Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Block two more gadget types (commons-dbcp, p6spy, CVE-2019-16942 / CVE-2019-16943)

See original GitHub issue

Another 2 gadget (*) types reported regarding classes of commons-dbcp and p6spy packages. See https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 for description of the general problem.

Mitre id: CVE-2019-16942 (commons-dbcp) Mitre id: CVE-2019-16943 (p6spy) Reporter: b5mali4

Fixed in:

  • 2.9.10.1 (use jackson-bom version 2.9.10.20191020)
  • 2.6.7.3
  • 2.8.11.5
  • does not affect 2.10.0 and later

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:14 (6 by maintainers)

github_iconTop GitHub Comments

4reactions
cowtowncodercommented, Oct 15, 2019

@msymons yes, I plan to also publish matching jackson-bom.

2reactions
mellowarecommented, Nov 6, 2019

@larrywest 2.9.10.1 is out and I am using it?

Read more comments on GitHub >

github_iconTop Results From Across the Web

Debian Bug report logs - #941530 jackson-databind: CVE ...
Fix CVE-2019-16942 and CVE-2019-16943. Block two more gadget types (commons-dbcp, p6spy). (Closes: #941530) Checksums-Sha1: ...
Read more >
CVE-2019-16942 | Vulnerability Database - Debricked
Block two more gadget types (commons-dbcp, p6spy, CVE-2019-16942 / CVE-2019-16943) · Issue #2478 · FasterXML/jackson-databind · GitHub. launch. Github.com.
Read more >
RHSA-2020:0939 - Security Advisory - Red Hat Customer Portal
For further information, refer to the release notes linked to in the ... gadgets in classes of the commons-dbcp package (CVE-2019-16942) ...
Read more >
Jackson-databind – remote code execution vulnerability
See the blog post for more information there. ... Block two more gadget types (commons-dbcp, p6spy, CVE-2019-16942 / CVE-2019-16943).
Read more >
Security vulnerabilities affect IBM Cloud Object Storage SDK ...
This issue exists because of org.apache.commons.dbcp.datasources. ... affect IBM Spectrum Protect Plus (CVE-2019-16943, CVE-2019-16942, ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

`AnnotatedMethod.getValue()/setValue()` doesn't have useful exception message

Next page

Version scheme used by project