CVE-2019-20330: FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.

54 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	jackson-databind	< jackson-databind 2.10.1-1 (bookworm)	jackson-databind 2.10.1-1 (bookworm)
fasterxml	jackson-databind	>= 0 < 2.10.1-1	2.10.1-1
fasterxml	jackson-databind	>= 0 < 2.10.1-1	2.10.1-1
fasterxml	jackson-databind	>= 0 < 2.10.1-1	2.10.1-1
fasterxml	jackson-databind	>= 0 < 2.10.1-1	2.10.1-1
fasterxml	jackson-databind	>= 0 < 2.4.2-3ubuntu0.1~esm2	2.4.2-3ubuntu0.1~esm2
fasterxml	jackson-databind	>= 2.0.0 < 2.7.9.7	2.7.9.7
fasterxml	jackson-databind	>= 2.8.0 < 2.8.11.5	2.8.11.5
fasterxml	jackson-databind	>= 2.9.0 < 2.9.10.2	2.9.10.2
netapp	active_iq_unified_manager	>= 7.3	—
netapp	active_iq_unified_manager	>= 9.5	—
oracle	banking_platform	2.4.0 – 2.9.0	—
oracle	communications_billing_and_revenue_management	—	—
oracle	communications_billing_and_revenue_management	—	—
oracle	communications_cloud_native_core_network_slice_selection_function	—	—
oracle	communications_contacts_server	—	—
oracle	communications_evolved_communications_application_server	—	—
oracle	communications_instant_messaging_server	—	—
oracle	communications_network_charging_and_control	—	—
oracle	communications_network_charging_and_control	12.0.0 – 12.0.3	—
oracle	customer_management_and_segmentation_foundation	—	—
oracle	enterprise_manager_base_platform	—	—
oracle	enterprise_manager_base_platform	—	—
oracle	global_lifecycle_management_opatch	< 11.2.0.3.23	11.2.0.3.23

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

osv9.8CRITICAL