Critical severityNVD Advisory· Published Sep 15, 2019· Updated Aug 5, 2024
CVE-2019-14540
CVE-2019-14540
Description
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.fasterxml.jackson.core:jackson-databindMaven | >= 2.9.0, < 2.9.10 | 2.9.10 |
com.fasterxml.jackson.core:jackson-databindMaven | >= 2.7.0, < 2.8.11.5 | 2.8.11.5 |
com.fasterxml.jackson.core:jackson-databindMaven | < 2.6.7.3 | 2.6.7.3 |
Affected products
39- FasterXML/jackson-databinddescription
- osv-coords38 versionspkg:apk/chainguard/mysql-8.0pkg:apk/chainguard/mysql-8.0-bitnami-compatpkg:apk/chainguard/mysql-8.0-clientpkg:apk/chainguard/mysql-8.0-devpkg:apk/chainguard/mysql-8.0-iamguarded-compatpkg:apk/chainguard/mysql-8.0-oci-entrypointpkg:apk/chainguard/mysql-8.0-oci-entrypoint-compatpkg:maven/com.fasterxml.jackson.core/jackson-databindpkg:rpm/almalinux/apache-commons-collectionspkg:rpm/almalinux/apache-commons-langpkg:rpm/almalinux/bea-stax-apipkg:rpm/almalinux/glassfish-fastinfosetpkg:rpm/almalinux/glassfish-jaxb-apipkg:rpm/almalinux/glassfish-jaxb-corepkg:rpm/almalinux/glassfish-jaxb-runtimepkg:rpm/almalinux/glassfish-jaxb-txw2pkg:rpm/almalinux/jackson-annotationspkg:rpm/almalinux/jackson-corepkg:rpm/almalinux/jackson-databindpkg:rpm/almalinux/jackson-jaxrs-json-providerpkg:rpm/almalinux/jackson-jaxrs-providerspkg:rpm/almalinux/jackson-module-jaxb-annotationspkg:rpm/almalinux/jakarta-commons-httpclientpkg:rpm/almalinux/javassistpkg:rpm/almalinux/javassist-javadocpkg:rpm/almalinux/python3-nsspkg:rpm/almalinux/python-nss-docpkg:rpm/almalinux/relaxngDatatypepkg:rpm/almalinux/slf4jpkg:rpm/almalinux/slf4j-jdk14pkg:rpm/almalinux/stax-expkg:rpm/almalinux/velocitypkg:rpm/almalinux/xalan-j2pkg:rpm/almalinux/xerces-j2pkg:rpm/almalinux/xml-commons-apispkg:rpm/almalinux/xml-commons-resolverpkg:rpm/almalinux/xmlstreambufferpkg:rpm/almalinux/xsom
< 8.0.38-r0+ 37 more
- (no CPE)range: < 8.0.38-r0
- (no CPE)range: < 8.0.38-r0
- (no CPE)range: < 8.0.38-r0
- (no CPE)range: < 8.0.38-r0
- (no CPE)range: < 8.0.38-r0
- (no CPE)range: < 8.0.38-r0
- (no CPE)range: < 8.0.38-r0
- (no CPE)range: >= 2.9.0, < 2.9.10
- (no CPE)range: < 3.2.2-10.module_el8.5.0+2577+9e95fe00
- (no CPE)range: < 2.6-21.module_el8.5.0+2577+9e95fe00
- (no CPE)range: < 1.2.0-16.module_el8.5.0+2577+9e95fe00
- (no CPE)range: < 1.2.13-9.module_el8.5.0+2577+9e95fe00
- (no CPE)range: < 2.2.12-8.module_el8.5.0+2577+9e95fe00
- (no CPE)range: < 2.2.11-11.module_el8.5.0+2577+9e95fe00
- (no CPE)range: < 2.2.11-11.module_el8.5.0+2577+9e95fe00
- (no CPE)range: < 2.2.11-11.module_el8.5.0+2577+9e95fe00
- (no CPE)range: < 2.10.0-1.module_el8.5.0+2577+9e95fe00
- (no CPE)range: < 2.10.0-1.module_el8.5.0+2577+9e95fe00
- (no CPE)range: < 2.10.0-1.module_el8.5.0+2577+9e95fe00
- (no CPE)range: < 2.9.9-1.module_el8.5.0+2577+9e95fe00
- (no CPE)range: < 2.9.9-1.module_el8.5.0+2577+9e95fe00
- (no CPE)range: < 2.7.6-4.module_el8.5.0+2577+9e95fe00
- (no CPE)range: < 1:3.1-28.module_el8.5.0+2577+9e95fe00
- (no CPE)range: < 3.18.1-8.module_el8.5.0+2577+9e95fe00
- (no CPE)range: < 3.18.1-8.module_el8.5.0+2577+9e95fe00
- (no CPE)range: < 1.0.1-10.module_el8.5.0+2577+9e95fe00.alma
- (no CPE)range: < 1.0.1-10.module_el8.5.0+2577+9e95fe00.alma
- (no CPE)range: < 2011.1-7.module_el8.5.0+2577+9e95fe00
- (no CPE)range: < 1.7.25-4.module_el8.5.0+2577+9e95fe00
- (no CPE)range: < 1.7.25-4.module_el8.5.0+2577+9e95fe00
- (no CPE)range: < 1.7.7-8.module_el8.5.0+2577+9e95fe00
- (no CPE)range: < 1.7-24.module_el8.5.0+2577+9e95fe00
- (no CPE)range: < 2.7.1-38.module_el8.5.0+2577+9e95fe00
- (no CPE)range: < 2.11.0-34.module_el8.5.0+2577+9e95fe00
- (no CPE)range: < 1.4.01-25.module_el8.5.0+2577+9e95fe00
- (no CPE)range: < 1.2-26.module_el8.5.0+2577+9e95fe00
- (no CPE)range: < 1.5.4-8.module_el8.5.0+2577+9e95fe00
- (no CPE)range: < 0-19.20110809svn.module_el8.5.0+2577+9e95fe00
Patches
Vulnerability mechanics
References
57- access.redhat.com/errata/RHSA-2019:3200ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2020:0159ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2020:0160ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2020:0161ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2020:0164ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2020:0445ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-h822-r4r5-v8jgghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2019-14540ghsaADVISORY
- www.debian.org/security/2019/dsa-4542ghsavendor-advisoryx_refsource_DEBIANWEB
- github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.xghsax_refsource_CONFIRMWEB
- github.com/FasterXML/jackson-databind/commit/73c1c2cc76e6cdd7f3a5615cbe3207fe96e4d3dbghsaWEB
- github.com/FasterXML/jackson-databind/commit/d4983c740fec7d5576b207a8c30a63d3ea7443deghsaWEB
- github.com/FasterXML/jackson-databind/issues/2410ghsax_refsource_MISCWEB
- github.com/FasterXML/jackson-databind/issues/2449ghsax_refsource_MISCWEB
- lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3Ccommits.tinkerpop.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3EghsaWEB
- lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1%40%3Cissues.hbase.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3EghsaWEB
- lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3EghsaWEB
- lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016%40%3Cissues.hbase.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3EghsaWEB
- lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6%40%3Cnotifications.zookeeper.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6@%3Cnotifications.zookeeper.apache.org%3EghsaWEB
- lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9%40%3Cissues.hbase.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3EghsaWEB
- lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3EghsaWEB
- lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3EghsaWEB
- lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0%40%3Cissues.hbase.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3EghsaWEB
- lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb%40%3Ccommits.hbase.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3EghsaWEB
- lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540%40%3Ccommits.nifi.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540@%3Ccommits.nifi.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3EghsaWEB
- lists.debian.org/debian-lts-announce/2019/10/msg00001.htmlghsamailing-listx_refsource_MLISTWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJTghsaWEB
- seclists.org/bugtraq/2019/Oct/6ghsamailing-listx_refsource_BUGTRAQWEB
- security.netapp.com/advisory/ntap-20191004-0002ghsaWEB
- security.netapp.com/advisory/ntap-20191004-0002/mitrex_refsource_CONFIRM
- www.oracle.com/security-alerts/cpuapr2020.htmlghsax_refsource_MISCWEB
- www.oracle.com/security-alerts/cpujan2020.htmlghsax_refsource_MISCWEB
- www.oracle.com/security-alerts/cpujul2020.htmlghsax_refsource_MISCWEB
- www.oracle.com/security-alerts/cpuoct2020.htmlghsax_refsource_MISCWEB
- www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.