|
Vulnerabilities
< Back

CVE-2019-10172

Updated on 18 Nov 2019

Severity

7.5 High severity

Details

CVSS score
7.5
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE ID
Links
NISTCIRCLRHELUbuntu

Overview

About vulnerability

A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.

Details

Affected product:
Apache Hadoop , Apache Hive , Apache Spark , Eclipse Jetty , Hibernate , Jackson , Spring , agepredictor , avro , curator , dropwizard-metrics-hadoop-metrics2-reporter , druid , elasticsearch , esri-geometry-api , google-http-java-client , google-oauth-java-client , hbase , incubator-retired-slider , infinispan , java-driver , jersey , logging-flume , logging-log4j2 , parquet-hadoop , parquet-java , slider-core , solr , tika
Affected packages:
spark-graphx_2.10 @ 2.0.0 (+2228 more)
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.

Fixes