What is CVE-2019-12384?

CVE-2019-12384 is a vulnerability in N/a. Published 2019-06-24.

Is CVE-2019-12384 known to be exploited?

49 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-12384

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execut…

EPSS: 0.513 (97.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update (mailing-list, x_refsource_CONFIRM, x_refsource_MLIST)
RHSA-2019:1820 (vendor-advisory, x_refsource_REDHAT)
[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 (mailing-list, x_refsource_MLIST)
[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 (mailing-list, x_refsource_MLIST)
[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 (mailing-list, x_refsource_MLIST)
[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 (mailing-list, x_refsource_MLIST)
[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 (mailing-list, x_refsource_MLIST)
[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 (mailing-list, x_refsource_MLIST)
[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204 (mailing-list, x_refsource_MLIST)
[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439 (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2019-12384?: CVE-2019-12384 is a vulnerability in N/a. Published 2019-06-24.
Is CVE-2019-12384 known to be exploited?: 49 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.