsearch): 3.1.11.RELEASE

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.4

Direct dependency fix Resolution (com.typesafe.play:play_2.11): 2.7.0

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.7.9.6

Direct dependency fix Resolution (io.vertx:vertx-web): 3.5.0

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.6.7.3

Direct dependency fix Resolution (org.springframework.data:spring-data-couchbase): 2.2.0.RELEASE

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.6.7.3

Direct dependency fix Resolution (com.amazonaws:aws-java-sdk-kinesis): 1.11.660

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.9.9.1

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-webflux): 2.1.0.RELEASE

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.4

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.0.0.RELEASE

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.6.7.3

Direct dependency fix Resolution (io.dropwizard:dropwizard-testing): 1.3.0

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.4

Direct dependency fix Resolution (com.lightbend.lagom:lagom-javadsl-testkit_2.11): 1.5.0

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.4

Direct dependency fix Resolution (org.springframework.amqp:spring-rabbit): 2.0.2.RELEASE

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.9.9.1

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-webflux): 2.1.10.RELEASE

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.6.7.3

Direct dependency fix Resolution (org.springframework.data:spring-data-elasticsearch): 2.1.0.RELEASE


:rescue_worker_helmet: Automatic Remediation is available for this issue

mend-for-github-com[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.