Skip to content
This repository has been archived by the owner on May 31, 2023. It is now read-only.

CVE-2018-12023 High Severity Vulnerability detected by WhiteSource #25

Closed
mend-bolt-for-github bot opened this issue Jan 28, 2019 · 2 comments
Closed

CVE-2018-12023 High Severity Vulnerability detected by WhiteSource #25

mend-bolt-for-github bot opened this issue Jan 28, 2019 · 2 comments
Labels
security vulnerability Security vulnerability detected by WhiteSource

Comments

@mend-bolt-for-github
Copy link
Contributor

CVE-2018-12023 - High Severity Vulnerability

Vulnerable Library - jackson-databind-2.8.9.jar

General data-binding functionality for Jackson: works on core streaming API

path: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.9/jackson-databind-2.8.9.jar

Library home page: http://github.com/FasterXML/jackson

Dependency Hierarchy:

  • logstash-logback-encoder-4.11.jar (Root Library)
    • jackson-databind-2.8.9.jar (Vulnerable Library)

Found in HEAD commit: ce7bfe45618f12413313c4cdaaaa5c63b857642d

Vulnerability Details

jackson-databind has a potential remote code execution (RCE) vulnerability. in versions 2.7.9.x. 2.8.x < 2.8.11.2. and version 2.9.4--2.9.5.

Publish Date: 2018-12-13

URL: CVE-2018-12023

CVSS 2 Score Details (7.6)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: FasterXML/jackson-databind@7487cf7

Release Date: 2018-06-01

Fix Resolution: Replace or update the following file: SubTypeValidator.java

Step up your Open Source Security Game with WhiteSource here
@mend-bolt-for-github mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Jan 28, 2019
This was referenced Mar 1, 2019
Merged
Closed
Closed
@AveryRegier AveryRegier added the duplicate This issue or pull request already exists label Mar 1, 2019
@AveryRegier
Copy link
Contributor

Duplicate of #25

@AveryRegier AveryRegier marked this as a duplicate of #25 Mar 1, 2019
@AveryRegier
Copy link
Contributor

Oops. this is #25.

@AveryRegier AveryRegier reopened this Mar 1, 2019
@AveryRegier AveryRegier removed the duplicate This issue or pull request already exists label Mar 1, 2019
This was referenced Mar 1, 2019
Closed
Closed
Closed
Closed
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
security vulnerability Security vulnerability detected by WhiteSource
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@AveryRegier