jackson-mapper-asl 代码问题漏洞

CNNVD-ID编号	CNNVD-201911-1110
CVE编号	CVE-2019-10172
发布时间	2019-11-18
更新时间	2021-02-20
漏洞类型	代码问题
漏洞来源	N/A
危险等级	高危
威胁类型	远程
厂商	N/A

漏洞介绍

jackson-mapper-asl是一款基于Jackson JSON处理器构建的数据映射软件包。

jackson-mapper-asl 1.9.x版本中存在代码问题漏洞。远程攻击者可借助特制数据利用该漏洞获取敏感信息。

漏洞补丁

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页：

https://mvnrepository.com/artifact/org.codehaus.jackson

参考网址

来源:MLIST

链接：https://lists.apache.org/thread.html/r0066c1e862613de402fee04e81cbe00bcd64b64a2711beb9a13c3b25@%3Ccommits.cassandra.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r48a32f2dd6976d33f7a12b7e09ec7ea1895f8facba82b565587c28ac@%3Ccommon-issues.hadoop.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r33d25a342af84102903cd9dec8338a5bcba3ecfce10505bdfe793b92@%3Ccommon-issues.hadoop.apache.org%3E
来源:bugzilla.redhat.com

链接：https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10172
来源:MLIST

链接：https://lists.apache.org/thread.html/r25e25973e9577c62fd0221b4b52990851adf11cbe33036bd67d4b13d@%3Ccommits.cassandra.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/re07c51a8026c11e6e5513bfdc66d52d1c1027053e480fb8073356257@%3Ccommits.cassandra.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/re646dcc2739d92117bf9a76a33c600ed3b65e8b4e9b6f441e366b72b@%3Ccommits.cassandra.apache.org%3E
来源:MLIST

链接：https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html
来源:MLIST

链接：https://lists.apache.org/thread.html/r80e8882c86c9c17a57396a5ef7c4f08878d629a0291243411be0de3a@%3Ccommits.cassandra.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/ra37700b842790883b9082e6b281fb7596f571b13078a4856cd38f2c2@%3Ccommits.cassandra.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r37eb6579fa0bf94a72b6c978e2fee96f68a2b1b3ac1b1ce60aee86cf@%3Ccommits.cassandra.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/rb47911c179c9f3e8ea3f134b5645e63cd20c6fc63bd0b43ab5864bd1@%3Ccommits.cassandra.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r4bbfa1439d7a4e1712e260bfc3d90f7cf997abfd641cccde6432d4ab@%3Ccommits.cassandra.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/rb8c09b14fd57d855dc21e0a037dc29258c2cbe9c1966bfff453a02e4@%3Ccommon-issues.hadoop.apache.org%3E
来源:MLIST

链接：https://lists.apache.org/thread.html/r386966780034aadee69ffd82d44555117c9339545b9ce990fe490a3e@%3Ccommits.cassandra.apache.org%3E
来源:MLIST

链接：https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html
来源:MLIST

链接：https://lists.apache.org/thread.html/rd3a34d663e2a25b9ab1e8a1a94712cd5f100f098578aec79af48161e@%3Ccommon-dev.hadoop.apache.org%3E
来源:www.debian.org

链接：https://www.debian.org/lts/security/2020/dla-2091
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1662/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158636/Red-Hat-Security-Advisory-2020-3192-01.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2050/
来源:www.nsfocus.net

链接：http://www.nsfocus.net/vulndb/48039
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1427/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/157642/Red-Hat-Security-Advisory-2020-2058-01.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158048/Red-Hat-Security-Advisory-2020-2512-01.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2042/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2992/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/159015/Red-Hat-Security-Advisory-2020-3585-01.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/159208/Red-Hat-Security-Advisory-2020-3779-01.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2895/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2588/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0384/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2021.0630
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.3190/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/157664/Red-Hat-Security-Advisory-2020-2112-01.html
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities/
来源:access.redhat.com

链接：https://access.redhat.com/security/cve/cve-2019-10172
来源:nvd.nist.gov

链接：https://nvd.nist.gov/vuln/detail/CVE-2019-10172

受影响实体

暂无

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201911-1110