[Bug 1713468] New: CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
2:23 p.m.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Bug ID: 1713468
Summary: CVE-2019-12086 jackson-databind: polymorphic typing
issue allows attacker to read arbitrary local files on
the server.
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=moderate,public=20190514,reported=20190518,sour
ce=cve,cvss3=7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/
I:N/A:N,cwe=CWE-502->CWE-200,fuse-6/jackson-databind=n
ew,fuse-7/jackson-databind=new,eap-7/jackson-databind=
new,rhdm-7/jackson-databind=new,rhpam-7/jackson-databi
nd=new,rhscl-3/rh-maven35-jackson-databind=new,openshi
ft-enterprise-3/jackson-databind=new,rhn_satellite_6/j
ackson-databind=new,vertx-3/jackson-databind=new,rhsso
-7/jackson-databind=new,rhmap-4/jackson-databind=new,b
pms-6/jackson-databind=new,swarm-7/jackson-databind=ne
w,amq-6/jackson-databind=new,amq-st/jackson-databind=n
ew,fedora-all/jackson-databind=affected,rhel-8/pki-dep
s:10.6/jackson-databind=new,openstack-10/opendaylight=
new,openstack-13/opendaylight=new,openstack-14/openday
light=new,openstack-8/opendaylight=new,openstack-9/ope
ndaylight=new
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: msiddiqu(a)redhat.com
CC: ahardin(a)redhat.com, aileenc(a)redhat.com,
akoufoud(a)redhat.com, alazarot(a)redhat.com,
almorale(a)redhat.com, anstephe(a)redhat.com,
ataylor(a)redhat.com, avibelli(a)redhat.com,
bbuckingham(a)redhat.com, bcourt(a)redhat.com,
bgeorges(a)redhat.com, bkearney(a)redhat.com,
bleanhar(a)redhat.com, bmaxwell(a)redhat.com,
btotty(a)redhat.com, cbyrne(a)redhat.com,
ccoleman(a)redhat.com, cdewolf(a)redhat.com,
chazlett(a)redhat.com, cmacedo(a)redhat.com,
csutherl(a)redhat.com, darran.lofthouse(a)redhat.com,
dbecker(a)redhat.com, dedgar(a)redhat.com,
dffrench(a)redhat.com, dosoudil(a)redhat.com,
drieden(a)redhat.com, drusso(a)redhat.com,
eparis(a)redhat.com, etirelli(a)redhat.com,
hhorak(a)redhat.com, hhudgeon(a)redhat.com,
ibek(a)redhat.com, janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jbalunas(a)redhat.com,
jgoulding(a)redhat.com, jjoyce(a)redhat.com,
jkurik(a)redhat.com, jmadigan(a)redhat.com,
jochrist(a)redhat.com, jokerman(a)redhat.com,
jorton(a)redhat.com, jpallich(a)redhat.com,
jschluet(a)redhat.com, jshepherd(a)redhat.com,
kbasil(a)redhat.com, krathod(a)redhat.com,
kverlaen(a)redhat.com, lef(a)fedoraproject.org,
lgao(a)redhat.com, lhh(a)redhat.com, lpeer(a)redhat.com,
lpetrovi(a)redhat.com, lthon(a)redhat.com,
lzap(a)redhat.com, mat.booth(a)redhat.com,
mburns(a)redhat.com, mchappel(a)redhat.com,
mhulan(a)redhat.com, mkolesni(a)redhat.com,
mmccune(a)redhat.com, mnovotny(a)redhat.com,
mszynkie(a)redhat.com, ngough(a)redhat.com,
paradhya(a)redhat.com, pdrozd(a)redhat.com,
pgallagh(a)redhat.com, pgier(a)redhat.com,
ppenicka(a)redhat.com, psakar(a)redhat.com,
pslavice(a)redhat.com, psotirop(a)redhat.com,
puntogil(a)libero.it, pwright(a)redhat.com,
rchan(a)redhat.com, rhcs-maint(a)redhat.com,
rjerrido(a)redhat.com, rnetuka(a)redhat.com,
rrajasek(a)redhat.com, rruss(a)redhat.com,
rsvoboda(a)redhat.com, rsynek(a)redhat.com,
sclewis(a)redhat.com, scohen(a)redhat.com,
sdaley(a)redhat.com, slinaber(a)redhat.com,
sthorger(a)redhat.com, tbrisker(a)redhat.com,
tom.jenkinson(a)redhat.com, trepel(a)redhat.com,
trogers(a)redhat.com, twalsh(a)redhat.com,
vtunka(a)redhat.com
Target Milestone: ---
Classification: Other
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x
before 2.9.9. When Default Typing is enabled (either globally or for a specific
property) for an externally exposed JSON endpoint, the service has the
mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker
can host a crafted MySQL server reachable by the victim, an attacker can send a
crafted JSON message that allows them to read arbitrary local files on the
server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin
validation.
Upstream patch:
https://github.com/FasterXML/jackson-databind/commit/dda513bd7251b4f32b7b...
Upstream issue:
https://github.com/FasterXML/jackson-databind/issues/2326
References:
https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9
https://issues.jboss.org/browse/RESTEASY-2248
http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/
https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-...
--
You are receiving this mail because:
You are on the CC list for the bug.
2:24 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
msiddiqu(a)redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1713469
--- Comment #1 from msiddiqu(a)redhat.com ---
Created jackson-databind tracking bugs for this issue:
Affects: fedora-all [bug 1713469]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1713469
[Bug 1713469] CVE-2019-12086 jackson-databind: polymorphic typing issue allows
attacker to read arbitrary local files on the server. [fedora-all]
--
You are receiving this mail because:
You are on the CC list for the bug.
2:51 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
msiddiqu(a)redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |1713470
--
You are receiving this mail because:
You are on the CC list for the bug.
9:09 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Sam Fowler <sfowler(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2019 |impact=moderate,public=2019
|0514,reported=20190518,sour |0514,reported=20190518,sour
|ce=cve,cvss3=7.5/CVSS:3.0/A |ce=cve,cvss3=7.5/CVSS:3.0/A
|V:N/AC:L/PR:N/UI:N/S:U/C:H/ |V:N/AC:L/PR:N/UI:N/S:U/C:H/
|I:N/A:N,cwe=CWE-502->CWE-20 |I:N/A:N,cwe=CWE-502->CWE-20
|0,fuse-6/jackson-databind=n |0,fuse-6/jackson-databind=n
|ew,fuse-7/jackson-databind= |ew,fuse-7/jackson-databind=
|new,eap-7/jackson-databind= |new,eap-7/jackson-databind=
|new,rhdm-7/jackson-databind |new,rhdm-7/jackson-databind
|=new,rhpam-7/jackson-databi |=new,rhpam-7/jackson-databi
|nd=new,rhscl-3/rh-maven35-j |nd=new,rhscl-3/rh-maven35-j
|ackson-databind=new,openshi |ackson-databind=new,openshi
|ft-enterprise-3/jackson-dat |ft-enterprise-3.11/ose-logg
|abind=new,rhn_satellite_6/j |ing-elasticsearch5=new,rhn_
|ackson-databind=new,vertx-3 |satellite_6/jackson-databin
|/jackson-databind=new,rhsso |d=new,vertx-3/jackson-datab
|-7/jackson-databind=new,rhm |ind=new,rhsso-7/jackson-dat
|ap-4/jackson-databind=new,b |abind=new,rhmap-4/jackson-d
|pms-6/jackson-databind=new, |atabind=new,bpms-6/jackson-
|swarm-7/jackson-databind=ne |databind=new,swarm-7/jackso
|w,amq-6/jackson-databind=ne |n-databind=new,amq-6/jackso
|w,amq-st/jackson-databind=n |n-databind=new,amq-st/jacks
|ew,fedora-all/jackson-datab |on-databind=new,fedora-all/
|ind=affected,rhel-8/pki-dep |jackson-databind=affected,r
|s:10.6/jackson-databind=new |hel-8/pki-deps:10.6/jackson
|,openstack-10/opendaylight= |-databind=new,openstack-10/
|new,openstack-13/opendaylig |opendaylight=new,openstack-
|ht=new,openstack-14/openday |13/opendaylight=new,opensta
|light=new,openstack-8/opend |ck-14/opendaylight=new,open
|aylight=new,openstack-9/ope |stack-8/opendaylight=new,op
|ndaylight=new |enstack-9/opendaylight=new
--
You are receiving this mail because:
You are on the CC list for the bug.
4:09 a.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Joshua Padman <jpadman(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2019 |impact=moderate,public=2019
|0514,reported=20190518,sour |0514,reported=20190518,sour
|ce=cve,cvss3=7.5/CVSS:3.0/A |ce=cve,cvss3=7.5/CVSS:3.0/A
|V:N/AC:L/PR:N/UI:N/S:U/C:H/ |V:N/AC:L/PR:N/UI:N/S:U/C:H/
|I:N/A:N,cwe=CWE-502->CWE-20 |I:N/A:N,cwe=CWE-502->CWE-20
|0,fuse-6/jackson-databind=n |0,fuse-6/jackson-databind=n
|ew,fuse-7/jackson-databind= |ew,fuse-7/jackson-databind=
|new,eap-7/jackson-databind= |new,eap-7/jackson-databind=
|new,rhdm-7/jackson-databind |new,rhdm-7/jackson-databind
|=new,rhpam-7/jackson-databi |=new,rhpam-7/jackson-databi
|nd=new,rhscl-3/rh-maven35-j |nd=new,rhscl-3/rh-maven35-j
|ackson-databind=new,openshi |ackson-databind=new,openshi
|ft-enterprise-3.11/ose-logg |ft-enterprise-3.11/ose-logg
|ing-elasticsearch5=new,rhn_ |ing-elasticsearch5=new,rhn_
|satellite_6/jackson-databin |satellite_6/jackson-databin
|d=new,vertx-3/jackson-datab |d=new,vertx-3/jackson-datab
|ind=new,rhsso-7/jackson-dat |ind=new,rhsso-7/jackson-dat
|abind=new,rhmap-4/jackson-d |abind=new,rhmap-4/jackson-d
|atabind=new,bpms-6/jackson- |atabind=new,bpms-6/jackson-
|databind=new,swarm-7/jackso |databind=new,swarm-7/jackso
|n-databind=new,amq-6/jackso |n-databind=new,amq-6/jackso
|n-databind=new,amq-st/jacks |n-databind=new,amq-st/jacks
|on-databind=new,fedora-all/ |on-databind=new,fedora-all/
|jackson-databind=affected,r |jackson-databind=affected,r
|hel-8/pki-deps:10.6/jackson |hel-8/pki-deps:10.6/jackson
|-databind=new,openstack-10/ |-databind=new,openstack-10/
|opendaylight=new,openstack- |opendaylight=new,openstack-
|13/opendaylight=new,opensta |13/opendaylight=new,opensta
|ck-14/opendaylight=new,open |ck-14/opendaylight=new,open
|stack-8/opendaylight=new,op |stack-9/opendaylight=new
|enstack-9/opendaylight=new |
--- Comment #3 from Joshua Padman <jpadman(a)redhat.com> ---
OpenDaylight in Red Hat OpenStack 9 & 10 was released as a technical preview
and will not be receiving security updates.
--
You are receiving this mail because:
You are on the CC list for the bug.
10:31 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Joshua Padman <jpadman(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2019 |impact=moderate,public=2019
|0514,reported=20190518,sour |0514,reported=20190518,sour
|ce=cve,cvss3=7.5/CVSS:3.0/A |ce=cve,cvss3=7.5/CVSS:3.0/A
|V:N/AC:L/PR:N/UI:N/S:U/C:H/ |V:N/AC:L/PR:N/UI:N/S:U/C:H/
|I:N/A:N,cwe=CWE-502->CWE-20 |I:N/A:N,cwe=CWE-502->CWE-20
|0,fuse-6/jackson-databind=n |0,fuse-6/jackson-databind=n
|ew,fuse-7/jackson-databind= |ew,fuse-7/jackson-databind=
|new,eap-7/jackson-databind= |new,eap-7/jackson-databind=
|new,rhdm-7/jackson-databind |new,rhdm-7/jackson-databind
|=new,rhpam-7/jackson-databi |=new,rhpam-7/jackson-databi
|nd=new,rhscl-3/rh-maven35-j |nd=new,rhscl-3/rh-maven35-j
|ackson-databind=new,openshi |ackson-databind=new,openshi
|ft-enterprise-3.11/ose-logg |ft-enterprise-3.11/ose-logg
|ing-elasticsearch5=new,rhn_ |ing-elasticsearch5=new,rhn_
|satellite_6/jackson-databin |satellite_6/jackson-databin
|d=new,vertx-3/jackson-datab |d=new,vertx-3/jackson-datab
|ind=new,rhsso-7/jackson-dat |ind=new,rhsso-7/jackson-dat
|abind=new,rhmap-4/jackson-d |abind=new,rhmap-4/jackson-d
|atabind=new,bpms-6/jackson- |atabind=new,bpms-6/jackson-
|databind=new,swarm-7/jackso |databind=new,swarm-7/jackso
|n-databind=new,amq-6/jackso |n-databind=new,amq-6/jackso
|n-databind=new,amq-st/jacks |n-databind=new,amq-st/jacks
|on-databind=new,fedora-all/ |on-databind=new,fedora-all/
|jackson-databind=affected,r |jackson-databind=affected,r
|hel-8/pki-deps:10.6/jackson |hel-8/pki-deps:10.6/jackson
|-databind=new,openstack-10/ |-databind=new,openstack-10/
|opendaylight=new,openstack- |opendaylight=new,openstack-
|13/opendaylight=new,opensta |13/opendaylight=wontfix,ope
|ck-14/opendaylight=new,open |nstack-14/opendaylight=wont
|stack-9/opendaylight=new |fix,openstack-9/opendayligh
| |t=new
--
You are receiving this mail because:
You are on the CC list for the bug.
10:38 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
--- Comment #4 from Joshua Padman <jpadman(a)redhat.com> ---
All versions of Red Hat OpenStack's OpenDaylight ships with the vulnerable
package. However, OpenDaylight will not receive a fix for this issue at this
time.
--
You are receiving this mail because:
You are on the CC list for the bug.
2:53 a.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Kunjan Rathod <krathod(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2019 |impact=moderate,public=2019
|0514,reported=20190518,sour |0514,reported=20190518,sour
|ce=cve,cvss3=7.5/CVSS:3.0/A |ce=cve,cvss3=7.5/CVSS:3.0/A
|V:N/AC:L/PR:N/UI:N/S:U/C:H/ |V:N/AC:L/PR:N/UI:N/S:U/C:H/
|I:N/A:N,cwe=CWE-502->CWE-20 |I:N/A:N,cwe=CWE-502->CWE-20
|0,fuse-6/jackson-databind=n |0,fuse-6/jackson-databind=n
|ew,fuse-7/jackson-databind= |ew,fuse-7/jackson-databind=
|new,eap-7/jackson-databind= |new,eap-7/jackson-databind=
|new,rhdm-7/jackson-databind |affected,rhdm-7/jackson-dat
|=new,rhpam-7/jackson-databi |abind=new,rhpam-7/jackson-d
|nd=new,rhscl-3/rh-maven35-j |atabind=new,rhscl-3/rh-mave
|ackson-databind=new,openshi |n35-jackson-databind=new,op
|ft-enterprise-3.11/ose-logg |enshift-enterprise-3.11/ose
|ing-elasticsearch5=new,rhn_ |-logging-elasticsearch5=new
|satellite_6/jackson-databin |,rhn_satellite_6/jackson-da
|d=new,vertx-3/jackson-datab |tabind=new,vertx-3/jackson-
|ind=new,rhsso-7/jackson-dat |databind=new,rhsso-7/jackso
|abind=new,rhmap-4/jackson-d |n-databind=new,rhmap-4/jack
|atabind=new,bpms-6/jackson- |son-databind=new,bpms-6/jac
|databind=new,swarm-7/jackso |kson-databind=new,swarm-7/j
|n-databind=new,amq-6/jackso |ackson-databind=new,amq-6/j
|n-databind=new,amq-st/jacks |ackson-databind=new,amq-st/
|on-databind=new,fedora-all/ |jackson-databind=new,fedora
|jackson-databind=affected,r |-all/jackson-databind=affec
|hel-8/pki-deps:10.6/jackson |ted,rhel-8/pki-deps:10.6/ja
|-databind=new,openstack-10/ |ckson-databind=new,openstac
|opendaylight=new,openstack- |k-10/opendaylight=new,opens
|13/opendaylight=wontfix,ope |tack-13/opendaylight=wontfi
|nstack-14/opendaylight=wont |x,openstack-14/opendaylight
|fix,openstack-9/opendayligh |=wontfix,openstack-9/openda
|t=new |ylight=new
--
You are receiving this mail because:
You are on the CC list for the bug.
1:32 a.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2019 |impact=moderate,public=2019
|0514,reported=20190518,sour |0514,reported=20190518,sour
|ce=cve,cvss3=7.5/CVSS:3.0/A |ce=cve,cvss3=7.5/CVSS:3.0/A
|V:N/AC:L/PR:N/UI:N/S:U/C:H/ |V:N/AC:L/PR:N/UI:N/S:U/C:H/
|I:N/A:N,cwe=CWE-502->CWE-20 |I:N/A:N,cwe=CWE-502->CWE-20
|0,fuse-6/jackson-databind=n |0,fuse-6/jackson-databind=n
|ew,fuse-7/jackson-databind= |ew,fuse-7/jackson-databind=
|new,eap-7/jackson-databind= |new,eap-7/jackson-databind=
|affected,rhdm-7/jackson-dat |affected,rhdm-7/jackson-dat
|abind=new,rhpam-7/jackson-d |abind=new,rhpam-7/jackson-d
|atabind=new,rhscl-3/rh-mave |atabind=new,rhscl-3/rh-mave
|n35-jackson-databind=new,op |n35-jackson-databind=affect
|enshift-enterprise-3.11/ose |ed,openshift-enterprise-3.1
|-logging-elasticsearch5=new |1/ose-logging-elasticsearch
|,rhn_satellite_6/jackson-da |5=new,rhn_satellite_6/jacks
|tabind=new,vertx-3/jackson- |on-databind=affected,vertx-
|databind=new,rhsso-7/jackso |3/jackson-databind=new,rhss
|n-databind=new,rhmap-4/jack |o-7/jackson-databind=new,rh
|son-databind=new,bpms-6/jac |map-4/jackson-databind=new,
|kson-databind=new,swarm-7/j |bpms-6/jackson-databind=new
|ackson-databind=new,amq-6/j |,swarm-7/jackson-databind=n
|ackson-databind=new,amq-st/ |ew,amq-6/jackson-databind=n
|jackson-databind=new,fedora |ew,amq-st/jackson-databind=
|-all/jackson-databind=affec |new,fedora-all/jackson-data
|ted,rhel-8/pki-deps:10.6/ja |bind=affected,rhel-8/pki-de
|ckson-databind=new,openstac |ps:10.6/jackson-databind=af
|k-10/opendaylight=new,opens |fected,openstack-10/openday
|tack-13/opendaylight=wontfi |light=new,openstack-13/open
|x,openstack-14/opendaylight |daylight=wontfix,openstack-
|=wontfix,openstack-9/openda |14/opendaylight=wontfix,ope
|ylight=new |nstack-9/opendaylight=new
--
You are receiving this mail because:
You are on the CC list for the bug.
1:33 a.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1724442, 1724441, 1724443
--
You are receiving this mail because:
You are on the CC list for the bug.
9:21 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Sam Fowler <sfowler(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2019 |impact=moderate,public=2019
|0514,reported=20190518,sour |0514,reported=20190518,sour
|ce=cve,cvss3=7.5/CVSS:3.0/A |ce=cve,cvss3=7.5/CVSS:3.0/A
|V:N/AC:L/PR:N/UI:N/S:U/C:H/ |V:N/AC:L/PR:N/UI:N/S:U/C:H/
|I:N/A:N,cwe=CWE-502->CWE-20 |I:N/A:N,cwe=CWE-502->CWE-20
|0,fuse-6/jackson-databind=n |0,fuse-6/jackson-databind=n
|ew,fuse-7/jackson-databind= |ew,fuse-7/jackson-databind=
|new,eap-7/jackson-databind= |new,eap-7/jackson-databind=
|affected,rhdm-7/jackson-dat |affected,rhdm-7/jackson-dat
|abind=new,rhpam-7/jackson-d |abind=new,rhpam-7/jackson-d
|atabind=new,rhscl-3/rh-mave |atabind=new,rhscl-3/rh-mave
|n35-jackson-databind=affect |n35-jackson-databind=affect
|ed,openshift-enterprise-3.1 |ed,openshift-enterprise-3.1
|1/ose-logging-elasticsearch |1/ose-logging-elasticsearch
|5=new,rhn_satellite_6/jacks |5=new,openshift-enterprise-
|on-databind=affected,vertx- |3.10/elasticsearch-cloud-ku
|3/jackson-databind=new,rhss |bernetes=new,openshift-ente
|o-7/jackson-databind=new,rh |rprise-3.9/elasticsearch-cl
|map-4/jackson-databind=new, |oud-kubernetes=new,openshif
|bpms-6/jackson-databind=new |t-enterprise-3.7/elasticsea
|,swarm-7/jackson-databind=n |rch-cloud-kubernetes=new,op
|ew,amq-6/jackson-databind=n |enshift-enterprise-3.6/elas
|ew,amq-st/jackson-databind= |ticsearch-cloud-kubernetes=
|new,fedora-all/jackson-data |new,openshift-enterprise-3.
|bind=affected,rhel-8/pki-de |10/openshift-elasticsearch-
|ps:10.6/jackson-databind=af |plugin=new,openshift-enterp
|fected,openstack-10/openday |rise-3.9/openshift-elastics
|light=new,openstack-13/open |earch-plugin=new,openshift-
|daylight=wontfix,openstack- |enterprise-3.7/openshift-el
|14/opendaylight=wontfix,ope |asticsearch-plugin=new,open
|nstack-9/opendaylight=new |shift-enterprise-3.6/opensh
| |ift-elasticsearch-plugin=ne
| |w,rhn_satellite_6/jackson-d
| |atabind=affected,vertx-3/ja
| |ckson-databind=new,rhsso-7/
| |jackson-databind=new,rhmap-
| |4/jackson-databind=new,bpms
| |-6/jackson-databind=new,swa
| |rm-7/jackson-databind=new,a
| |mq-6/jackson-databind=new,a
| |mq-st/jackson-databind=new,
| |fedora-all/jackson-databind
| |=affected,rhel-8/pki-deps:1
| |0.6/jackson-databind=affect
| |ed,openstack-10/opendayligh
| |t=new,openstack-13/opendayl
| |ight=wontfix,openstack-14/o
| |pendaylight=wontfix,opensta
| |ck-9/opendaylight=new
--
You are receiving this mail because:
You are on the CC list for the bug.
11:27 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Sam Fowler <sfowler(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2019 |impact=moderate,public=2019
|0514,reported=20190518,sour |0514,reported=20190518,sour
|ce=cve,cvss3=7.5/CVSS:3.0/A |ce=cve,cvss3=7.5/CVSS:3.0/A
|V:N/AC:L/PR:N/UI:N/S:U/C:H/ |V:N/AC:L/PR:N/UI:N/S:U/C:H/
|I:N/A:N,cwe=CWE-502->CWE-20 |I:N/A:N,cwe=CWE-502->CWE-20
|0,fuse-6/jackson-databind=n |0,fuse-6/jackson-databind=n
|ew,fuse-7/jackson-databind= |ew,fuse-7/jackson-databind=
|new,eap-7/jackson-databind= |new,eap-7/jackson-databind=
|affected,rhdm-7/jackson-dat |affected,rhdm-7/jackson-dat
|abind=new,rhpam-7/jackson-d |abind=new,rhpam-7/jackson-d
|atabind=new,rhscl-3/rh-mave |atabind=new,rhscl-3/rh-mave
|n35-jackson-databind=affect |n35-jackson-databind=affect
|ed,openshift-enterprise-3.1 |ed,openshift-enterprise-3.1
|1/ose-logging-elasticsearch |1/logging-elasticsearch5-co
|5=new,openshift-enterprise- |ntainer=new,openshift-enter
|3.10/elasticsearch-cloud-ku |prise-3.10/elasticsearch-cl
|bernetes=new,openshift-ente |oud-kubernetes=new,openshif
|rprise-3.9/elasticsearch-cl |t-enterprise-3.9/elasticsea
|oud-kubernetes=new,openshif |rch-cloud-kubernetes=new,op
|t-enterprise-3.7/elasticsea |enshift-enterprise-3.7/elas
|rch-cloud-kubernetes=new,op |ticsearch-cloud-kubernetes=
|enshift-enterprise-3.6/elas |new,openshift-enterprise-3.
|ticsearch-cloud-kubernetes= |6/elasticsearch-cloud-kuber
|new,openshift-enterprise-3. |netes=new,openshift-enterpr
|10/openshift-elasticsearch- |ise-3.10/openshift-elastics
|plugin=new,openshift-enterp |earch-plugin=new,openshift-
|rise-3.9/openshift-elastics |enterprise-3.9/openshift-el
|earch-plugin=new,openshift- |asticsearch-plugin=new,open
|enterprise-3.7/openshift-el |shift-enterprise-3.7/opensh
|asticsearch-plugin=new,open |ift-elasticsearch-plugin=ne
|shift-enterprise-3.6/opensh |w,openshift-enterprise-3.6/
|ift-elasticsearch-plugin=ne |openshift-elasticsearch-plu
|w,rhn_satellite_6/jackson-d |gin=new,rhn_satellite_6/jac
|atabind=affected,vertx-3/ja |kson-databind=affected,vert
|ckson-databind=new,rhsso-7/ |x-3/jackson-databind=new,rh
|jackson-databind=new,rhmap- |sso-7/jackson-databind=new,
|4/jackson-databind=new,bpms |rhmap-4/jackson-databind=ne
|-6/jackson-databind=new,swa |w,bpms-6/jackson-databind=n
|rm-7/jackson-databind=new,a |ew,swarm-7/jackson-databind
|mq-6/jackson-databind=new,a |=new,amq-6/jackson-databind
|mq-st/jackson-databind=new, |=new,amq-st/jackson-databin
|fedora-all/jackson-databind |d=new,fedora-all/jackson-da
|=affected,rhel-8/pki-deps:1 |tabind=affected,rhel-8/pki-
|0.6/jackson-databind=affect |deps:10.6/jackson-databind=
|ed,openstack-10/opendayligh |affected,openstack-10/opend
|t=new,openstack-13/opendayl |aylight=new,openstack-13/op
|ight=wontfix,openstack-14/o |endaylight=wontfix,openstac
|pendaylight=wontfix,opensta |k-14/opendaylight=wontfix,o
|ck-9/opendaylight=new |penstack-9/opendaylight=new
| |,openshift-enterprise-4.1/l
| |ogging-elasticsearch5-conta
| |iner=new
--
You are receiving this mail because:
You are on the CC list for the bug.
9:57 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Sam Fowler <sfowler(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2019 |impact=moderate,public=2019
|0514,reported=20190518,sour |0514,reported=20190518,sour
|ce=cve,cvss3=7.5/CVSS:3.0/A |ce=cve,cvss3=7.5/CVSS:3.0/A
|V:N/AC:L/PR:N/UI:N/S:U/C:H/ |V:N/AC:L/PR:N/UI:N/S:U/C:H/
|I:N/A:N,cwe=CWE-502->CWE-20 |I:N/A:N,cwe=CWE-502->CWE-20
|0,fuse-6/jackson-databind=n |0,fuse-6/jackson-databind=n
|ew,fuse-7/jackson-databind= |ew,fuse-7/jackson-databind=
|new,eap-7/jackson-databind= |new,eap-7/jackson-databind=
|affected,rhdm-7/jackson-dat |affected,rhdm-7/jackson-dat
|abind=new,rhpam-7/jackson-d |abind=new,rhpam-7/jackson-d
|atabind=new,rhscl-3/rh-mave |atabind=new,rhscl-3/rh-mave
|n35-jackson-databind=affect |n35-jackson-databind=affect
|ed,openshift-enterprise-3.1 |ed,openshift-enterprise-3.1
|1/logging-elasticsearch5-co |1/logging-elasticsearch5-co
|ntainer=new,openshift-enter |ntainer=new,openshift-enter
|prise-3.10/elasticsearch-cl |prise-3.10/elasticsearch-cl
|oud-kubernetes=new,openshif |oud-kubernetes=new,openshif
|t-enterprise-3.9/elasticsea |t-enterprise-3.9/elasticsea
|rch-cloud-kubernetes=new,op |rch-cloud-kubernetes=new,op
|enshift-enterprise-3.7/elas |enshift-enterprise-3.7/elas
|ticsearch-cloud-kubernetes= |ticsearch-cloud-kubernetes=
|new,openshift-enterprise-3. |new,openshift-enterprise-3.
|6/elasticsearch-cloud-kuber |6/elasticsearch-cloud-kuber
|netes=new,openshift-enterpr |netes=new,openshift-enterpr
|ise-3.10/openshift-elastics |ise-3.10/openshift-elastics
|earch-plugin=new,openshift- |earch-plugin=new,openshift-
|enterprise-3.9/openshift-el |enterprise-3.9/openshift-el
|asticsearch-plugin=new,open |asticsearch-plugin=new,open
|shift-enterprise-3.7/opensh |shift-enterprise-3.7/opensh
|ift-elasticsearch-plugin=ne |ift-elasticsearch-plugin=ne
|w,openshift-enterprise-3.6/ |w,openshift-enterprise-3.6/
|openshift-elasticsearch-plu |openshift-elasticsearch-plu
|gin=new,rhn_satellite_6/jac |gin=new,rhn_satellite_6/jac
|kson-databind=affected,vert |kson-databind=affected,vert
|x-3/jackson-databind=new,rh |x-3/jackson-databind=new,rh
|sso-7/jackson-databind=new, |sso-7/jackson-databind=new,
|rhmap-4/jackson-databind=ne |rhmap-4/jackson-databind=ne
|w,bpms-6/jackson-databind=n |w,bpms-6/jackson-databind=n
|ew,swarm-7/jackson-databind |ew,swarm-7/jackson-databind
|=new,amq-6/jackson-databind |=new,amq-6/jackson-databind
|=new,amq-st/jackson-databin |=new,amq-st/jackson-databin
|d=new,fedora-all/jackson-da |d=new,fedora-all/jackson-da
|tabind=affected,rhel-8/pki- |tabind=affected,rhel-8/pki-
|deps:10.6/jackson-databind= |deps:10.6/jackson-databind=
|affected,openstack-10/opend |affected,openstack-10/opend
|aylight=new,openstack-13/op |aylight=new,openstack-13/op
|endaylight=wontfix,openstac |endaylight=wontfix,openstac
|k-14/opendaylight=wontfix,o |k-14/opendaylight=wontfix,o
|penstack-9/opendaylight=new |penstack-9/opendaylight=new
|,openshift-enterprise-4.1/l |,openshift-enterprise-4.1/l
|ogging-elasticsearch5-conta |ogging-elasticsearch5-conta
|iner=new |iner=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
9:58 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Sam Fowler <sfowler(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1730588
--
You are receiving this mail because:
You are on the CC list for the bug.
10:25 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Sam Fowler <sfowler(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2019 |impact=moderate,public=2019
|0514,reported=20190518,sour |0514,reported=20190518,sour
|ce=cve,cvss3=7.5/CVSS:3.0/A |ce=cve,cvss3=7.5/CVSS:3.0/A
|V:N/AC:L/PR:N/UI:N/S:U/C:H/ |V:N/AC:L/PR:N/UI:N/S:U/C:H/
|I:N/A:N,cwe=CWE-502->CWE-20 |I:N/A:N,cwe=CWE-502->CWE-20
|0,fuse-6/jackson-databind=n |0,fuse-6/jackson-databind=n
|ew,fuse-7/jackson-databind= |ew,fuse-7/jackson-databind=
|new,eap-7/jackson-databind= |new,eap-7/jackson-databind=
|affected,rhdm-7/jackson-dat |affected,rhdm-7/jackson-dat
|abind=new,rhpam-7/jackson-d |abind=new,rhpam-7/jackson-d
|atabind=new,rhscl-3/rh-mave |atabind=new,rhscl-3/rh-mave
|n35-jackson-databind=affect |n35-jackson-databind=affect
|ed,openshift-enterprise-3.1 |ed,openshift-enterprise-3.1
|1/logging-elasticsearch5-co |1/logging-elasticsearch5-co
|ntainer=new,openshift-enter |ntainer=affected,openshift-
|prise-3.10/elasticsearch-cl |enterprise-3.10/elasticsear
|oud-kubernetes=new,openshif |ch-cloud-kubernetes=new,ope
|t-enterprise-3.9/elasticsea |nshift-enterprise-3.9/elast
|rch-cloud-kubernetes=new,op |icsearch-cloud-kubernetes=n
|enshift-enterprise-3.7/elas |ew,openshift-enterprise-3.7
|ticsearch-cloud-kubernetes= |/elasticsearch-cloud-kubern
|new,openshift-enterprise-3. |etes=new,openshift-enterpri
|6/elasticsearch-cloud-kuber |se-3.6/elasticsearch-cloud-
|netes=new,openshift-enterpr |kubernetes=new,openshift-en
|ise-3.10/openshift-elastics |terprise-3.10/openshift-ela
|earch-plugin=new,openshift- |sticsearch-plugin=new,opens
|enterprise-3.9/openshift-el |hift-enterprise-3.9/openshi
|asticsearch-plugin=new,open |ft-elasticsearch-plugin=new
|shift-enterprise-3.7/opensh |,openshift-enterprise-3.7/o
|ift-elasticsearch-plugin=ne |penshift-elasticsearch-plug
|w,openshift-enterprise-3.6/ |in=new,openshift-enterprise
|openshift-elasticsearch-plu |-3.6/openshift-elasticsearc
|gin=new,rhn_satellite_6/jac |h-plugin=new,rhn_satellite_
|kson-databind=affected,vert |6/jackson-databind=affected
|x-3/jackson-databind=new,rh |,vertx-3/jackson-databind=n
|sso-7/jackson-databind=new, |ew,rhsso-7/jackson-databind
|rhmap-4/jackson-databind=ne |=new,rhmap-4/jackson-databi
|w,bpms-6/jackson-databind=n |nd=new,bpms-6/jackson-datab
|ew,swarm-7/jackson-databind |ind=new,swarm-7/jackson-dat
|=new,amq-6/jackson-databind |abind=new,amq-6/jackson-dat
|=new,amq-st/jackson-databin |abind=new,amq-st/jackson-da
|d=new,fedora-all/jackson-da |tabind=new,fedora-all/jacks
|tabind=affected,rhel-8/pki- |on-databind=affected,rhel-8
|deps:10.6/jackson-databind= |/pki-deps:10.6/jackson-data
|affected,openstack-10/opend |bind=affected,openstack-10/
|aylight=new,openstack-13/op |opendaylight=new,openstack-
|endaylight=wontfix,openstac |13/opendaylight=wontfix,ope
|k-14/opendaylight=wontfix,o |nstack-14/opendaylight=wont
|penstack-9/opendaylight=new |fix,openstack-9/opendayligh
|,openshift-enterprise-4.1/l |t=new,openshift-enterprise-
|ogging-elasticsearch5-conta |4.1/logging-elasticsearch5-
|iner=affected |container=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
10:28 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Sam Fowler <sfowler(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1731780
--
You are receiving this mail because:
You are on the CC list for the bug.
midnight
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Sam Fowler <sfowler(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2019 |impact=moderate,public=2019
|0514,reported=20190518,sour |0514,reported=20190518,sour
|ce=cve,cvss3=7.5/CVSS:3.0/A |ce=cve,cvss3=7.5/CVSS:3.0/A
|V:N/AC:L/PR:N/UI:N/S:U/C:H/ |V:N/AC:L/PR:N/UI:N/S:U/C:H/
|I:N/A:N,cwe=CWE-502->CWE-20 |I:N/A:N,cwe=CWE-502->CWE-20
|0,fuse-6/jackson-databind=n |0,fuse-6/jackson-databind=n
|ew,fuse-7/jackson-databind= |ew,fuse-7/jackson-databind=
|new,eap-7/jackson-databind= |new,eap-7/jackson-databind=
|affected,rhdm-7/jackson-dat |affected,rhdm-7/jackson-dat
|abind=new,rhpam-7/jackson-d |abind=new,rhpam-7/jackson-d
|atabind=new,rhscl-3/rh-mave |atabind=new,rhscl-3/rh-mave
|n35-jackson-databind=affect |n35-jackson-databind=affect
|ed,openshift-enterprise-3.1 |ed,openshift-enterprise-3.1
|1/logging-elasticsearch5-co |1/logging-elasticsearch5-co
|ntainer=affected,openshift- |ntainer=affected,openshift-
|enterprise-3.10/elasticsear |enterprise-3.10/elasticsear
|ch-cloud-kubernetes=new,ope |ch-cloud-kubernetes=new,ope
|nshift-enterprise-3.9/elast |nshift-enterprise-3.9/elast
|icsearch-cloud-kubernetes=n |icsearch-cloud-kubernetes=n
|ew,openshift-enterprise-3.7 |ew,openshift-enterprise-3.7
|/elasticsearch-cloud-kubern |/elasticsearch-cloud-kubern
|etes=new,openshift-enterpri |etes=new,openshift-enterpri
|se-3.6/elasticsearch-cloud- |se-3.6/elasticsearch-cloud-
|kubernetes=new,openshift-en |kubernetes=new,openshift-en
|terprise-3.10/openshift-ela |terprise-3.10/openshift-ela
|sticsearch-plugin=new,opens |sticsearch-plugin=affected,
|hift-enterprise-3.9/openshi |openshift-enterprise-3.9/op
|ft-elasticsearch-plugin=new |enshift-elasticsearch-plugi
|,openshift-enterprise-3.7/o |n=new,openshift-enterprise-
|penshift-elasticsearch-plug |3.7/openshift-elasticsearch
|in=new,openshift-enterprise |-plugin=new,openshift-enter
|-3.6/openshift-elasticsearc |prise-3.6/openshift-elastic
|h-plugin=new,rhn_satellite_ |search-plugin=new,rhn_satel
|6/jackson-databind=affected |lite_6/jackson-databind=aff
|,vertx-3/jackson-databind=n |ected,vertx-3/jackson-datab
|ew,rhsso-7/jackson-databind |ind=new,rhsso-7/jackson-dat
|=new,rhmap-4/jackson-databi |abind=new,rhmap-4/jackson-d
|nd=new,bpms-6/jackson-datab |atabind=new,bpms-6/jackson-
|ind=new,swarm-7/jackson-dat |databind=new,swarm-7/jackso
|abind=new,amq-6/jackson-dat |n-databind=new,amq-6/jackso
|abind=new,amq-st/jackson-da |n-databind=new,amq-st/jacks
|tabind=new,fedora-all/jacks |on-databind=new,fedora-all/
|on-databind=affected,rhel-8 |jackson-databind=affected,r
|/pki-deps:10.6/jackson-data |hel-8/pki-deps:10.6/jackson
|bind=affected,openstack-10/ |-databind=affected,openstac
|opendaylight=new,openstack- |k-10/opendaylight=new,opens
|13/opendaylight=wontfix,ope |tack-13/opendaylight=wontfi
|nstack-14/opendaylight=wont |x,openstack-14/opendaylight
|fix,openstack-9/opendayligh |=wontfix,openstack-9/openda
|t=new,openshift-enterprise- |ylight=new,openshift-enterp
|4.1/logging-elasticsearch5- |rise-4.1/logging-elasticsea
|container=affected |rch5-container=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
12:03 a.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Sam Fowler <sfowler(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1731787
--
You are receiving this mail because:
You are on the CC list for the bug.
12:22 a.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Sam Fowler <sfowler(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2019 |impact=moderate,public=2019
|0514,reported=20190518,sour |0514,reported=20190518,sour
|ce=cve,cvss3=7.5/CVSS:3.0/A |ce=cve,cvss3=7.5/CVSS:3.0/A
|V:N/AC:L/PR:N/UI:N/S:U/C:H/ |V:N/AC:L/PR:N/UI:N/S:U/C:H/
|I:N/A:N,cwe=CWE-502->CWE-20 |I:N/A:N,cwe=CWE-502->CWE-20
|0,fuse-6/jackson-databind=n |0,fuse-6/jackson-databind=n
|ew,fuse-7/jackson-databind= |ew,fuse-7/jackson-databind=
|new,eap-7/jackson-databind= |new,eap-7/jackson-databind=
|affected,rhdm-7/jackson-dat |affected,rhdm-7/jackson-dat
|abind=new,rhpam-7/jackson-d |abind=new,rhpam-7/jackson-d
|atabind=new,rhscl-3/rh-mave |atabind=new,rhscl-3/rh-mave
|n35-jackson-databind=affect |n35-jackson-databind=affect
|ed,openshift-enterprise-3.1 |ed,openshift-enterprise-3.1
|1/logging-elasticsearch5-co |1/logging-elasticsearch5-co
|ntainer=affected,openshift- |ntainer=affected,openshift-
|enterprise-3.10/elasticsear |enterprise-3.10/elasticsear
|ch-cloud-kubernetes=new,ope |ch-cloud-kubernetes=new,ope
|nshift-enterprise-3.9/elast |nshift-enterprise-3.9/elast
|icsearch-cloud-kubernetes=n |icsearch-cloud-kubernetes=n
|ew,openshift-enterprise-3.7 |ew,openshift-enterprise-3.7
|/elasticsearch-cloud-kubern |/elasticsearch-cloud-kubern
|etes=new,openshift-enterpri |etes=new,openshift-enterpri
|se-3.6/elasticsearch-cloud- |se-3.6/elasticsearch-cloud-
|kubernetes=new,openshift-en |kubernetes=new,openshift-en
|terprise-3.10/openshift-ela |terprise-3.10/openshift-ela
|sticsearch-plugin=affected, |sticsearch-plugin=affected,
|openshift-enterprise-3.9/op |openshift-enterprise-3.9/op
|enshift-elasticsearch-plugi |enshift-elasticsearch-plugi
|n=new,openshift-enterprise- |n=affected,openshift-enterp
|3.7/openshift-elasticsearch |rise-3.7/openshift-elastics
|-plugin=new,openshift-enter |earch-plugin=new,openshift-
|prise-3.6/openshift-elastic |enterprise-3.6/openshift-el
|search-plugin=new,rhn_satel |asticsearch-plugin=new,rhn_
|lite_6/jackson-databind=aff |satellite_6/jackson-databin
|ected,vertx-3/jackson-datab |d=affected,vertx-3/jackson-
|ind=new,rhsso-7/jackson-dat |databind=new,rhsso-7/jackso
|abind=new,rhmap-4/jackson-d |n-databind=new,rhmap-4/jack
|atabind=new,bpms-6/jackson- |son-databind=new,bpms-6/jac
|databind=new,swarm-7/jackso |kson-databind=new,swarm-7/j
|n-databind=new,amq-6/jackso |ackson-databind=new,amq-6/j
|n-databind=new,amq-st/jacks |ackson-databind=new,amq-st/
|on-databind=new,fedora-all/ |jackson-databind=new,fedora
|jackson-databind=affected,r |-all/jackson-databind=affec
|hel-8/pki-deps:10.6/jackson |ted,rhel-8/pki-deps:10.6/ja
|-databind=affected,openstac |ckson-databind=affected,ope
|k-10/opendaylight=new,opens |nstack-10/opendaylight=new,
|tack-13/opendaylight=wontfi |openstack-13/opendaylight=w
|x,openstack-14/opendaylight |ontfix,openstack-14/openday
|=wontfix,openstack-9/openda |light=wontfix,openstack-9/o
|ylight=new,openshift-enterp |pendaylight=new,openshift-e
|rise-4.1/logging-elasticsea |nterprise-4.1/logging-elast
|rch5-container=affected |icsearch5-container=affecte
| |d
--
You are receiving this mail because:
You are on the CC list for the bug.
12:26 a.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Sam Fowler <sfowler(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1731789
--
You are receiving this mail because:
You are on the CC list for the bug.
12:36 a.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Sam Fowler <sfowler(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2019 |impact=moderate,public=2019
|0514,reported=20190518,sour |0514,reported=20190518,sour
|ce=cve,cvss3=7.5/CVSS:3.0/A |ce=cve,cvss3=7.5/CVSS:3.0/A
|V:N/AC:L/PR:N/UI:N/S:U/C:H/ |V:N/AC:L/PR:N/UI:N/S:U/C:H/
|I:N/A:N,cwe=CWE-502->CWE-20 |I:N/A:N,cwe=CWE-502->CWE-20
|0,fuse-6/jackson-databind=n |0,fuse-6/jackson-databind=n
|ew,fuse-7/jackson-databind= |ew,fuse-7/jackson-databind=
|new,eap-7/jackson-databind= |new,eap-7/jackson-databind=
|affected,rhdm-7/jackson-dat |affected,rhdm-7/jackson-dat
|abind=new,rhpam-7/jackson-d |abind=new,rhpam-7/jackson-d
|atabind=new,rhscl-3/rh-mave |atabind=new,rhscl-3/rh-mave
|n35-jackson-databind=affect |n35-jackson-databind=affect
|ed,openshift-enterprise-3.1 |ed,openshift-enterprise-3.1
|1/logging-elasticsearch5-co |1/logging-elasticsearch5-co
|ntainer=affected,openshift- |ntainer=affected,openshift-
|enterprise-3.10/elasticsear |enterprise-3.10/elasticsear
|ch-cloud-kubernetes=new,ope |ch-cloud-kubernetes=new,ope
|nshift-enterprise-3.9/elast |nshift-enterprise-3.9/elast
|icsearch-cloud-kubernetes=n |icsearch-cloud-kubernetes=n
|ew,openshift-enterprise-3.7 |ew,openshift-enterprise-3.7
|/elasticsearch-cloud-kubern |/elasticsearch-cloud-kubern
|etes=new,openshift-enterpri |etes=new,openshift-enterpri
|se-3.6/elasticsearch-cloud- |se-3.6/elasticsearch-cloud-
|kubernetes=new,openshift-en |kubernetes=new,openshift-en
|terprise-3.10/openshift-ela |terprise-3.10/openshift-ela
|sticsearch-plugin=affected, |sticsearch-plugin=affected,
|openshift-enterprise-3.9/op |openshift-enterprise-3.9/op
|enshift-elasticsearch-plugi |enshift-elasticsearch-plugi
|n=affected,openshift-enterp |n=affected,openshift-enterp
|rise-3.7/openshift-elastics |rise-3.7/openshift-elastics
|earch-plugin=new,openshift- |earch-plugin=affected,opens
|enterprise-3.6/openshift-el |hift-enterprise-3.6/openshi
|asticsearch-plugin=new,rhn_ |ft-elasticsearch-plugin=new
|satellite_6/jackson-databin |,rhn_satellite_6/jackson-da
|d=affected,vertx-3/jackson- |tabind=affected,vertx-3/jac
|databind=new,rhsso-7/jackso |kson-databind=new,rhsso-7/j
|n-databind=new,rhmap-4/jack |ackson-databind=new,rhmap-4
|son-databind=new,bpms-6/jac |/jackson-databind=new,bpms-
|kson-databind=new,swarm-7/j |6/jackson-databind=new,swar
|ackson-databind=new,amq-6/j |m-7/jackson-databind=new,am
|ackson-databind=new,amq-st/ |q-6/jackson-databind=new,am
|jackson-databind=new,fedora |q-st/jackson-databind=new,f
|-all/jackson-databind=affec |edora-all/jackson-databind=
|ted,rhel-8/pki-deps:10.6/ja |affected,rhel-8/pki-deps:10
|ckson-databind=affected,ope |.6/jackson-databind=affecte
|nstack-10/opendaylight=new, |d,openstack-10/opendaylight
|openstack-13/opendaylight=w |=new,openstack-13/opendayli
|ontfix,openstack-14/openday |ght=wontfix,openstack-14/op
|light=wontfix,openstack-9/o |endaylight=wontfix,openstac
|pendaylight=new,openshift-e |k-9/opendaylight=new,opensh
|nterprise-4.1/logging-elast |ift-enterprise-4.1/logging-
|icsearch5-container=affecte |elasticsearch5-container=af
|d |fected
--
You are receiving this mail because:
You are on the CC list for the bug.
12:40 a.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Sam Fowler <sfowler(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1731790
--
You are receiving this mail because:
You are on the CC list for the bug.
12:44 a.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Sam Fowler <sfowler(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2019 |impact=moderate,public=2019
|0514,reported=20190518,sour |0514,reported=20190518,sour
|ce=cve,cvss3=7.5/CVSS:3.0/A |ce=cve,cvss3=7.5/CVSS:3.0/A
|V:N/AC:L/PR:N/UI:N/S:U/C:H/ |V:N/AC:L/PR:N/UI:N/S:U/C:H/
|I:N/A:N,cwe=CWE-502->CWE-20 |I:N/A:N,cwe=CWE-502->CWE-20
|0,fuse-6/jackson-databind=n |0,fuse-6/jackson-databind=n
|ew,fuse-7/jackson-databind= |ew,fuse-7/jackson-databind=
|new,eap-7/jackson-databind= |new,eap-7/jackson-databind=
|affected,rhdm-7/jackson-dat |affected,rhdm-7/jackson-dat
|abind=new,rhpam-7/jackson-d |abind=new,rhpam-7/jackson-d
|atabind=new,rhscl-3/rh-mave |atabind=new,rhscl-3/rh-mave
|n35-jackson-databind=affect |n35-jackson-databind=affect
|ed,openshift-enterprise-3.1 |ed,openshift-enterprise-3.1
|1/logging-elasticsearch5-co |1/logging-elasticsearch5-co
|ntainer=affected,openshift- |ntainer=affected,openshift-
|enterprise-3.10/elasticsear |enterprise-3.10/elasticsear
|ch-cloud-kubernetes=new,ope |ch-cloud-kubernetes=new,ope
|nshift-enterprise-3.9/elast |nshift-enterprise-3.9/elast
|icsearch-cloud-kubernetes=n |icsearch-cloud-kubernetes=n
|ew,openshift-enterprise-3.7 |ew,openshift-enterprise-3.7
|/elasticsearch-cloud-kubern |/elasticsearch-cloud-kubern
|etes=new,openshift-enterpri |etes=new,openshift-enterpri
|se-3.6/elasticsearch-cloud- |se-3.6/elasticsearch-cloud-
|kubernetes=new,openshift-en |kubernetes=new,openshift-en
|terprise-3.10/openshift-ela |terprise-3.10/openshift-ela
|sticsearch-plugin=affected, |sticsearch-plugin=affected,
|openshift-enterprise-3.9/op |openshift-enterprise-3.9/op
|enshift-elasticsearch-plugi |enshift-elasticsearch-plugi
|n=affected,openshift-enterp |n=affected,openshift-enterp
|rise-3.7/openshift-elastics |rise-3.7/openshift-elastics
|earch-plugin=affected,opens |earch-plugin=affected,opens
|hift-enterprise-3.6/openshi |hift-enterprise-3.6/openshi
|ft-elasticsearch-plugin=new |ft-elasticsearch-plugin=aff
|,rhn_satellite_6/jackson-da |ected,rhn_satellite_6/jacks
|tabind=affected,vertx-3/jac |on-databind=affected,vertx-
|kson-databind=new,rhsso-7/j |3/jackson-databind=new,rhss
|ackson-databind=new,rhmap-4 |o-7/jackson-databind=new,rh
|/jackson-databind=new,bpms- |map-4/jackson-databind=new,
|6/jackson-databind=new,swar |bpms-6/jackson-databind=new
|m-7/jackson-databind=new,am |,swarm-7/jackson-databind=n
|q-6/jackson-databind=new,am |ew,amq-6/jackson-databind=n
|q-st/jackson-databind=new,f |ew,amq-st/jackson-databind=
|edora-all/jackson-databind= |new,fedora-all/jackson-data
|affected,rhel-8/pki-deps:10 |bind=affected,rhel-8/pki-de
|.6/jackson-databind=affecte |ps:10.6/jackson-databind=af
|d,openstack-10/opendaylight |fected,openstack-10/openday
|=new,openstack-13/opendayli |light=new,openstack-13/open
|ght=wontfix,openstack-14/op |daylight=wontfix,openstack-
|endaylight=wontfix,openstac |14/opendaylight=wontfix,ope
|k-9/opendaylight=new,opensh |nstack-9/opendaylight=new,o
|ift-enterprise-4.1/logging- |penshift-enterprise-4.1/log
|elasticsearch5-container=af |ging-elasticsearch5-contain
|fected |er=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
12:49 a.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Sam Fowler <sfowler(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1731792
--
You are receiving this mail because:
You are on the CC list for the bug.
11:06 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Sam Fowler <sfowler(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2019 |impact=moderate,public=2019
|0514,reported=20190518,sour |0514,reported=20190518,sour
|ce=cve,cvss3=7.5/CVSS:3.0/A |ce=cve,cvss3=7.5/CVSS:3.0/A
|V:N/AC:L/PR:N/UI:N/S:U/C:H/ |V:N/AC:L/PR:N/UI:N/S:U/C:H/
|I:N/A:N,cwe=CWE-502->CWE-20 |I:N/A:N,cwe=CWE-502->CWE-20
|0,fuse-6/jackson-databind=n |0,fuse-6/jackson-databind=n
|ew,fuse-7/jackson-databind= |ew,fuse-7/jackson-databind=
|new,eap-7/jackson-databind= |new,eap-7/jackson-databind=
|affected,rhdm-7/jackson-dat |affected,rhdm-7/jackson-dat
|abind=new,rhpam-7/jackson-d |abind=new,rhpam-7/jackson-d
|atabind=new,rhscl-3/rh-mave |atabind=new,rhscl-3/rh-mave
|n35-jackson-databind=affect |n35-jackson-databind=affect
|ed,openshift-enterprise-3.1 |ed,openshift-enterprise-3.1
|1/logging-elasticsearch5-co |1/logging-elasticsearch5-co
|ntainer=affected,openshift- |ntainer=affected,openshift-
|enterprise-3.10/elasticsear |enterprise-3.10/elasticsear
|ch-cloud-kubernetes=new,ope |ch-cloud-kubernetes=new,ope
|nshift-enterprise-3.9/elast |nshift-enterprise-3.9/elast
|icsearch-cloud-kubernetes=n |icsearch-cloud-kubernetes=n
|ew,openshift-enterprise-3.7 |ew,openshift-enterprise-3.7
|/elasticsearch-cloud-kubern |/elasticsearch-cloud-kubern
|etes=new,openshift-enterpri |etes=new,openshift-enterpri
|se-3.6/elasticsearch-cloud- |se-3.6/elasticsearch-cloud-
|kubernetes=new,openshift-en |kubernetes=new,openshift-en
|terprise-3.10/openshift-ela |terprise-3.10/openshift-ela
|sticsearch-plugin=affected, |sticsearch-plugin=affected,
|openshift-enterprise-3.9/op |openshift-enterprise-3.9/op
|enshift-elasticsearch-plugi |enshift-elasticsearch-plugi
|n=affected,openshift-enterp |n=affected,openshift-enterp
|rise-3.7/openshift-elastics |rise-3.7/openshift-elastics
|earch-plugin=affected,opens |earch-plugin=wontfix,opensh
|hift-enterprise-3.6/openshi |ift-enterprise-3.6/openshif
|ft-elasticsearch-plugin=aff |t-elasticsearch-plugin=wont
|ected,rhn_satellite_6/jacks |fix,rhn_satellite_6/jackson
|on-databind=affected,vertx- |-databind=affected,vertx-3/
|3/jackson-databind=new,rhss |jackson-databind=new,rhsso-
|o-7/jackson-databind=new,rh |7/jackson-databind=new,rhma
|map-4/jackson-databind=new, |p-4/jackson-databind=new,bp
|bpms-6/jackson-databind=new |ms-6/jackson-databind=new,s
|,swarm-7/jackson-databind=n |warm-7/jackson-databind=new
|ew,amq-6/jackson-databind=n |,amq-6/jackson-databind=new
|ew,amq-st/jackson-databind= |,amq-st/jackson-databind=ne
|new,fedora-all/jackson-data |w,fedora-all/jackson-databi
|bind=affected,rhel-8/pki-de |nd=affected,rhel-8/pki-deps
|ps:10.6/jackson-databind=af |:10.6/jackson-databind=affe
|fected,openstack-10/openday |cted,openstack-10/opendayli
|light=new,openstack-13/open |ght=new,openstack-13/openda
|daylight=wontfix,openstack- |ylight=wontfix,openstack-14
|14/opendaylight=wontfix,ope |/opendaylight=wontfix,opens
|nstack-9/opendaylight=new,o |tack-9/opendaylight=new,ope
|penshift-enterprise-4.1/log |nshift-enterprise-4.1/loggi
|ging-elasticsearch5-contain |ng-elasticsearch5-container
|er=affected |=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
1:21 a.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Sam Fowler <sfowler(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2019 |impact=moderate,public=2019
|0514,reported=20190518,sour |0514,reported=20190518,sour
|ce=cve,cvss3=7.5/CVSS:3.0/A |ce=cve,cvss3=7.5/CVSS:3.0/A
|V:N/AC:L/PR:N/UI:N/S:U/C:H/ |V:N/AC:L/PR:N/UI:N/S:U/C:H/
|I:N/A:N,cwe=CWE-502->CWE-20 |I:N/A:N,cwe=CWE-502->CWE-20
|0,fuse-6/jackson-databind=n |0,fuse-6/jackson-databind=n
|ew,fuse-7/jackson-databind= |ew,fuse-7/jackson-databind=
|new,eap-7/jackson-databind= |new,eap-7/jackson-databind=
|affected,rhdm-7/jackson-dat |affected,rhdm-7/jackson-dat
|abind=new,rhpam-7/jackson-d |abind=new,rhpam-7/jackson-d
|atabind=new,rhscl-3/rh-mave |atabind=new,rhscl-3/rh-mave
|n35-jackson-databind=affect |n35-jackson-databind=affect
|ed,openshift-enterprise-3.1 |ed,openshift-enterprise-3.1
|1/logging-elasticsearch5-co |1/logging-elasticsearch5-co
|ntainer=affected,openshift- |ntainer=affected,openshift-
|enterprise-3.10/elasticsear |enterprise-3.10/elasticsear
|ch-cloud-kubernetes=new,ope |ch-cloud-kubernetes=new,ope
|nshift-enterprise-3.9/elast |nshift-enterprise-3.9/elast
|icsearch-cloud-kubernetes=n |icsearch-cloud-kubernetes=a
|ew,openshift-enterprise-3.7 |ffected,openshift-enterpris
|/elasticsearch-cloud-kubern |e-3.7/elasticsearch-cloud-k
|etes=new,openshift-enterpri |ubernetes=new,openshift-ent
|se-3.6/elasticsearch-cloud- |erprise-3.6/elasticsearch-c
|kubernetes=new,openshift-en |loud-kubernetes=new,openshi
|terprise-3.10/openshift-ela |ft-enterprise-3.10/openshif
|sticsearch-plugin=affected, |t-elasticsearch-plugin=affe
|openshift-enterprise-3.9/op |cted,openshift-enterprise-3
|enshift-elasticsearch-plugi |.9/openshift-elasticsearch-
|n=affected,openshift-enterp |plugin=affected,openshift-e
|rise-3.7/openshift-elastics |nterprise-3.7/openshift-ela
|earch-plugin=wontfix,opensh |sticsearch-plugin=wontfix,o
|ift-enterprise-3.6/openshif |penshift-enterprise-3.6/ope
|t-elasticsearch-plugin=wont |nshift-elasticsearch-plugin
|fix,rhn_satellite_6/jackson |=wontfix,rhn_satellite_6/ja
|-databind=affected,vertx-3/ |ckson-databind=affected,ver
|jackson-databind=new,rhsso- |tx-3/jackson-databind=new,r
|7/jackson-databind=new,rhma |hsso-7/jackson-databind=new
|p-4/jackson-databind=new,bp |,rhmap-4/jackson-databind=n
|ms-6/jackson-databind=new,s |ew,bpms-6/jackson-databind=
|warm-7/jackson-databind=new |new,swarm-7/jackson-databin
|,amq-6/jackson-databind=new |d=new,amq-6/jackson-databin
|,amq-st/jackson-databind=ne |d=new,amq-st/jackson-databi
|w,fedora-all/jackson-databi |nd=new,fedora-all/jackson-d
|nd=affected,rhel-8/pki-deps |atabind=affected,rhel-8/pki
|:10.6/jackson-databind=affe |-deps:10.6/jackson-databind
|cted,openstack-10/opendayli |=affected,openstack-10/open
|ght=new,openstack-13/openda |daylight=new,openstack-13/o
|ylight=wontfix,openstack-14 |pendaylight=wontfix,opensta
|/opendaylight=wontfix,opens |ck-14/opendaylight=wontfix,
|tack-9/opendaylight=new,ope |openstack-9/opendaylight=ne
|nshift-enterprise-4.1/loggi |w,openshift-enterprise-4.1/
|ng-elasticsearch5-container |logging-elasticsearch5-cont
|=affected |ainer=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
1:26 a.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Sam Fowler <sfowler(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2019 |impact=moderate,public=2019
|0514,reported=20190518,sour |0514,reported=20190518,sour
|ce=cve,cvss3=7.5/CVSS:3.0/A |ce=cve,cvss3=7.5/CVSS:3.0/A
|V:N/AC:L/PR:N/UI:N/S:U/C:H/ |V:N/AC:L/PR:N/UI:N/S:U/C:H/
|I:N/A:N,cwe=CWE-502->CWE-20 |I:N/A:N,cwe=CWE-502->CWE-20
|0,fuse-6/jackson-databind=n |0,fuse-6/jackson-databind=n
|ew,fuse-7/jackson-databind= |ew,fuse-7/jackson-databind=
|new,eap-7/jackson-databind= |new,eap-7/jackson-databind=
|affected,rhdm-7/jackson-dat |affected,rhdm-7/jackson-dat
|abind=new,rhpam-7/jackson-d |abind=new,rhpam-7/jackson-d
|atabind=new,rhscl-3/rh-mave |atabind=new,rhscl-3/rh-mave
|n35-jackson-databind=affect |n35-jackson-databind=affect
|ed,openshift-enterprise-3.1 |ed,openshift-enterprise-3.1
|1/logging-elasticsearch5-co |1/logging-elasticsearch5-co
|ntainer=affected,openshift- |ntainer=affected,openshift-
|enterprise-3.10/elasticsear |enterprise-3.10/elasticsear
|ch-cloud-kubernetes=new,ope |ch-cloud-kubernetes=affecte
|nshift-enterprise-3.9/elast |d,openshift-enterprise-3.9/
|icsearch-cloud-kubernetes=a |elasticsearch-cloud-kuberne
|ffected,openshift-enterpris |tes=affected,openshift-ente
|e-3.7/elasticsearch-cloud-k |rprise-3.7/elasticsearch-cl
|ubernetes=new,openshift-ent |oud-kubernetes=new,openshif
|erprise-3.6/elasticsearch-c |t-enterprise-3.6/elasticsea
|loud-kubernetes=new,openshi |rch-cloud-kubernetes=new,op
|ft-enterprise-3.10/openshif |enshift-enterprise-3.10/ope
|t-elasticsearch-plugin=affe |nshift-elasticsearch-plugin
|cted,openshift-enterprise-3 |=affected,openshift-enterpr
|.9/openshift-elasticsearch- |ise-3.9/openshift-elasticse
|plugin=affected,openshift-e |arch-plugin=affected,opensh
|nterprise-3.7/openshift-ela |ift-enterprise-3.7/openshif
|sticsearch-plugin=wontfix,o |t-elasticsearch-plugin=wont
|penshift-enterprise-3.6/ope |fix,openshift-enterprise-3.
|nshift-elasticsearch-plugin |6/openshift-elasticsearch-p
|=wontfix,rhn_satellite_6/ja |lugin=wontfix,rhn_satellite
|ckson-databind=affected,ver |_6/jackson-databind=affecte
|tx-3/jackson-databind=new,r |d,vertx-3/jackson-databind=
|hsso-7/jackson-databind=new |new,rhsso-7/jackson-databin
|,rhmap-4/jackson-databind=n |d=new,rhmap-4/jackson-datab
|ew,bpms-6/jackson-databind= |ind=new,bpms-6/jackson-data
|new,swarm-7/jackson-databin |bind=new,swarm-7/jackson-da
|d=new,amq-6/jackson-databin |tabind=new,amq-6/jackson-da
|d=new,amq-st/jackson-databi |tabind=new,amq-st/jackson-d
|nd=new,fedora-all/jackson-d |atabind=new,fedora-all/jack
|atabind=affected,rhel-8/pki |son-databind=affected,rhel-
|-deps:10.6/jackson-databind |8/pki-deps:10.6/jackson-dat
|=affected,openstack-10/open |abind=affected,openstack-10
|daylight=new,openstack-13/o |/opendaylight=new,openstack
|pendaylight=wontfix,opensta |-13/opendaylight=wontfix,op
|ck-14/opendaylight=wontfix, |enstack-14/opendaylight=won
|openstack-9/opendaylight=ne |tfix,openstack-9/opendaylig
|w,openshift-enterprise-4.1/ |ht=new,openshift-enterprise
|logging-elasticsearch5-cont |-4.1/logging-elasticsearch5
|ainer=affected |-container=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
1:29 a.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Sam Fowler <sfowler(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1732286
--
You are receiving this mail because:
You are on the CC list for the bug.
1:33 a.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Sam Fowler <sfowler(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1732291
--
You are receiving this mail because:
You are on the CC list for the bug.
10:51 a.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Jeff Cantrill <jcantril(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Depends On| |1732539
--
You are receiving this mail because:
You are on the CC list for the bug.
7:35 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Sam Fowler <sfowler(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2019 |impact=moderate,public=2019
|0514,reported=20190518,sour |0514,reported=20190518,sour
|ce=cve,cvss3=7.5/CVSS:3.0/A |ce=cve,cvss3=7.5/CVSS:3.0/A
|V:N/AC:L/PR:N/UI:N/S:U/C:H/ |V:N/AC:L/PR:N/UI:N/S:U/C:H/
|I:N/A:N,cwe=CWE-502->CWE-20 |I:N/A:N,cwe=CWE-502->CWE-20
|0,fuse-6/jackson-databind=n |0,fuse-6/jackson-databind=n
|ew,fuse-7/jackson-databind= |ew,fuse-7/jackson-databind=
|new,eap-7/jackson-databind= |new,eap-7/jackson-databind=
|affected,rhdm-7/jackson-dat |affected,rhdm-7/jackson-dat
|abind=new,rhpam-7/jackson-d |abind=new,rhpam-7/jackson-d
|atabind=new,rhscl-3/rh-mave |atabind=new,rhscl-3/rh-mave
|n35-jackson-databind=affect |n35-jackson-databind=affect
|ed,openshift-enterprise-3.1 |ed,openshift-enterprise-3.1
|1/logging-elasticsearch5-co |1/logging-elasticsearch5-co
|ntainer=affected,openshift- |ntainer=affected,openshift-
|enterprise-3.10/elasticsear |enterprise-3.10/elasticsear
|ch-cloud-kubernetes=affecte |ch-cloud-kubernetes=affecte
|d,openshift-enterprise-3.9/ |d,openshift-enterprise-3.9/
|elasticsearch-cloud-kuberne |elasticsearch-cloud-kuberne
|tes=affected,openshift-ente |tes=affected,openshift-ente
|rprise-3.7/elasticsearch-cl |rprise-3.7/elasticsearch-cl
|oud-kubernetes=new,openshif |oud-kubernetes=new,openshif
|t-enterprise-3.6/elasticsea |t-enterprise-3.6/elasticsea
|rch-cloud-kubernetes=new,op |rch-cloud-kubernetes=new,op
|enshift-enterprise-3.10/ope |enshift-enterprise-3.10/ope
|nshift-elasticsearch-plugin |nshift-elasticsearch-plugin
|=affected,openshift-enterpr |=affected,openshift-enterpr
|ise-3.9/openshift-elasticse |ise-3.9/openshift-elasticse
|arch-plugin=affected,opensh |arch-plugin=affected,opensh
|ift-enterprise-3.7/openshif |ift-enterprise-3.7/openshif
|t-elasticsearch-plugin=wont |t-elasticsearch-plugin=wont
|fix,openshift-enterprise-3. |fix,openshift-enterprise-3.
|6/openshift-elasticsearch-p |6/openshift-elasticsearch-p
|lugin=wontfix,rhn_satellite |lugin=wontfix,rhn_satellite
|_6/jackson-databind=affecte |_6/jackson-databind=affecte
|d,vertx-3/jackson-databind= |d,vertx-3/jackson-databind=
|new,rhsso-7/jackson-databin |new,rhsso-7/jackson-databin
|d=new,rhmap-4/jackson-datab |d=new,rhmap-4/jackson-datab
|ind=new,bpms-6/jackson-data |ind=new,bpms-6/jackson-data
|bind=new,swarm-7/jackson-da |bind=new,swarm-7/jackson-da
|tabind=new,amq-6/jackson-da |tabind=new,amq-6/jackson-da
|tabind=new,amq-st/jackson-d |tabind=new,amq-st/jackson-d
|atabind=new,fedora-all/jack |atabind=new,fedora-all/jack
|son-databind=affected,rhel- |son-databind=affected,rhel-
|8/pki-deps:10.6/jackson-dat |8/pki-deps:10.6/jackson-dat
|abind=affected,openstack-10 |abind=affected,openstack-10
|/opendaylight=new,openstack |/opendaylight=new,openstack
|-13/opendaylight=wontfix,op |-13/opendaylight=wontfix,op
|enstack-14/opendaylight=won |enstack-14/opendaylight=won
|tfix,openstack-9/opendaylig |tfix,openstack-9/opendaylig
|ht=new,openshift-enterprise |ht=new,openshift-enterprise
|-4.1/logging-elasticsearch5 |-4.1/logging-elasticsearch5
|-container=affected |-container=affected,openshi
| |ft-4.2/logging-elasticsearc
| |h5-container=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
12:47 a.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
--- Comment #15 from Jason Shepherd <jshepherd(a)redhat.com> ---
This vulnerability is out of security support scope for the following product:
* Red Hat Mobile Application Platform
Please refer to https://access.redhat.com/support/policy/updates/rhmap for
more details
--
You are receiving this mail because:
You are on the CC list for the bug.
9:26 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
--- Comment #16 from Joshua Padman <jpadman(a)redhat.com> ---
This vulnerability is out of security support scope for the following products:
* Red Hat JBoss Fuse 6
* Red Hat JBoss BPM Suite 6
* Red Hat JBoss A-MQ 6
Please refer to https://access.redhat.com/support/policy/updates/jboss_notes
for more details.
--
You are receiving this mail because:
You are on the CC list for the bug.
7:04 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Bug 1713468 depends on bug 1713469, which changed state.
Bug 1713469 Summary: CVE-2019-12086 jackson-databind: polymorphic typing issue allows
attacker to read arbitrary local files on the server. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1713469
What |Removed |Added
----------------------------------------------------------------------------
Status|ON_QA |CLOSED
Resolution|--- |ERRATA
--
You are receiving this mail because:
You are on the CC list for the bug.
7:14 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
--- Comment #20 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat OpenShift Container Platform 4.1
Via RHSA-2019:2858 https://access.redhat.com/errata/RHSA-2019:2858
--
You are receiving this mail because:
You are on the CC list for the bug.
7:14 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2019:2858
--
You are receiving this mail because:
You are on the CC list for the bug.
7:45 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
Product Security DevOps Team <prodsec-dev(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution|--- |ERRATA
Last Closed| |2019-09-27 00:45:35
--- Comment #21 from Product Security DevOps Team <prodsec-dev(a)redhat.com> ---
This bug is now closed. Further updates for individual products will be
reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2019-12086
--
You are receiving this mail because:
You are on the CC list for the bug.
5:51 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
--- Comment #22 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8
Via RHSA-2019:2937 https://access.redhat.com/errata/RHSA-2019:2937
--
You are receiving this mail because:
You are on the CC list for the bug.
5:51 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2019:2937
--
You are receiving this mail because:
You are on the CC list for the bug.
5:53 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
--- Comment #23 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6
Via RHSA-2019:2935 https://access.redhat.com/errata/RHSA-2019:2935
--
You are receiving this mail because:
You are on the CC list for the bug.
5:53 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2019:2935
--
You are receiving this mail because:
You are on the CC list for the bug.
5:55 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
--- Comment #24 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7
Via RHSA-2019:2936 https://access.redhat.com/errata/RHSA-2019:2936
--
You are receiving this mail because:
You are on the CC list for the bug.
5:55 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2019:2936
--
You are receiving this mail because:
You are on the CC list for the bug.
5:58 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
--- Comment #25 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform
Via RHSA-2019:2938 https://access.redhat.com/errata/RHSA-2019:2938
--
You are receiving this mail because:
You are on the CC list for the bug.
5:58 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2019:2938
--
You are receiving this mail because:
You are on the CC list for the bug.
4:54 a.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
--- Comment #27 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat Openshift Application Runtimes
Via RHSA-2019:2998 https://access.redhat.com/errata/RHSA-2019:2998
--
You are receiving this mail because:
You are on the CC list for the bug.
4:54 a.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2019:2998
--
You are receiving this mail because:
You are on the CC list for the bug.
1:28 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
--- Comment #28 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat Single Sign-On 7.3 for RHEL 6
Via RHSA-2019:3044 https://access.redhat.com/errata/RHSA-2019:3044
--
You are receiving this mail because:
You are on the CC list for the bug.
1:28 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2019:3044
--
You are receiving this mail because:
You are on the CC list for the bug.
1:28 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
--- Comment #29 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat Single Sign-On 7.3 for RHEL 7
Via RHSA-2019:3045 https://access.redhat.com/errata/RHSA-2019:3045
--
You are receiving this mail because:
You are on the CC list for the bug.
1:29 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2019:3045
--
You are receiving this mail because:
You are on the CC list for the bug.
1:29 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
--- Comment #30 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat Single Sign-On 7.3 for RHEL 8
Via RHSA-2019:3046 https://access.redhat.com/errata/RHSA-2019:3046
--
You are receiving this mail because:
You are on the CC list for the bug.
1:29 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2019:3046
--
You are receiving this mail because:
You are on the CC list for the bug.
1:59 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
--- Comment #31 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat Single Sign-On 7.3.4 zip
Via RHSA-2019:3050 https://access.redhat.com/errata/RHSA-2019:3050
--
You are receiving this mail because:
You are on the CC list for the bug.
1:59 p.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2019:3050
--
You are receiving this mail because:
You are on the CC list for the bug.
5 a.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
--- Comment #33 from Paramvir jindal <pjindal(a)redhat.com> ---
Marking RHDM and RHPAM as not affected as it ships
jackson-databind-2.9.9.3-redhat-00002.jar which is already fixed.
--
You are receiving this mail because:
You are on the CC list for the bug.
8:26 a.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
--- Doc Text *updated* by Jonathan Christison <jochrist(a)redhat.com> ---
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic
deserialization of malicious objects using the mysql gadget when used in conjunction with
polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is
using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue
might instantiate objects from unsafe sources. An attacker could use this flaw to read
arbitrary local files
--
You are receiving this mail because:
You are on the CC list for the bug.
8:26 a.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
--- Comment #38 from Jonathan Christison <jochrist(a)redhat.com> ---
Mitigation:
The following conditions are needed for an exploit, we recommend avoiding all
if possible
* Deserialization from sources you do not control
* `enableDefaultTyping()`
* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`
--
You are receiving this mail because:
You are on the CC list for the bug.
11:17 a.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
--- Comment #39 from Cedric Buissart 🐶 <cbuissar(a)redhat.com> ---
Statement:
Red Hat Satellite 6 does not enable polymorphic unmarshmalling, which is a
required configuration for the vulnerability to be used. We may update the
jackson-databind dependency in a future release.
--
You are receiving this mail because:
You are on the CC list for the bug.
8:22 a.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
--- Comment #40 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat Satellite 6.7 for RHEL 7
Via RHSA-2020:1454 https://access.redhat.com/errata/RHSA-2020:1454
--
You are receiving this mail because:
You are on the CC list for the bug.
8:22 a.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2020:1454
--
You are receiving this mail because:
You are on the CC list for the bug.
10:54 a.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
--- Comment #41 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> ---
This issue has been addressed in the following products:
Red Hat Fuse 7.7.0
Via RHSA-2020:3192 https://access.redhat.com/errata/RHSA-2020:3192
--
You are receiving this mail because:
You are on the CC list for the bug.
10:54 a.m.
New subject: [Bug 1713468] CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
https://bugzilla.redhat.com/show_bug.cgi?id=1713468
errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Link ID| |Red Hat Product Errata
| |RHSA-2020:3192
--
You are receiving this mail because:
You are on the CC list for the bug.
1361
days inactive
1793
days old
java-sig-commits@lists.fedoraproject.org
62 comments
1 participants
participants (1)
-
bugzilla@redhat.com