USN-4813-1
- Source
- https://ubuntu.com/security/notices/USN-4813-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-4813-1.json
- Related
-
- CVE-2018-11307
- CVE-2018-12022
- CVE-2018-12023
- CVE-2018-14718
- CVE-2018-14719
- CVE-2018-14720
- CVE-2018-14721
- CVE-2018-19360
- CVE-2018-19361
- CVE-2018-19362
- CVE-2019-12086
- CVE-2019-12384
- CVE-2019-12814
- CVE-2019-14379
- CVE-2019-14439
- CVE-2019-14540
- CVE-2019-16335
- CVE-2019-16942
- CVE-2019-16943
- CVE-2019-17267
- CVE-2019-17531
- CVE-2019-20330
- CVE-2020-10672
- CVE-2020-10673
- CVE-2020-10968
- CVE-2020-10969
- CVE-2020-11111
- CVE-2020-11112
- CVE-2020-11113
- CVE-2020-11619
- CVE-2020-11620
- CVE-2020-14060
- CVE-2020-14061
- CVE-2020-14062
- CVE-2020-14195
- CVE-2020-8840
- CVE-2020-9546
- CVE-2020-9547
- CVE-2020-9548
- Published
- 2021-03-15T21:47:52.369205Z
- Modified
- 2021-03-15T21:47:52.369205Z
- Summary
- jackson-databind vulnerabilities
- Details
-
It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to obtain sensitive information. (CVE-2018-11307, CVE-2019-12086, CVE-2019-12814)
It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. (CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362, CVE-2019-12384, CVE-2019-14379, CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, CVE-2019-17531, CVE-2019-20330, CVE-2020-10672, CVE-2020-10673, CVE-2020-10968, CVE-2020-10969, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619, CVE-2020-11620, CVE-2020-14060, CVE-2020-14061, CVE-2020-14062, CVE-2020-14195, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548)
It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute XML entity (XXE) attacks. (CVE-2018-14720)
It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute server-side request forgery (SSRF). (CVE-2018-14721)
- References
-
- https://ubuntu.com/security/notices/USN-4813-1
- https://ubuntu.com/security/CVE-2018-11307
- https://ubuntu.com/security/CVE-2018-12022
- https://ubuntu.com/security/CVE-2018-12023
- https://ubuntu.com/security/CVE-2018-14718
- https://ubuntu.com/security/CVE-2018-14719
- https://ubuntu.com/security/CVE-2018-14720
- https://ubuntu.com/security/CVE-2018-14721
- https://ubuntu.com/security/CVE-2018-19360
- https://ubuntu.com/security/CVE-2018-19361
- https://ubuntu.com/security/CVE-2018-19362
- https://ubuntu.com/security/CVE-2019-12086
- https://ubuntu.com/security/CVE-2019-12384
- https://ubuntu.com/security/CVE-2019-12814
- https://ubuntu.com/security/CVE-2019-14379
- https://ubuntu.com/security/CVE-2019-14439
- https://ubuntu.com/security/CVE-2019-14540
- https://ubuntu.com/security/CVE-2019-16335
- https://ubuntu.com/security/CVE-2019-16942
- https://ubuntu.com/security/CVE-2019-16943
- https://ubuntu.com/security/CVE-2019-17267
- https://ubuntu.com/security/CVE-2019-17531
- https://ubuntu.com/security/CVE-2019-20330
- https://ubuntu.com/security/CVE-2020-10672
- https://ubuntu.com/security/CVE-2020-10673
- https://ubuntu.com/security/CVE-2020-10968
- https://ubuntu.com/security/CVE-2020-10969
- https://ubuntu.com/security/CVE-2020-11111
- https://ubuntu.com/security/CVE-2020-11112
- https://ubuntu.com/security/CVE-2020-11113
- https://ubuntu.com/security/CVE-2020-11619
- https://ubuntu.com/security/CVE-2020-11620
- https://ubuntu.com/security/CVE-2020-14060
- https://ubuntu.com/security/CVE-2020-14061
- https://ubuntu.com/security/CVE-2020-14062
- https://ubuntu.com/security/CVE-2020-14195
- https://ubuntu.com/security/CVE-2020-8840
- https://ubuntu.com/security/CVE-2020-9546
- https://ubuntu.com/security/CVE-2020-9547
- https://ubuntu.com/security/CVE-2020-9548