CVE-2019-17531 – jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*
https://notcve.org/view.php?id=CVE-2019-17531
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload. Se detectó un problema de escritura polimórfica en FasterXML jackson-databind versiones 2.0.0 hasta 2.9.10. Cuando Default Typing está habilitado (globalmente o para una propiedad específica) para un endpoint JSON expuesto externamente y el servicio presenta el jar apache-log4j-extra (versión 1.2.x) en el classpath, y un atacante puede proveer un servicio JNDI para acceder, es posible hacer que el servicio ejecute una carga útil maliciosa. • https://access.redhat.com/errata/RHSA-2019:4192 https://access.redhat.com/errata/RHSA-2020:0159 https://access.redhat.com/errata/RHSA-2020:0160 https://access.redhat.com/errata/RHSA-2020:0161 https://access.redhat.com/errata/RHSA-2020:0164 https://access.redhat.com/errata/RHSA-2020:0445 https://github.com/FasterXML/jackson-databind/issues/2498 https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/ • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVE-2019-17359
https://notcve.org/view.php?id=CVE-2019-17359
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64. El analizador ASN.1 en Bouncy Castle Crypto (también se conoce como BC Java) versión 1.63, puede desencadenar un intento de asignación de memoria grande y un error OutOfMemoryError resultante, por medio de datos ASN.1 diseñados. Esto se corrige en la versión 1.64. • https://lists.apache.org/thread.html/r02f887807a49cfd1f1ad53f7a61f3f8e12f60ba2c930bec163031209%40%3Ccommits.tomee.apache.org%3E https://lists.apache.org/thread.html/r16c3a90cb35ae8a9c74fd5c813c16d6ac255709c9f9d71cd409e007d%40%3Ccommits.tomee.apache.org%3E https://lists.apache.org/thread.html/r467ade3fef3493f1fff1a68a256d087874e1f858ad1de7a49fe05d27%40%3Ccommits.tomee.apache.org%3E https://lists.apache.org/thread.html/r4d475dcaf4f57115fa57d8e06c3823ca398b35468429e7946ebaefdc%40%3Ccommits.tomee.apache.org%3E https://lists.apache.org/thread.html/r79b6a6aa0dd1aeb57bd253d94794bc96f1ec005953c4bd5414cc0db0 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2019-17267 – jackson-databind: Serialization gadgets in classes of the ehcache package
https://notcve.org/view.php?id=CVE-2019-17267
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. Se detectó un problema de Escritura Polimórfica en FasterXML jackson-databind versiones anteriores a 2.9.10. Está relacionado con net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. • https://access.redhat.com/errata/RHSA-2019:3200 https://access.redhat.com/errata/RHSA-2020:0159 https://access.redhat.com/errata/RHSA-2020:0160 https://access.redhat.com/errata/RHSA-2020:0161 https://access.redhat.com/errata/RHSA-2020:0164 https://access.redhat.com/errata/RHSA-2020:0445 https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10 https://github.com/FasterXML/jackson-databind/issues/2460 https://lists.apache.or • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-502: Deserialization of Untrusted Data •
CVE-2019-16943 – jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource
https://notcve.org/view.php?id=CVE-2019-16943
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling. Se descubrió un problema de escritura polimórfica en FasterXML jackson-databind versiones 2.0.0 hasta 2.9.10. Cuando la Escritura Predeterminada está habilitada (globalmente o para una propiedad específica) para un end point JSON expuesto externamente y el servicio posee el jar p6spy (versión 3.8.6) en el classpath, y un atacante puede encontrar un end point del servicio RMI para acceder, es posible lograr que el servicio ejecute una carga maliciosa. • https://access.redhat.com/errata/RHSA-2020:0159 https://access.redhat.com/errata/RHSA-2020:0160 https://access.redhat.com/errata/RHSA-2020:0161 https://access.redhat.com/errata/RHSA-2020:0164 https://access.redhat.com/errata/RHSA-2020:0445 https://github.com/FasterXML/jackson-databind/issues/2478 https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd%40%3Ccommit • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-502: Deserialization of Untrusted Data •
CVE-2019-16942 – jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*
https://notcve.org/view.php?id=CVE-2019-16942
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling. Se descubrió un problema de escritura polimórfica en FasterXML jackson-databind versión 2.0.0 hasta 2.9.10. Cuando la Escritura Predeterminada está habilitada (tanto globalmente o para una propiedad específica) para un end point JSON expuesto externamente y el servicio posee el jar commons-dbcp (versión 1.4) en el classpath, y un atacante puede encontrar un end point de servicio RMI para acceder, es posible lograr que el servicio ejecute una carga maliciosa. • https://access.redhat.com/errata/RHSA-2019:3901 https://access.redhat.com/errata/RHSA-2020:0159 https://access.redhat.com/errata/RHSA-2020:0160 https://access.redhat.com/errata/RHSA-2020:0161 https://access.redhat.com/errata/RHSA-2020:0164 https://access.redhat.com/errata/RHSA-2020:0445 https://github.com/FasterXML/jackson-databind/issues/2478 https://issues.apache.org/jira/browse/GEODE-7255 https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-502: Deserialization of Untrusted Data •