Description

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.

Remediation

References

CVE-2019-14379

Related Vulnerabilities

WordPress 3.7.x PHP Object Injection (3.7 - 3.7.35)

MySQL Other Vulnerability (CVE-2006-4226)

WordPress Plugin Frontend Uploader Cross-Site Scripting (0.9.2)

WordPress Plugin Rise Blocks-A Complete Gutenberg Page Builder Unspecified Vulnerability (1.0.0)

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-1551)

Severity

Critical

Classification

CVE-2019-14379 CWE-915 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities