Block one more gadget type (HikariCP, CVE-2019-14540)
See original GitHub issueAnother gadget (*) type report regarding HikariConfig
, via HikariDataSource
Mitre id: CVE-2019-14540 Reporter: iSafeBlue / blue at ixsec.org
(*) See https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 for more on general problem type
Fixed in:
- 2.9.10
- 2.8.11.5
- 2.6.7.3
- does not affect 2.10.0 and later
Issue Analytics
- State:
- Created 4 years ago
- Comments:8 (4 by maintainers)
Top Results From Across the Web
Block one more gadget type (HikariCP, CVE-2019-14540)
Another gadget (*) type report regarding HikariConfig , via HikariDataSource. Mitre id: CVE-2019-14540. Reporter: iSafeBlue / blue at ixsec.
Read more >Security Bulletin: Multiple vulnerabilities in Data-Binding ... - IBM
A remote attacker could exploit this vulnerability to launch XML ... gadgets and typing in org.apache.hadoop.shaded.com.zaxxer.hikari.
Read more >Jackson-databind – remote code execution vulnerability
https://github.com/FasterXML/jackson-databind/issues/2410 Block one more gadget type (HikariCP, CVE-2019-14540).
Read more >RHSA-2020:3192 - Security Advisory - Red Hat Customer Portal
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score ......
Read more >CVE-2019-14540 - Vulners
CPE Name Name Version
fasterxml:jackson‑databind fasterxml jackson‑databind 2.6.7.3
fasterxml:jackson‑databind fasterxml jackson‑databind 2.8.11.5
fasterxml:jackson‑databind fasterxml jackson‑databind 2.9.10
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
No 2.9.9.4 micro patch for this?
Nope.