|
Vulnerabilities
< Back

CVE-2019-10202

Updated on 01 Oct 2019

Severity

9.8 Critical severity

Details

CVSS score
9.8
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE ID
Links
NISTCIRCLRHELUbuntu

Overview

About vulnerability

A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.

Details

Affected product:
Apache Hadoop , Apache Hive , Apache Spark , Eclipse Jetty , Hibernate , Jackson , Spring , agepredictor , avro , curator , dropwizard-metrics-hadoop-metrics2-reporter , druid , elasticsearch , esri-geometry-api , google-http-java-client , google-oauth-java-client , hbase , incubator-retired-slider , infinispan , java-driver , jersey , logging-flume , logging-log4j2 , parquet-hadoop , parquet-java , slider-core , solr , tika
Affected packages:
jetty-alpn-server @ 9.4.50.v20221201 (+2228 more)
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.

Fixes