Path to vulnerable library: idea-collaborator-plugin/client/lib/jackson-databind-2.5.0.jar,idea-collaborator-plugin/collabplugin/collaborator/collaborator/lib/jackson-databind-2.5.0.jar,idea-collaborator-plugin/collaborator-0_7-BETA/collaborator/lib/jackson-databind-2.5.0.jar
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
CVE-2018-19360 - High Severity Vulnerability
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to vulnerable library: idea-collaborator-plugin/client/lib/jackson-databind-2.5.0.jar,idea-collaborator-plugin/collabplugin/collaborator/collaborator/lib/jackson-databind-2.5.0.jar,idea-collaborator-plugin/collaborator-0_7-BETA/collaborator/lib/jackson-databind-2.5.0.jar
Dependency Hierarchy: - :x: **jackson-databind-2.5.0.jar** (Vulnerable Library)
Found in HEAD commit: 3e67fb2d437ffeadf07751b7979f4e35dbc282a2
Found in base branch: master
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
Publish Date: 2019-01-02
URL: CVE-2018-19360
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360
Release Date: 2019-01-02
Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.7.9.5,2.8.11.3,2.9.8,2.10.0.pr1