VDB
RHSA-2019%3A3002
RHSA-2019%3A3002
PUBLISHED
CVSS 5.599999904632568 MEDIUM
A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using MyBatis classes when using DefaultTyping. An attacker could use this flaw to achieve content exfiltration and possibly conduct further attacks.
Risk Scores
CVSS 3.0
5.599999904632568
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Fuse Intergration Services 2.0 based on Fuse 6.3 R13 |
Timeline
- Oct 10, 2019 CVE Published
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2019:3002 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/articles/3060411 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1666415 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1666418 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1666482 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1666484 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1666489 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1671096 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1671097 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1677341 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_3002.json advisory
- https://access.redhat.com/security/cve/CVE-2018-11307 advisory
- https://www.cve.org/CVERecord?id=CVE-2018-11307 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2018-11307 advisory
- https://access.redhat.com/security/cve/CVE-2018-12022 advisory
- https://www.cve.org/CVERecord?id=CVE-2018-12022 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2018-12022 advisory
- https://access.redhat.com/security/cve/CVE-2018-12023 advisory
- https://www.cve.org/CVERecord?id=CVE-2018-12023 advisory
…and 16 more