CVE-2019-16335

CWE-502Deserialization of Untrusted Data11 documents8 sources
Severity
9.8CRITICAL
EPSS
0.7%
top 29.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
Fasterxml Jackson-databindOracle Global Lifecycle Management OpatchOracle Goldengate Stream Analytics+11 more
Timeline
PublishedSep 15
Latest updateMar 15

Description

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages14 packages

NVDfasterxml/jackson-databind2.0.02.6.7.3+2
Debianjackson-databind< 2.10.0-1+3
NVDoracle/global_lifecycle_management_opatch12.2.0.1.012.2.0.1.19+2

Also affects: Debian Linux 10.0, 8.0, 9.0, Fedora 30, 31

Patches

Patch: github.comPatch: www.oracle.comPatch: github.com

🔴Vulnerability Details

5
OSV
jackson-databind vulnerabilities2021-03-15
GHSA
Polymorphic Typing issue in FasterXML jackson-databind2019-09-23
OSV
Polymorphic Typing issue in FasterXML jackson-databind2019-09-23
OSV
CVE-2019-16335: A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 22019-09-15
CVEList
CVE-2019-16335: A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 22019-09-15

📋Vendor Advisories

3
Ubuntu
Jackson Databind vulnerabilities2021-03-15
Red Hat
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource2019-09-15
Debian
CVE-2019-16335: jackson-databind - A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2...2019

💬Community

2
Bugzilla
CVE-2019-16335 jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource [fedora-all]2019-09-26
Bugzilla
CVE-2019-16335 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource2019-09-26
CVE-2019-16335 (CRITICAL CVSS 9.8) | A Polymorphic Typing issue was disc | cvebase.io