CVE-2019-14439
ADVISORY - githubSummary
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2, 2.8.11.4, 2.7.9.6, and 2.6.7.3. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
EPSS Score: 0.10318 (0.929)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Deserialization of Untrusted Data
ADVISORY - github
Deserialization of Untrusted Data
ADVISORY - gitlab
NIST
CREATED
UPDATED
ADVISORY IDCVE-2019-14439
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
7.5highGitHub
CREATED
UPDATED
ADVISORY IDGHSA-gwp4-hfv6-p7hw
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
7.5highDebian
CREATED
UPDATED
ADVISORY IDCVE-2019-14439
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2019-14439
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
7.5mediumRed Hat
CVSS SCORE
7.5mediumintheWild
CREATED
UPDATED
ADVISORY IDCVE-2019-14439
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-