CVE-2018-19360 Medium Severity Vulnerability detected by WhiteSource #59

mend-bolt-for-github · 2019-01-09T03:25:55Z

CVE-2018-19360 - Medium Severity Vulnerability

Vulnerable Library - jackson-databind-2.7.9.jar

General data-binding functionality for Jackson: works on core streaming API

path: 2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9/jackson-databind-2.7.9.jar

Library home page: http://github.com/FasterXML/jackson

Dependency Hierarchy:

❌ jackson-databind-2.7.9.jar (Vulnerable Library)

Vulnerability Details

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.

Publish Date: 2019-01-02

URL: CVE-2018-19360

CVSS 2 Score Details (5.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360

Release Date: 2019-01-02

Fix Resolution: 2.9.8

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Jan 9, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2018-19360 Medium Severity Vulnerability detected by WhiteSource #59

CVE-2018-19360 Medium Severity Vulnerability detected by WhiteSource #59

mend-bolt-for-github bot commented Jan 9, 2019

CVE-2018-19360 Medium Severity Vulnerability detected by WhiteSource #59

CVE-2018-19360 Medium Severity Vulnerability detected by WhiteSource #59

Comments

mend-bolt-for-github bot commented Jan 9, 2019

CVE-2018-19360 - Medium Severity Vulnerability