Block two more gadget types (commons-dbcp, p6spy, CVE-2019-16942 / CVE-2019-16943)
See original GitHub issueAnother 2 gadget (*) types reported regarding classes of commons-dbcp
and p6spy
packages.
See https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 for description of the general problem.
Mitre id: CVE-2019-16942 (commons-dbcp) Mitre id: CVE-2019-16943 (p6spy) Reporter: b5mali4
Fixed in:
- 2.9.10.1 (use
jackson-bom
version2.9.10.20191020
) - 2.6.7.3
- 2.8.11.5
- does not affect 2.10.0 and later
Issue Analytics
- State:
- Created 4 years ago
- Comments:14 (6 by maintainers)
Top Results From Across the Web
Debian Bug report logs - #941530 jackson-databind: CVE ...
Fix CVE-2019-16942 and CVE-2019-16943. Block two more gadget types (commons-dbcp, p6spy). (Closes: #941530) Checksums-Sha1: ...
Read more >CVE-2019-16942 | Vulnerability Database - Debricked
Block two more gadget types (commons-dbcp, p6spy, CVE-2019-16942 / CVE-2019-16943) · Issue #2478 · FasterXML/jackson-databind · GitHub. launch. Github.com.
Read more >RHSA-2020:0939 - Security Advisory - Red Hat Customer Portal
For further information, refer to the release notes linked to in the ... gadgets in classes of the commons-dbcp package (CVE-2019-16942) ...
Read more >Jackson-databind – remote code execution vulnerability
See the blog post for more information there. ... Block two more gadget types (commons-dbcp, p6spy, CVE-2019-16942 / CVE-2019-16943).
Read more >Security vulnerabilities affect IBM Cloud Object Storage SDK ...
This issue exists because of org.apache.commons.dbcp.datasources. ... affect IBM Spectrum Protect Plus (CVE-2019-16943, CVE-2019-16942, ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@msymons yes, I plan to also publish matching
jackson-bom
.@larrywest 2.9.10.1 is out and I am using it?