安全研究
安全漏洞
FasterXML Jackson-databind远程代码执行漏洞
发布日期:2018-02-26
更新日期:2019-10-17
受影响系统:
FasterXML jackson-databind 2.x < 2.9.8描述:
BUGTRAQ ID: 107985
CVE(CAN) ID: CVE-2018-19362
FasterXML Jackson是一款适用于Java的数据处理工具。jackson-databind是其中的一个具有数据绑定功能的组件。
FasterXML Jackson-databind 2.9.8之前的2.x版本中存在安全漏洞。远程攻击者可通过多态反序列化内的jboss-common-core类,利用该漏洞执行代码。
<*来源:unknown
*>
建议:
厂商补丁:
FasterXML
---------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8
参考:
BID:107985
URL:http://www.securityfocus.com/bid/107985
BUGTRAQ:20190527 [SECURITY] [DSA 4452-1] jackson-databind security update
URL:https://seclists.org/bugtraq/2019/May/68
CONFIRM:https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
CONFIRM:https://github.com/FasterXML/jackson-databind/issues/2186
CONFIRM:https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8
CONFIRM:https://issues.apache.org/jira/browse/TINKERPOP-2121
CONFIRM:https://security.netapp.com/advisory/ntap-20190530-0003/
DEBIAN:DSA-4452
URL:https://www.debian.org/security/2019/dsa-4452
MISC:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
MLIST:[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update
URL:https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html
MLIST:[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities
URL:https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E
MLIST:[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities
URL:https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E
MLIST:[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1
URL:https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E
REDHAT:RHBA-2019:0959
URL:https://access.redhat.com/errata/RHBA-2019:0959
REDHAT:RHSA-2019:0782
URL:https://access.redhat.com/errata/RHSA-2019:0782
REDHAT:RHSA-2019:0877
URL:https://access.redhat.com/errata/RHSA-2019:0877
REDHAT:RHSA-2019:1782
URL:https://access.redhat.com/errata/RHSA-2019:1782
REDHAT:RHSA-2019:1797
URL:https://access.redhat.com/errata/RHSA-2019:1797
REDHAT:RHSA-2019:1822
URL:https://access.redhat.com/errata/RHSA-2019:1822
REDHAT:RHSA-2019:1823
URL:https://access.redhat.com/errata/RHSA-2019:1823
REDHAT:RHSA-2019:2804
URL:https://access.redhat.com/errata/RHSA-2019:2804
REDHAT:RHSA-2019:2858
URL:https://access.redhat.com/errata/RHSA-2019:2858
REDHAT:RHSA-2019:3002
URL:https://access.redhat.com/errata/RHSA-2019:3002
浏览次数:1226
严重程度:0(网友投票)
绿盟科技给您安全的保障