CVE-2019-17267

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
References
Link Resource
https://access.redhat.com/errata/RHSA-2019:3200 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0159 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0160 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0161 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0164 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0445 Third Party Advisory
https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10 Patch Third Party Advisory
https://github.com/FasterXML/jackson-databind/issues/2460 Issue Tracking Third Party Advisory
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/r9d727fc681fb3828794acbefcaee31393742b4d73a29461ccd9597a8%40%3Cdev.skywalking.apache.org%3E
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20191017-0006/ Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2020.html Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*
OR cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*

History

07 Nov 2023, 03:06

Type Values Removed Values Added
References
  • {'url': 'https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E', 'name': '[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E', 'name': '[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E', 'name': '[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E', 'name': '[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E', 'name': '[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E', 'name': '[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/r9d727fc681fb3828794acbefcaee31393742b4d73a29461ccd9597a8@%3Cdev.skywalking.apache.org%3E', 'name': '[skywalking-dev] 20200324 [CVE-2019-17267] Upgrade jackson-databind version to 2.9.10', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • () https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E -
  • () https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E -
  • () https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E -
  • () https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E -
  • () https://lists.apache.org/thread.html/r9d727fc681fb3828794acbefcaee31393742b4d73a29461ccd9597a8%40%3Cdev.skywalking.apache.org%3E -
  • () https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E -
  • () https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E -

22 Feb 2021, 21:39

Type Values Removed Values Added
CPE cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
References (MLIST) https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E - Mailing List, Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E - Mailing List, Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E - Mailing List, Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2020:0160 - (REDHAT) https://access.redhat.com/errata/RHSA-2020:0160 - Third Party Advisory
References (MISC) https://www.oracle.com/security-alerts/cpujul2020.html - (MISC) https://www.oracle.com/security-alerts/cpujul2020.html - Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E - Mailing List, Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E - Mailing List, Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2020:0445 - (REDHAT) https://access.redhat.com/errata/RHSA-2020:0445 - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2019:3200 - (REDHAT) https://access.redhat.com/errata/RHSA-2019:3200 - Third Party Advisory
References (MISC) https://github.com/FasterXML/jackson-databind/issues/2460 - Issue Tracking, Patch, Third Party Advisory (MISC) https://github.com/FasterXML/jackson-databind/issues/2460 - Issue Tracking, Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2020:0159 - (REDHAT) https://access.redhat.com/errata/RHSA-2020:0159 - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2020:0164 - (REDHAT) https://access.redhat.com/errata/RHSA-2020:0164 - Third Party Advisory
References (MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - (MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html - (MLIST) https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html - Mailing List, Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2020:0161 - (REDHAT) https://access.redhat.com/errata/RHSA-2020:0161 - Third Party Advisory
References (CONFIRM) https://security.netapp.com/advisory/ntap-20191017-0006/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20191017-0006/ - Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/r9d727fc681fb3828794acbefcaee31393742b4d73a29461ccd9597a8@%3Cdev.skywalking.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/r9d727fc681fb3828794acbefcaee31393742b4d73a29461ccd9597a8@%3Cdev.skywalking.apache.org%3E - Mailing List, Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E - Mailing List, Third Party Advisory
References (MISC) https://www.oracle.com/security-alerts/cpujan2020.html - (MISC) https://www.oracle.com/security-alerts/cpujan2020.html - Third Party Advisory
References (MISC) https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10 - Release Notes, Third Party Advisory (MISC) https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10 - Patch, Third Party Advisory

Information

Published : 2019-10-07 00:15

Updated : 2023-12-10 13:13


NVD link : CVE-2019-17267

Mitre link : CVE-2019-17267

CVE.ORG link : CVE-2019-17267


JSON object : View

Products Affected

oracle

  • goldengate_application_adapters
  • weblogic_server
  • retail_customer_management_and_segmentation_foundation
  • customer_management_and_segmentation_foundation

netapp

  • steelstore_cloud_integrated_storage
  • service_level_manager
  • oncommand_api_services
  • active_iq_unified_manager
  • oncommand_workflow_automation

debian

  • debian_linux

redhat

  • jboss_enterprise_application_platform
  • enterprise_linux

fasterxml

  • jackson-databind
CWE
CWE-502

Deserialization of Untrusted Data