Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-14720

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://github.com/Fas...
CONFIRM: https://github.com/Fas...
CONFIRM: https://github.com/Fas...
CONFIRM: https://www.oracle.com...
BUGTRAQ: 20190527 [SECURITY] [D...
CONFIRM: https://security.netap...
DEBIAN: DSA-4452
MISC: https://www.oracle.com...
MLIST: [debian-lts-announce] ...
MLIST: [lucene-dev] 20190325 ...
MLIST: [lucene-dev] 20190325 ...
MLIST: [lucene-dev] 20190325 ...
MLIST: [pulsar-commits] 20190...
REDHAT: RHBA-2019:0959
REDHAT: RHSA-2019:0782
REDHAT: RHSA-2019:1106
REDHAT: RHSA-2019:1107
REDHAT: RHSA-2019:1108
REDHAT: RHSA-2019:1140
REDHAT: RHSA-2019:1822
REDHAT: RHSA-2019:1823
MISC: https://www.oracle.com...
REDHAT: RHSA-2019:2858
MISC: https://www.oracle.com...
MLIST: [drill-dev] 20191017 D...
REDHAT: RHSA-2019:3149
MLIST: [drill-dev] 20191021 [...
MLIST: [drill-issues] 2019102...
REDHAT: RHSA-2019:3892
REDHAT: RHSA-2019:4037
MISC: https://www.oracle.com...
MLIST: [geode-issues] 2020083...

Launchpad.net

CVE 2018-14720

Related bugs

References