Critical severityNVD Advisory· Published Feb 26, 2018· Updated Aug 5, 2024
CVE-2018-7489
CVE-2018-7489
Description
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
FasterXML jackson-databind before 2.7.9.3, 2.8.11.1, and 2.9.5 allows unauthenticated RCE via crafted JSON due to incomplete fix for CVE-2017-7525.
Vulnerability
FasterXML jackson-databind versions before 2.7.9.3, 2.8.x before 2.8.11.1, and 2.9.x before 2.9.5 are vulnerable to a remote code execution (RCE) flaw [1][2][3][4]. The vulnerability stems from an incomplete fix for the previously disclosed CVE-2017-7525 deserialization issue. When the c3p0 library is present in the application classpath, the blacklist that is meant to block dangerous types during deserialization becomes ineffective. The bug can be triggered by passing maliciously crafted JSON input to the readValue method of the ObjectMapper class.
Exploitation
An unauthenticated attacker can exploit this vulnerability over the network by sending a specially crafted JSON payload to a target application that uses a vulnerable version of jackson-databind [1][2][3][4]. The attacker does not need any prior authentication or special privileges. The attack path requires the c3p0 library to be available in the classpath, a common dependency in many Java environments. The malicious JSON triggers deserialization of a class that circumvents the type blacklist, leading to code execution.
Impact
Successful exploitation results in unauthenticated remote code execution in the context of the vulnerable application [1][2][3][4]. This can lead to a complete compromise of the application's confidentiality, integrity, and availability, allowing the attacker to execute arbitrary commands, access sensitive data, or further pivot within the infrastructure.
Mitigation
Upgrade to jackson-databind version 2.7.9.3, 2.8.11.1, or 2.9.5 or later [1][2][3][4]. Red Hat has released errata (RHSA-2018:1450, RHSA-2018:1448, RHSA-2018:1449, RHSA-2018:2090) for affected JBoss Enterprise Application Platform versions. No workarounds are documented; removing the c3p0 library from the classpath may prevent exploitation but could break functionality.
References
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.fasterxml.jackson.core:jackson-databindMaven | >= 2.8.0, < 2.8.11.1 | 2.8.11.1 |
com.fasterxml.jackson.core:jackson-databindMaven | >= 2.9.0, < 2.9.5 | 2.9.5 |
com.fasterxml.jackson.core:jackson-databindMaven | >= 2.7.0, < 2.7.9.3 | 2.7.9.3 |
com.fasterxml.jackson.core:jackson-databindMaven | < 2.6.7.5 | 2.6.7.5 |
Affected products
2- ghsa-coords2 versionspkg:maven/com.fasterxml.jackson.core/jackson-databindpkg:rpm/opensuse/kafka-source&distro=openSUSE%20Tumbleweed
>= 2.8.0, < 2.8.11.1+ 1 more
- (no CPE)range: >= 2.8.0, < 2.8.11.1
- (no CPE)range: < 2.1.0-3.6
Patches
5ca2bfc86af82Backported CVE-2018-7489 (#3176)
2 files changed · +46 −7
release-notes/VERSION+1 −0 modified@@ -17,6 +17,7 @@ Backported all CVE fixes up to CVE-2021-20190 #2986: Block 2 more gadget types (commons-dbcp2, CVE-2020-35490 / CVE-2020-35491) #2854: Block one more gadget type (javax.swing, CVE-2021-20190) #2798: Block one more gadget type (com.pastdev.httpcomponents, CVE-2020-24750) +#1931: Block two more gadgets to exploit default typing issue (c3p0, CVE-2018-7489) 2.6.7.4 (25-Oct-2020)
src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java+45 −7 modified@@ -34,6 +34,10 @@ public class BeanDeserializerFactory { private static final long serialVersionUID = 1; + protected final static String PREFIX_SPRING = "org.springframework."; + + protected final static String PREFIX_C3P0 = "com.mchange.v2.c3p0."; + /** * Signature of <b>Throwable.initCause</b> method. */ @@ -1072,13 +1076,47 @@ private void checkIllegalTypes(DeserializationContext ctxt, JavaType type, { // There are certain nasty classes that could cause problems, mostly // via default typing -- catch them here. - String full = type.getRawClass().getName(); + final Class<?> raw = type.getRawClass(); + String full = raw.getName(); - if (_cfgIllegalClassNames.contains(full)) { - String message = String.format("Illegal type (%s) to deserialize: prevented for security reasons", - full); - throw ctxt.mappingException("Invalid type definition for type %s: %s", - beanDesc, message); - } + main_check: + do { + if (_cfgIllegalClassNames.contains(full)) { + break; + } + + // 18-Dec-2017, tatu: As per [databind#1855], need bit more sophisticated handling + // for some Spring framework types + // 05-Jan-2017, tatu: ... also, only applies to classes, not interfaces + if (raw.isInterface()) { + ; + } else if (full.startsWith(PREFIX_SPRING)) { + for (Class<?> cls = raw; (cls != null) && (cls != Object.class); cls = cls.getSuperclass()){ + String name = cls.getSimpleName(); + // looking for "AbstractBeanFactoryPointcutAdvisor" but no point to allow any is there? + if ("AbstractPointcutAdvisor".equals(name) + // ditto for "FileSystemXmlApplicationContext": block all ApplicationContexts + || "AbstractApplicationContext".equals(name)) { + break main_check; + } + } + } else if (full.startsWith(PREFIX_C3P0)) { + // [databind#1737]; more 3rd party + // s.add("com.mchange.v2.c3p0.JndiRefForwardingDataSource"); + // s.add("com.mchange.v2.c3p0.WrapperConnectionPoolDataSource"); + // [databind#1931]; more 3rd party + // com.mchange.v2.c3p0.ComboPooledDataSource + // com.mchange.v2.c3p0.debug.AfterCloseLoggingComboPooledDataSource + if (full.endsWith("DataSource")) { + break main_check; + } + } + return; + } while (false); + + String message = String.format("Illegal type (%s) to deserialize: prevented for security reasons", + full); + throw ctxt.mappingException("Invalid type definition for type %s: %s", + beanDesc, message); } }
bc22f90eb7f8Update release notes wrt #1931
2 files changed · +5 −0
release-notes/CREDITS-2.x+4 −0 modified@@ -749,3 +749,7 @@ Deblock Thomas (deblockt@github) * Reported, contributed fix for #1912: `BeanDeserializerModifier.updateBuilder()` does not work to set custom deserializer on a property (since 2.9.0) (contributed by Deblock T) + +lilei@venusgroup.com.cn: + * Reported #1931: Two more `c3p0` gadgets to exploit default typing issue + (2.9.5)
release-notes/VERSION-2.x+1 −0 modified@@ -13,6 +13,7 @@ Project: jackson-databind deserializer on a property (since 2.9.0) (contributed by Deblock T) #1931: Two more `c3p0` gadgets to exploit default typing issue + (reported by lilei@venusgroup.com.cn) 2.9.4 (24-Jan-2018)
e66c0a9d3c92Merge branch '2.8' into 2.9
4 files changed · +40 −14
release-notes/VERSION-2.x+2 −0 modified@@ -12,6 +12,7 @@ Project: jackson-databind #1912: `BeanDeserializerModifier.updateBuilder()` not work to set custom deserializer on a property (since 2.9.0) (contributed by Deblock T) +#1931: Two more `c3p0` gadgets to exploit default typing issue 2.9.4 (24-Jan-2018) @@ -213,6 +214,7 @@ Project: jackson-databind (reported by Rob W) #1899: Another two gadgets to exploit default typing issue in jackson-databind (reported by OneSourceCat@github) +#1931: Two more `c3p0` gadgets to exploit default typing issue 2.8.11 (24-Dec-2017)
src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java+21 −5 modified@@ -19,7 +19,10 @@ */ public class SubTypeValidator { - protected final static String PREFIX_STRING = "org.springframework."; + protected final static String PREFIX_SPRING = "org.springframework."; + + protected final static String PREFIX_C3P0 = "com.mchange.v2.c3p0."; + /** * Set of well-known "nasty classes", deserialization of which is considered dangerous * and should (and is) prevented by default. @@ -46,8 +49,9 @@ public class SubTypeValidator // [databind#1737]; 3rd party //s.add("org.springframework.aop.support.AbstractBeanFactoryPointcutAdvisor"); // deprecated by [databind#1855] s.add("org.springframework.beans.factory.config.PropertyPathFactoryBean"); - s.add("com.mchange.v2.c3p0.JndiRefForwardingDataSource"); - s.add("com.mchange.v2.c3p0.WrapperConnectionPoolDataSource"); + +// s.add("com.mchange.v2.c3p0.JndiRefForwardingDataSource"); // deprecated by [databind#1931] +// s.add("com.mchange.v2.c3p0.WrapperConnectionPoolDataSource"); // - "" - // [databind#1855]: more 3rd party s.add("org.apache.tomcat.dbcp.dbcp2.BasicDataSource"); s.add("com.sun.org.apache.bcel.internal.util.ClassLoader"); @@ -86,8 +90,10 @@ public void validateSubType(DeserializationContext ctxt, JavaType type, // 18-Dec-2017, tatu: As per [databind#1855], need bit more sophisticated handling // for some Spring framework types // 05-Jan-2017, tatu: ... also, only applies to classes, not interfaces - if (!raw.isInterface() && full.startsWith(PREFIX_STRING)) { - for (Class<?> cls = raw; (cls != null) && (cls != Object.class); cls = cls.getSuperclass()) { + if (raw.isInterface()) { + ; + } else if (full.startsWith(PREFIX_SPRING)) { + for (Class<?> cls = raw; (cls != null) && (cls != Object.class); cls = cls.getSuperclass()){ String name = cls.getSimpleName(); // looking for "AbstractBeanFactoryPointcutAdvisor" but no point to allow any is there? if ("AbstractPointcutAdvisor".equals(name) @@ -96,6 +102,16 @@ public void validateSubType(DeserializationContext ctxt, JavaType type, break main_check; } } + } else if (full.startsWith(PREFIX_C3P0)) { + // [databind#1737]; more 3rd party + // s.add("com.mchange.v2.c3p0.JndiRefForwardingDataSource"); + // s.add("com.mchange.v2.c3p0.WrapperConnectionPoolDataSource"); + // [databind#1931]; more 3rd party + // com.mchange.v2.c3p0.ComboPooledDataSource + // com.mchange.v2.c3p0.debug.AfterCloseLoggingComboPooledDataSource + if (full.endsWith("DataSource")) { + break main_check; + } } return; } while (false);
src/test/java/com/fasterxml/jackson/databind/interop/IllegalTypesCheckTest.java+11 −9 modified@@ -10,6 +10,8 @@ import com.fasterxml.jackson.databind.*; import com.fasterxml.jackson.databind.exc.InvalidDefinitionException; +import com.mchange.v2.c3p0.jacksontest.ComboPooledDataSource; + /** * Test case(s) to guard against handling of types that are illegal to handle * due to security constraints. @@ -38,7 +40,7 @@ static class Authentication1872 { */ private final ObjectMapper MAPPER = objectMapper(); - + // // // Tests for [databind#1599] public void testXalanTypes1599() throws Exception @@ -86,34 +88,34 @@ public void testJDKTypes1855() throws Exception // 17-Aug-2017, tatu: Ideally would test handling of 3rd party types, too, // but would require adding dependencies. This may be practical when - // checking done by module, but for now let's not do that for databind. + // checking done by separate module, but for now let's not do that for databind. /* public void testSpringTypes1737() throws Exception { _testIllegalType("org.springframework.aop.support.AbstractBeanFactoryPointcutAdvisor"); _testIllegalType("org.springframework.beans.factory.config.PropertyPathFactoryBean"); } - - public void testC3P0Types1737() throws Exception - { - _testTypes1737("com.mchange.v2.c3p0.JndiRefForwardingDataSource"); - _testTypes1737("com.mchange.v2.c3p0.WrapperConnectionPoolDataSource"); - } */ // // // Tests for [databind#1872] public void testJDKTypes1872() throws Exception { ObjectMapper mapper = new ObjectMapper(); mapper.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY); - + String json = aposToQuotes(String.format("{'@class':'%s','authorities':['java.util.ArrayList',[]]}", Authentication1872.class.getName())); Authentication1872 result = mapper.readValue(json, Authentication1872.class); assertNotNull(result); } + // [databind#1931] + public void testC3P0Types() throws Exception + { + _testIllegalType(ComboPooledDataSource.class); // [databind#1931] + } + private void _testIllegalType(Class<?> nasty) throws Exception { _testIllegalType(nasty.getName()); }
src/test/java/com/mchange/v2/c3p0/jacksontest/ComboPooledDataSource.java+6 −0 added@@ -0,0 +1,6 @@ +package com.mchange.v2.c3p0.jacksontest; + +// test class for [databind#1931] +public class ComboPooledDataSource { + +}
c921f0935d5eMerge branch '2.7' into 2.8
4 files changed · +41 −14
release-notes/VERSION+1 −0 modified@@ -10,6 +10,7 @@ Project: jackson-databind (reported by Rob W) #1899: Another two gadgets to exploit default typing issue in jackson-databind (reported by OneSourceCat@github) +#1931: Two more `c3p0` gadgets to exploit default typing issue 2.8.11 (24-Dec-2017)
src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java+21 −5 modified@@ -18,7 +18,10 @@ */ public class SubTypeValidator { - protected final static String PREFIX_STRING = "org.springframework."; + protected final static String PREFIX_SPRING = "org.springframework."; + + protected final static String PREFIX_C3P0 = "com.mchange.v2.c3p0."; + /** * Set of well-known "nasty classes", deserialization of which is considered dangerous * and should (and is) prevented by default. @@ -45,8 +48,9 @@ public class SubTypeValidator // [databind#1737]; 3rd party //s.add("org.springframework.aop.support.AbstractBeanFactoryPointcutAdvisor"); // deprecated by [databind#1855] s.add("org.springframework.beans.factory.config.PropertyPathFactoryBean"); - s.add("com.mchange.v2.c3p0.JndiRefForwardingDataSource"); - s.add("com.mchange.v2.c3p0.WrapperConnectionPoolDataSource"); + +// s.add("com.mchange.v2.c3p0.JndiRefForwardingDataSource"); // deprecated by [databind#1931] +// s.add("com.mchange.v2.c3p0.WrapperConnectionPoolDataSource"); // - "" - // [databind#1855]: more 3rd party s.add("org.apache.tomcat.dbcp.dbcp2.BasicDataSource"); s.add("com.sun.org.apache.bcel.internal.util.ClassLoader"); @@ -84,8 +88,10 @@ public void validateSubType(DeserializationContext ctxt, JavaType type) throws J // 18-Dec-2017, tatu: As per [databind#1855], need bit more sophisticated handling // for some Spring framework types // 05-Jan-2017, tatu: ... also, only applies to classes, not interfaces - if (!raw.isInterface() && full.startsWith(PREFIX_STRING)) { - for (Class<?> cls = raw; (cls != null) && (cls != Object.class); cls = cls.getSuperclass()) { + if (raw.isInterface()) { + ; + } else if (full.startsWith(PREFIX_SPRING)) { + for (Class<?> cls = raw; (cls != null) && (cls != Object.class); cls = cls.getSuperclass()){ String name = cls.getSimpleName(); // looking for "AbstractBeanFactoryPointcutAdvisor" but no point to allow any is there? if ("AbstractPointcutAdvisor".equals(name) @@ -94,6 +100,16 @@ public void validateSubType(DeserializationContext ctxt, JavaType type) throws J break main_check; } } + } else if (full.startsWith(PREFIX_C3P0)) { + // [databind#1737]; more 3rd party + // s.add("com.mchange.v2.c3p0.JndiRefForwardingDataSource"); + // s.add("com.mchange.v2.c3p0.WrapperConnectionPoolDataSource"); + // [databind#1931]; more 3rd party + // com.mchange.v2.c3p0.ComboPooledDataSource + // com.mchange.v2.c3p0.debug.AfterCloseLoggingComboPooledDataSource + if (full.endsWith("DataSource")) { + break main_check; + } } return; } while (false);
src/test/java/com/fasterxml/jackson/databind/interop/IllegalTypesCheckTest.java+13 −9 modified@@ -8,6 +8,10 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo; import com.fasterxml.jackson.databind.*; +import com.mchange.v2.c3p0.jacksontest.ComboPooledDataSource; + +import java.util.ArrayList; +import java.util.List; /** * Test case(s) to guard against handling of types that are illegal to handle @@ -37,7 +41,7 @@ static class Authentication1872 { */ private final ObjectMapper MAPPER = objectMapper(); - + // // // Tests for [databind#1599] public void testXalanTypes1599() throws Exception @@ -85,34 +89,34 @@ public void testJDKTypes1855() throws Exception // 17-Aug-2017, tatu: Ideally would test handling of 3rd party types, too, // but would require adding dependencies. This may be practical when - // checking done by module, but for now let's not do that for databind. + // checking done by separate module, but for now let's not do that for databind. /* public void testSpringTypes1737() throws Exception { _testIllegalType("org.springframework.aop.support.AbstractBeanFactoryPointcutAdvisor"); _testIllegalType("org.springframework.beans.factory.config.PropertyPathFactoryBean"); } - - public void testC3P0Types1737() throws Exception - { - _testTypes1737("com.mchange.v2.c3p0.JndiRefForwardingDataSource"); - _testTypes1737("com.mchange.v2.c3p0.WrapperConnectionPoolDataSource"); - } */ // // // Tests for [databind#1872] public void testJDKTypes1872() throws Exception { ObjectMapper mapper = new ObjectMapper(); mapper.enableDefaultTyping(ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY); - + String json = aposToQuotes(String.format("{'@class':'%s','authorities':['java.util.ArrayList',[]]}", Authentication1872.class.getName())); Authentication1872 result = mapper.readValue(json, Authentication1872.class); assertNotNull(result); } + // [databind#1931] + public void testC3P0Types() throws Exception + { + _testIllegalType(ComboPooledDataSource.class); // [databind#1931] + } + private void _testIllegalType(Class<?> nasty) throws Exception { _testIllegalType(nasty.getName()); }
src/test/java/com/mchange/v2/c3p0/jacksontest/ComboPooledDataSource.java+6 −0 added@@ -0,0 +1,6 @@ +package com.mchange.v2.c3p0.jacksontest; + +// test class for [databind#1931] +public class ComboPooledDataSource { + +}
6799f8f10cc7Fix #1931
4 files changed · +38 −12
release-notes/VERSION+1 −0 modified@@ -9,6 +9,7 @@ Project: jackson-databind #1872 `NullPointerException` in `SubTypeValidator.validateSubType` when validating Spring interface (reported by Rob W) +#1931: Two more `c3p0` gadgets to exploit default typing issue 2.7.9.2 (20-Dec-2017)
src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java+21 −4 modified@@ -18,7 +18,10 @@ */ public class SubTypeValidator { - protected final static String PREFIX_STRING = "org.springframework."; + protected final static String PREFIX_SPRING = "org.springframework."; + + protected final static String PREFIX_C3P0 = "com.mchange.v2.c3p0."; + /** * Set of well-known "nasty classes", deserialization of which is considered dangerous * and should (and is) prevented by default. @@ -45,11 +48,13 @@ public class SubTypeValidator // [databind#1737]; 3rd party //s.add("org.springframework.aop.support.AbstractBeanFactoryPointcutAdvisor"); // deprecated by [databind#1855] s.add("org.springframework.beans.factory.config.PropertyPathFactoryBean"); - s.add("com.mchange.v2.c3p0.JndiRefForwardingDataSource"); - s.add("com.mchange.v2.c3p0.WrapperConnectionPoolDataSource"); + +// s.add("com.mchange.v2.c3p0.JndiRefForwardingDataSource"); // deprecated by [databind#1931] +// s.add("com.mchange.v2.c3p0.WrapperConnectionPoolDataSource"); // - "" - // [databind#1855]: more 3rd party s.add("org.apache.tomcat.dbcp.dbcp2.BasicDataSource"); s.add("com.sun.org.apache.bcel.internal.util.ClassLoader"); + DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s); } @@ -80,7 +85,9 @@ public void validateSubType(DeserializationContext ctxt, JavaType type) throws J // 18-Dec-2017, tatu: As per [databind#1855], need bit more sophisticated handling // for some Spring framework types // 05-Jan-2017, tatu: ... also, only applies to classes, not interfaces - if (!raw.isInterface() && full.startsWith(PREFIX_STRING)) { + if (raw.isInterface()) { + ; + } else if (full.startsWith(PREFIX_SPRING)) { for (Class<?> cls = raw; (cls != null) && (cls != Object.class); cls = cls.getSuperclass()){ String name = cls.getSimpleName(); // looking for "AbstractBeanFactoryPointcutAdvisor" but no point to allow any is there? @@ -90,6 +97,16 @@ public void validateSubType(DeserializationContext ctxt, JavaType type) throws J break main_check; } } + } else if (full.startsWith(PREFIX_C3P0)) { + // [databind#1737]; more 3rd party + // s.add("com.mchange.v2.c3p0.JndiRefForwardingDataSource"); + // s.add("com.mchange.v2.c3p0.WrapperConnectionPoolDataSource"); + // [databind#1931]; more 3rd party + // com.mchange.v2.c3p0.ComboPooledDataSource + // com.mchange.v2.c3p0.debug.AfterCloseLoggingComboPooledDataSource + if (full.endsWith("DataSource")) { + break main_check; + } } return; } while (false);
src/test/java/com/fasterxml/jackson/databind/interop/IllegalTypesCheckTest.java+10 −8 modified@@ -6,6 +6,7 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo; import com.fasterxml.jackson.databind.*; +import com.mchange.v2.c3p0.jacksontest.ComboPooledDataSource; import java.util.ArrayList; import java.util.List; @@ -86,23 +87,17 @@ public void testJDKTypes1855() throws Exception // 17-Aug-2017, tatu: Ideally would test handling of 3rd party types, too, // but would require adding dependencies. This may be practical when - // checking done by module, but for now let's not do that for databind. + // checking done by separate module, but for now let's not do that for databind. /* public void testSpringTypes1737() throws Exception { _testIllegalType("org.springframework.aop.support.AbstractBeanFactoryPointcutAdvisor"); _testIllegalType("org.springframework.beans.factory.config.PropertyPathFactoryBean"); } - - public void testC3P0Types1737() throws Exception - { - _testIllegalType("com.mchange.v2.c3p0.JndiRefForwardingDataSource"); - _testIllegalType("com.mchange.v2.c3p0.WrapperConnectionPoolDataSource"); - } */ - // // // Tests for [databind#1872] + // // // Tests for [databind#1872] public void testJDKTypes1872() throws Exception { ObjectMapper mapper = new ObjectMapper(); @@ -113,6 +108,13 @@ public void testJDKTypes1872() throws Exception Authentication1872 result = mapper.readValue(json, Authentication1872.class); assertNotNull(result); } + + // [databind#1931] + public void testC3P0Types() throws Exception + { + _testIllegalType(ComboPooledDataSource.class); // [databind#1931] + } + private void _testIllegalType(Class<?> nasty) throws Exception { _testIllegalType(nasty.getName()); }
src/test/java/com/mchange/v2/c3p0/jacksontest/ComboPooledDataSource.java+6 −0 added@@ -0,0 +1,6 @@ +package com.mchange.v2.c3p0.jacksontest; + +// test class for [databind#1931] +public class ComboPooledDataSource { + +}
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
37- access.redhat.com/errata/RHSA-2018:1447ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2018:1448ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2018:1449ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2018:1450ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2018:1451ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2018:1786ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2018:2088ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2018:2089ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2018:2090ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2018:2938ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2018:2939ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2019:2858ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2019:3149ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-cggj-fvv3-cqwvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-7489ghsaADVISORY
- www.debian.org/security/2018/dsa-4190ghsavendor-advisoryx_refsource_DEBIANWEB
- www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlghsax_refsource_CONFIRMWEB
- www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlghsax_refsource_CONFIRMWEB
- www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlghsax_refsource_CONFIRMWEB
- www.securityfocus.com/bid/103203mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1040693mitrevdb-entryx_refsource_SECTRACK
- www.securitytracker.com/id/1041890mitrevdb-entryx_refsource_SECTRACK
- github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2ghsaWEB
- github.com/FasterXML/jackson-databind/commit/bc22f90eb7f896ace9567598a99cb1ff6e0f9d9dghsaWEB
- github.com/FasterXML/jackson-databind/commit/c921f0935d5e41bf206e702d8077a275ba1a6efcghsaWEB
- github.com/FasterXML/jackson-databind/commit/ca2bfc86af82a1479112004b663ba74c760752e6ghsaWEB
- github.com/FasterXML/jackson-databind/commit/e66c0a9d3c926ff1b63bf586c824ead1d02f2a3dghsaWEB
- github.com/FasterXML/jackson-databind/issues/1931ghsax_refsource_CONFIRMWEB
- lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3EghsaWEB
- security.netapp.com/advisory/ntap-20180328-0001ghsaWEB
- security.netapp.com/advisory/ntap-20180328-0001/mitrex_refsource_CONFIRM
- support.hpe.com/hpsc/doc/public/displayghsax_refsource_CONFIRMWEB
- www.oracle.com/security-alerts/cpuoct2020.htmlghsax_refsource_MISCWEB
- www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlghsax_refsource_MISCWEB
- www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlghsax_refsource_CONFIRMWEB
- www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.