Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-12814 (GCVE-0-2019-12814)
Vulnerability from cvelistv5 – Published: 2019-06-19 13:24 – Updated: 2025-08-27 20:30
VLAI
EPSS
Summary
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
55 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html"
},
{
"name": "[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd%40%3Ccommits.accumulo.apache.org%3E"
},
{
"name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"
},
{
"name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "FEDORA-2019-99ff6aa32c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"
},
{
"name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to \u003e= 2.9.9.3 to address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "FEDORA-2019-ae6a703b8f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
},
{
"name": "FEDORA-2019-fb23eccc03",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
},
{
"name": "RHSA-2019:2858",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2858"
},
{
"name": "RHSA-2019:2937",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2937"
},
{
"name": "RHSA-2019:2935",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2935"
},
{
"name": "RHSA-2019:2936",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2936"
},
{
"name": "RHSA-2019:2938",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2938"
},
{
"name": "[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E"
},
{
"name": "RHSA-2019:3044",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3044"
},
{
"name": "RHSA-2019:3045",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3045"
},
{
"name": "RHSA-2019:3050",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3050"
},
{
"name": "RHSA-2019:3046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3046"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "RHSA-2019:3149",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3149"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "RHSA-2019:3200",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"name": "RHSA-2019:3292",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3292"
},
{
"name": "RHSA-2019:3297",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3297"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2341"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190625-0006/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-12814",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T20:29:53.410352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:30:34.890Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T21:14:57.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html"
},
{
"name": "[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd%40%3Ccommits.accumulo.apache.org%3E"
},
{
"name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"
},
{
"name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E"
},
{
"name": "FEDORA-2019-99ff6aa32c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"
},
{
"name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to \u003e= 2.9.9.3 to address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "FEDORA-2019-ae6a703b8f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
},
{
"name": "FEDORA-2019-fb23eccc03",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
},
{
"name": "RHSA-2019:2858",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2858"
},
{
"name": "RHSA-2019:2937",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2937"
},
{
"name": "RHSA-2019:2935",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2935"
},
{
"name": "RHSA-2019:2936",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2936"
},
{
"name": "RHSA-2019:2938",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2938"
},
{
"name": "[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E"
},
{
"name": "RHSA-2019:3044",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3044"
},
{
"name": "RHSA-2019:3045",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3045"
},
{
"name": "RHSA-2019:3050",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3050"
},
{
"name": "RHSA-2019:3046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3046"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "RHSA-2019:3149",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3149"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "RHSA-2019:3200",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"name": "RHSA-2019:3292",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3292"
},
{
"name": "RHSA-2019:3297",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3297"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2341"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190625-0006/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html"
},
{
"name": "[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd@%3Ccommits.accumulo.apache.org%3E"
},
{
"name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E"
},
{
"name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E"
},
{
"name": "FEDORA-2019-99ff6aa32c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"
},
{
"name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to \u003e= 2.9.9.3 to address security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "FEDORA-2019-ae6a703b8f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
},
{
"name": "FEDORA-2019-fb23eccc03",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
},
{
"name": "RHSA-2019:2858",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2858"
},
{
"name": "RHSA-2019:2937",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2937"
},
{
"name": "RHSA-2019:2935",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2935"
},
{
"name": "RHSA-2019:2936",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2936"
},
{
"name": "RHSA-2019:2938",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2938"
},
{
"name": "[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E"
},
{
"name": "RHSA-2019:3044",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3044"
},
{
"name": "RHSA-2019:3045",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3045"
},
{
"name": "RHSA-2019:3050",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3050"
},
{
"name": "RHSA-2019:3046",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3046"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "RHSA-2019:3149",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3149"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "RHSA-2019:3200",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"name": "RHSA-2019:3292",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3292"
},
{
"name": "RHSA-2019:3297",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3297"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "https://github.com/FasterXML/jackson-databind/issues/2341",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/issues/2341"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190625-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190625-0006/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12814",
"datePublished": "2019-06-19T13:24:44.000Z",
"dateReserved": "2019-06-13T00:00:00.000Z",
"dateUpdated": "2025-08-27T20:30:34.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-12814",
"date": "2026-06-04",
"epss": "0.18064",
"percentile": "0.95294"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-12814\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-06-19T14:15:10.897\",\"lastModified\":\"2025-08-27T21:15:34.630\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 un problema de tipificaci\u00f3n polim\u00f3rfica en FasterXML jackson-databind 2.x hasta la 2.9.9. Cuando la escritura predeterminada est\u00e1 habilitada (ya sea globalmente o para una propiedad espec\u00edfica) para un dispositivo remoto JSON expuesto externamente y el servicio cuenta con el JDOM 1.x or 2.x jar en el classpath, un atacante puede enviar un mensaje JSON espec\u00edficamente dise\u00f1ado que les permite leer archivos locales arbitrarios en el servidor.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.6.7.3\",\"matchCriteriaId\":\"7036DA13-110D-40B3-8494-E361BBF4AFCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.7.0\",\"versionEndExcluding\":\"2.7.9.6\",\"matchCriteriaId\":\"89660FC3-9198-414C-B89D-C61A4438BA3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.8.0\",\"versionEndExcluding\":\"2.8.11.4\",\"matchCriteriaId\":\"5DB8A2D4-0FDE-4216-896B-52824106B97B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.9.0\",\"versionEndExcluding\":\"2.9.9.2\",\"matchCriteriaId\":\"04641592-DAF4-47BB-A9DE-FC4C84A20401\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2858\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2935\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2936\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2937\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2938\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3044\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3045\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3046\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3050\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3149\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3200\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3292\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3297\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/2341\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731%40%3Cdev.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd%40%3Ccommits.accumulo.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20190625-0006/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2858\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2935\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2936\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2937\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2938\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3044\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3045\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3046\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3050\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3149\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3200\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3292\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3297\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/2341\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731%40%3Cdev.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd%40%3Ccommits.accumulo.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20190625-0006/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html\", \"name\": \"[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0%40%3Cnotifications.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957%40%3Cissues.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1%40%3Cissues.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731%40%3Cdev.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324%40%3Cnotifications.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4%40%3Cnotifications.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f%40%3Cissues.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2%40%3Cnotifications.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3%40%3Cissues.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c%40%3Cissues.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560%40%3Cissues.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209%40%3Cissues.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd%40%3Ccommits.accumulo.apache.org%3E\", \"name\": \"[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E\", \"name\": \"[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/\", \"name\": \"FEDORA-2019-99ff6aa32c\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E\", \"name\": \"[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to \u003e= 2.9.9.3 to address security vulnerabilities\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/\", \"name\": \"FEDORA-2019-ae6a703b8f\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/\", \"name\": \"FEDORA-2019-fb23eccc03\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2858\", \"name\": \"RHSA-2019:2858\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2937\", \"name\": \"RHSA-2019:2937\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2935\", \"name\": \"RHSA-2019:2935\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2936\", \"name\": \"RHSA-2019:2936\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2938\", \"name\": \"RHSA-2019:2938\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E\", \"name\": \"[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3044\", \"name\": \"RHSA-2019:3044\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3045\", \"name\": \"RHSA-2019:3045\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3050\", \"name\": \"RHSA-2019:3050\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3046\", \"name\": \"RHSA-2019:3046\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\", \"name\": \"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3149\", \"name\": \"RHSA-2019:3149\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\", \"name\": \"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\", \"name\": \"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3200\", \"name\": \"RHSA-2019:3200\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3292\", \"name\": \"RHSA-2019:3292\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3297\", \"name\": \"RHSA-2019:3297\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E\", \"name\": \"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E\", \"name\": \"[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2020.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/FasterXML/jackson-databind/issues/2341\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190625-0006/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T23:32:55.182Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2019-12814\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-27T20:29:53.410352Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"CWE-502 Deserialization of Untrusted Data\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-27T20:30:04.843Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html\", \"name\": \"[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0%40%3Cnotifications.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957%40%3Cissues.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1%40%3Cissues.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731%40%3Cdev.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324%40%3Cnotifications.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4%40%3Cnotifications.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f%40%3Cissues.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2%40%3Cnotifications.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3%40%3Cissues.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c%40%3Cissues.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560%40%3Cissues.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209%40%3Cissues.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd%40%3Ccommits.accumulo.apache.org%3E\", \"name\": \"[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E\", \"name\": \"[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/\", \"name\": \"FEDORA-2019-99ff6aa32c\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E\", \"name\": \"[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to \u003e= 2.9.9.3 to address security vulnerabilities\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/\", \"name\": \"FEDORA-2019-ae6a703b8f\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/\", \"name\": \"FEDORA-2019-fb23eccc03\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2858\", \"name\": \"RHSA-2019:2858\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2937\", \"name\": \"RHSA-2019:2937\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2935\", \"name\": \"RHSA-2019:2935\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2936\", \"name\": \"RHSA-2019:2936\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2938\", \"name\": \"RHSA-2019:2938\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E\", \"name\": \"[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3044\", \"name\": \"RHSA-2019:3044\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3045\", \"name\": \"RHSA-2019:3045\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3050\", \"name\": \"RHSA-2019:3050\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3046\", \"name\": \"RHSA-2019:3046\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\", \"name\": \"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3149\", \"name\": \"RHSA-2019:3149\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\", \"name\": \"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\", \"name\": \"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3200\", \"name\": \"RHSA-2019:3200\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3292\", \"name\": \"RHSA-2019:3292\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3297\", \"name\": \"RHSA-2019:3297\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E\", \"name\": \"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E\", \"name\": \"[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2020.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/FasterXML/jackson-databind/issues/2341\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190625-0006/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2020-10-20T21:14:57.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html\", \"name\": \"[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0@%3Cnotifications.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957@%3Cissues.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1@%3Cissues.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731@%3Cdev.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324@%3Cnotifications.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682@%3Cnotifications.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4@%3Cnotifications.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f@%3Cissues.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2@%3Cnotifications.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87@%3Cnotifications.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3@%3Cissues.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c@%3Cissues.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560@%3Cissues.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209@%3Cissues.zookeeper.apache.org%3E\", \"name\": \"[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd@%3Ccommits.accumulo.apache.org%3E\", \"name\": \"[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E\", \"name\": \"[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E\", \"name\": \"[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/\", \"name\": \"FEDORA-2019-99ff6aa32c\", \"refsource\": \"FEDORA\"}, {\"url\": \"https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E\", \"name\": \"[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to \u003e= 2.9.9.3 to address security vulnerabilities\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/\", \"name\": \"FEDORA-2019-ae6a703b8f\", \"refsource\": \"FEDORA\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/\", \"name\": \"FEDORA-2019-fb23eccc03\", \"refsource\": \"FEDORA\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2858\", \"name\": \"RHSA-2019:2858\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2937\", \"name\": \"RHSA-2019:2937\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2935\", \"name\": \"RHSA-2019:2935\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2936\", \"name\": \"RHSA-2019:2936\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2938\", \"name\": \"RHSA-2019:2938\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E\", \"name\": \"[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix\", \"refsource\": \"MLIST\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3044\", \"name\": \"RHSA-2019:3044\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3045\", \"name\": \"RHSA-2019:3045\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3050\", \"name\": \"RHSA-2019:3050\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3046\", \"name\": \"RHSA-2019:3046\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E\", \"name\": \"[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities\", \"refsource\": \"MLIST\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3149\", \"name\": \"RHSA-2019:3149\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E\", \"name\": \"[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E\", \"name\": \"[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities\", \"refsource\": \"MLIST\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3200\", \"name\": \"RHSA-2019:3200\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3292\", \"name\": \"RHSA-2019:3292\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3297\", \"name\": \"RHSA-2019:3297\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E\", \"name\": \"[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E\", \"name\": \"[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html\", \"refsource\": \"MLIST\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"name\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"name\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\", \"name\": \"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2020.html\", \"name\": \"https://www.oracle.com/security-alerts/cpujan2020.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://github.com/FasterXML/jackson-databind/issues/2341\", \"name\": \"https://github.com/FasterXML/jackson-databind/issues/2341\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190625-0006/\", \"name\": \"https://security.netapp.com/advisory/ntap-20190625-0006/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"name\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2019-12814\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2019-12814\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-27T20:30:34.890Z\", \"dateReserved\": \"2019-06-13T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2019-06-19T13:24:44.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Title
Уязвимость библиотеки Jackson-databind, связанная с отсутствием защиты служебных данных, позволяющая нарушителю читать произвольные файлы на сервере
Description
Уязвимость библиотеки Jackson-databind связана с отсутствием защиты служебных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, читать произвольные файлы на сервере в результате отправки специально созданного JSON-сообщения
Severity
Vendor
Canonical Ltd., Сообщество свободного программного обеспечения, Fedora Project, Red Hat Inc., Oracle Corp., FasterXML, LLC, АО «Концерн ВНИИНС»
Software Name
Ubuntu, Debian GNU/Linux, Fedora, Red Hat Enterprise Linux, Red Hat JBoss Fuse, Database Server, Clusterware, Jackson-databind, Retail Customer Management and Segmentation Foundation, NoSQL Database, Red Hat Process Automation Manager, Red Hat AMQ Streams, JBoss Enterprise Application Platform, Red Hat Single Sign-On, Red Hat Descision Manager, Red Hat JBoss EAP, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 29 (Fedora), 8 (Red Hat Enterprise Linux), 7 (Red Hat JBoss Fuse), 12.1.0.2 (Database Server), 12.2.0.1 (Database Server), 18c (Database Server), 19c (Database Server), 30 (Fedora), 12.1.0.2.0 (Clusterware), от 2.0.0 до 2.9.9 (Jackson-databind), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 31 (Fedora), 17.0 (Retail Customer Management and Segmentation Foundation), 19.0.0.0.0 (Clusterware), до 19.3.12 (NoSQL Database), 19.10 (Ubuntu), 7 (Red Hat Process Automation Manager), 6 (Red Hat JBoss Fuse), 1 (Red Hat AMQ Streams), 7.2 for RHEL 6 (JBoss Enterprise Application Platform), 7.2 for RHEL 7 (JBoss Enterprise Application Platform), 7.2 for RHEL 8 (JBoss Enterprise Application Platform), 7.3 (Red Hat Single Sign-On), 7 (Red Hat Descision Manager), 7.2 (Red Hat JBoss EAP), 20.04 (Ubuntu), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Использование рекомендаций:
Для Jackson-databind:
https://github.com/FasterXML/jackson-databind/issues/2341
Для программных продуктов Oracle:
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/
Для Debian:
https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html
Для программных продуктов Red Hat:
https://access.redhat.com/security/cve/CVE-2019-12814
Для Ubuntu:
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12814.html
Для Astra Linux:
Обновление программного обеспечения (пакета jackson-databind) до 2.8.6-1+deb9u8 или более поздней версии
Для ОС ОН «Стрелец»:
Обновление программного обеспечения jackson-databind до версии 2.8.6-1+deb9u10
Reference
https://www.oracle.com/technetwork/topics/security/public-vuln-to-advisory-mapping-093627.html
https://nvd.nist.gov/vuln/detail/CVE-2019-12814
https://github.com/FasterXML/jackson-databind/issues/2341
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
CWE
CWE-200, CWE-502
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Fedora Project, Red Hat Inc., Oracle Corp., FasterXML, LLC, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 29 (Fedora), 8 (Red Hat Enterprise Linux), 7 (Red Hat JBoss Fuse), 12.1.0.2 (Database Server), 12.2.0.1 (Database Server), 18c (Database Server), 19c (Database Server), 30 (Fedora), 12.1.0.2.0 (Clusterware), \u043e\u0442 2.0.0 \u0434\u043e 2.9.9 (Jackson-databind), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 31 (Fedora), 17.0 (Retail Customer Management and Segmentation Foundation), 19.0.0.0.0 (Clusterware), \u0434\u043e 19.3.12 (NoSQL Database), 19.10 (Ubuntu), 7 (Red Hat Process Automation Manager), 6 (Red Hat JBoss Fuse), 1 (Red Hat AMQ Streams), 7.2 for RHEL 6 (JBoss Enterprise Application Platform), 7.2 for RHEL 7 (JBoss Enterprise Application Platform), 7.2 for RHEL 8 (JBoss Enterprise Application Platform), 7.3 (Red Hat Single Sign-On), 7 (Red Hat Descision Manager), 7.2 (Red Hat JBoss EAP), 20.04 (Ubuntu), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Jackson-databind:\nhttps://github.com/FasterXML/jackson-databind/issues/2341\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle:\nhttps://www.oracle.com/security-alerts/cpujan2020.html\nhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\nhttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/\n\n\u0414\u043b\u044f Debian:\nhttps://lists.debian.org/debian-lts-announce/2019/06/msg00019.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat:\nhttps://access.redhat.com/security/cve/CVE-2019-12814\n\n\u0414\u043b\u044f Ubuntu:\nhttps://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12814.html\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 jackson-databind) \u0434\u043e 2.8.6-1+deb9u8 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f jackson-databind \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.8.6-1+deb9u10",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "19.06.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "25.11.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-04251",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-12814",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Debian GNU/Linux, Fedora, Red Hat Enterprise Linux, Red Hat JBoss Fuse, Database Server, Clusterware, Jackson-databind, Retail Customer Management and Segmentation Foundation, NoSQL Database, Red Hat Process Automation Manager, Red Hat AMQ Streams, JBoss Enterprise Application Platform, Red Hat Single Sign-On, Red Hat Descision Manager, Red Hat JBoss EAP, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 16.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , Fedora Project Fedora 29 , Red Hat Inc. Red Hat Enterprise Linux 8 , Fedora Project Fedora 30 , Oracle Corp. Clusterware 12.1.0.2.0 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Fedora Project Fedora 31 , Oracle Corp. Clusterware 19.0.0.0.0 , Canonical Ltd. Ubuntu 19.10 , Canonical Ltd. Ubuntu 20.04 , \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Jackson-databind, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0437\u0430\u0449\u0438\u0442\u044b \u0441\u043b\u0443\u0436\u0435\u0431\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0447\u0438\u0442\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200), \u0412\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u043e\u0432\u0435\u0440\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-502)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Jackson-databind \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0437\u0430\u0449\u0438\u0442\u044b \u0441\u043b\u0443\u0436\u0435\u0431\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0447\u0438\u0442\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e JSON-\u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.oracle.com/technetwork/topics/security/public-vuln-to-advisory-mapping-093627.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12814\nhttps://github.com/FasterXML/jackson-databind/issues/2341\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0423\u0411\u0414, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-200, CWE-502",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,1)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,9)"
}
CERTFR-2022-AVI-568
Vulnerability from certfr_avis - Published: 2022-06-17 - Updated: 2022-06-17
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5 sans le correctif de sécurité 7.5.0-QRADAR-PROTOCOL-ApacheKafka-7.5-20220429171113 | ||
| IBM | N/A | IBM Disconnected Log Collector versions 1.x antérieures à 1.7.3 | ||
| IBM | N/A | IBM Customer and Network Analytics for Communications Service Providers and Datasets (CNA) versions 10.0.0.x antérieures à 10.0.0.2 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.4 sans le correctif de sécurité 7.4.0-QRADAR-PROTOCOL-ApacheKafka-7.4-20220429171217 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.3 sans le correctif de sécurité 7.3.0-QRADAR-PROTOCOL-ApacheKafka-7.3-20220429171209 | ||
| IBM | N/A | IBM Rational Test Control Panel component in Rational Test Workbench toutes versions sans le correctif de sécurité Rational-RTCP-<product-name>-<product-version>-CVE-2022-22965-ifix | ||
| IBM | N/A | IBM Analytic Accelerator Framework for Communication Service Providers (AAF) versions 4.0.0.x antérieures à 4.0.0.2 | ||
| IBM | N/A | IBM Rational Test Control Panel component in Rational Test Virtualization Server toutes versions sans le correctif de sécurité Rational-RTCP-<product-name>-<product-version>-CVE-2022-22965-ifix |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM versions 7.5 sans le correctif de s\u00e9curit\u00e9 7.5.0-QRADAR-PROTOCOL-ApacheKafka-7.5-20220429171113",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Disconnected Log Collector versions 1.x ant\u00e9rieures \u00e0 1.7.3",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Customer and Network Analytics for Communications Service Providers and Datasets (CNA) versions 10.0.0.x ant\u00e9rieures \u00e0 10.0.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.4 sans le correctif de s\u00e9curit\u00e9 7.4.0-QRADAR-PROTOCOL-ApacheKafka-7.4-20220429171217",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.3 sans le correctif de s\u00e9curit\u00e9 7.3.0-QRADAR-PROTOCOL-ApacheKafka-7.3-20220429171209",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Rational Test Control Panel component in Rational Test Workbench toutes versions sans le correctif de s\u00e9curit\u00e9 Rational-RTCP-\u003cproduct-name\u003e-\u003cproduct-version\u003e-CVE-2022-22965-ifix",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Analytic Accelerator Framework for Communication Service Providers (AAF) versions 4.0.0.x ant\u00e9rieures \u00e0 4.0.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Rational Test Control Panel component in Rational Test Virtualization Server toutes versions sans le correctif de s\u00e9curit\u00e9 Rational-RTCP-\u003cproduct-name\u003e-\u003cproduct-version\u003e-CVE-2022-22965-ifix",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2014-0075",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0075"
},
{
"name": "CVE-2022-22965",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"
},
{
"name": "CVE-2012-5886",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5886"
},
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2016-6797",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6797"
},
{
"name": "CVE-2016-8735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8735"
},
{
"name": "CVE-2020-8022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8022"
},
{
"name": "CVE-2013-4286",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4286"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2012-5885",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5885"
},
{
"name": "CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"name": "CVE-2020-35728",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
},
{
"name": "CVE-2014-0119",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0119"
},
{
"name": "CVE-2013-4590",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4590"
},
{
"name": "CVE-2020-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2020-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
},
{
"name": "CVE-2020-24616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
},
{
"name": "CVE-2020-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
},
{
"name": "CVE-2019-17195",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17195"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2014-0227",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0227"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2016-0706",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0706"
},
{
"name": "CVE-2020-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
},
{
"name": "CVE-2020-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2021-45105",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2016-0714",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0714"
},
{
"name": "CVE-2012-4431",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4431"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2014-0230",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0230"
},
{
"name": "CVE-2020-11113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
},
{
"name": "CVE-2014-0099",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
},
{
"name": "CVE-2013-2185",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2185"
},
{
"name": "CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"name": "CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"name": "CVE-2020-10969",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
},
{
"name": "CVE-2016-6794",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6794"
},
{
"name": "CVE-2020-36187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
},
{
"name": "CVE-2015-5174",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5174"
},
{
"name": "CVE-2021-27568",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27568"
},
{
"name": "CVE-2013-2067",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2067"
},
{
"name": "CVE-2021-33813",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33813"
},
{
"name": "CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"name": "CVE-2020-24750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
},
{
"name": "CVE-2021-38153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38153"
},
{
"name": "CVE-2016-6816",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6816"
},
{
"name": "CVE-2018-17196",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17196"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2012-3546",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3546"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2020-14195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
},
{
"name": "CVE-2016-5018",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5018"
},
{
"name": "CVE-2018-10237",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
},
{
"name": "CVE-2019-12814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2013-4322",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4322"
},
{
"name": "CVE-2021-45046",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
},
{
"name": "CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"name": "CVE-2012-4534",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4534"
},
{
"name": "CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"name": "CVE-2020-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
},
{
"name": "CVE-2014-7810",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7810"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2016-0762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0762"
},
{
"name": "CVE-2020-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
},
{
"name": "CVE-2014-0033",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0033"
},
{
"name": "CVE-2020-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
},
{
"name": "CVE-2021-44228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"name": "CVE-2013-4444",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4444"
},
{
"name": "CVE-2012-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3544"
},
{
"name": "CVE-2012-5887",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5887"
},
{
"name": "CVE-2020-10968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
},
{
"name": "CVE-2017-5647",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5647"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2015-5345",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5345"
},
{
"name": "CVE-2020-11112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
},
{
"name": "CVE-2020-11111",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
},
{
"name": "CVE-2016-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5388"
},
{
"name": "CVE-2014-0096",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
},
{
"name": "CVE-2012-2733",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2733"
},
{
"name": "CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"name": "CVE-2020-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
},
{
"name": "CVE-2016-6796",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6796"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
}
],
"initial_release_date": "2022-06-17T00:00:00",
"last_revision_date": "2022-06-17T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-568",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-06-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595755 du 16 juin 2022",
"url": "https://www.ibm.com/support/pages/node/6595755"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595739 du 16 juin 2022",
"url": "https://www.ibm.com/support/pages/node/6595739"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595965 du 16 juin 2022",
"url": "https://www.ibm.com/support/pages/node/6595965"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595721 du 16 juin 2022",
"url": "https://www.ibm.com/support/pages/node/6595721"
}
]
}
CERTFR-2026-AVI-0500
Vulnerability from certfr_avis - Published: 2026-04-27 - Updated: 2026-04-27
De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu Greenplum Platform Extension Framework versions ant\u00e9rieures \u00e0 8.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Data Lake versions ant\u00e9rieures \u00e0 4.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2019-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2026-2229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
},
{
"name": "CVE-2018-19362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
},
{
"name": "CVE-2026-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
},
{
"name": "CVE-2026-22737",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22737"
},
{
"name": "CVE-2026-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3449"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2021-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
},
{
"name": "CVE-2026-22036",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22036"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2026-24098",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24098"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2026-24734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24734"
},
{
"name": "CVE-2021-0341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0341"
},
{
"name": "CVE-2025-66614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66614"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2025-56200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-56200"
},
{
"name": "CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"name": "CVE-2020-35728",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
},
{
"name": "CVE-2020-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
},
{
"name": "CVE-2026-1527",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1527"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2020-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
},
{
"name": "CVE-2020-24616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
},
{
"name": "CVE-2026-41239",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41239"
},
{
"name": "CVE-2020-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
},
{
"name": "CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"name": "CVE-2023-34610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34610"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2026-34486",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34486"
},
{
"name": "CVE-2026-1525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1525"
},
{
"name": "CVE-2018-1320",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1320"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2026-29145",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29145"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-49128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49128"
},
{
"name": "CVE-2020-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2020-10650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
},
{
"name": "CVE-2025-1647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1647"
},
{
"name": "CVE-2020-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
},
{
"name": "CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"name": "CVE-2025-7962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2019-20444",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2026-33870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
},
{
"name": "CVE-2023-34454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2020-13949",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
},
{
"name": "CVE-2023-33202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2023-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
},
{
"name": "CVE-2025-54550",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54550"
},
{
"name": "CVE-2025-54920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54920"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2023-34453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
},
{
"name": "CVE-2025-33042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33042"
},
{
"name": "CVE-2024-11831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2026-34500",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34500"
},
{
"name": "CVE-2025-9624",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9624"
},
{
"name": "CVE-2026-34043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34043"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2025-64718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
},
{
"name": "CVE-2020-11113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
},
{
"name": "CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"name": "CVE-2026-4800",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
},
{
"name": "CVE-2026-33671",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33671"
},
{
"name": "CVE-2026-33532",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33532"
},
{
"name": "CVE-2025-68470",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68470"
},
{
"name": "CVE-2025-67721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67721"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"name": "CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"name": "CVE-2026-33750",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33750"
},
{
"name": "CVE-2025-66236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66236"
},
{
"name": "CVE-2020-10969",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
},
{
"name": "CVE-2024-48910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48910"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-11143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
},
{
"name": "CVE-2026-34480",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34480"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2026-33228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
},
{
"name": "CVE-2025-12758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12758"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2020-36187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
},
{
"name": "CVE-2026-40175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
},
{
"name": "CVE-2024-57083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57083"
},
{
"name": "CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"name": "CVE-2024-23953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23953"
},
{
"name": "CVE-2026-29074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2023-34455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2026-41240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41240"
},
{
"name": "CVE-2026-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26960"
},
{
"name": "CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"name": "CVE-2024-53382",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
},
{
"name": "CVE-2018-12022",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2026-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
},
{
"name": "CVE-2021-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
},
{
"name": "CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"name": "CVE-2020-24750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
},
{
"name": "CVE-2025-27821",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27821"
},
{
"name": "CVE-2022-41404",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41404"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2026-22732",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22732"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2026-34487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34487"
},
{
"name": "CVE-2025-27555",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27555"
},
{
"name": "CVE-2025-65995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65995"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2021-43797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2026-2950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
},
{
"name": "CVE-2020-14195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
},
{
"name": "CVE-2018-10237",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
},
{
"name": "CVE-2019-12814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"name": "CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"name": "CVE-2024-6485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2025-68458",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68458"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"name": "CVE-2026-29786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29786"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2020-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
},
{
"name": "CVE-2026-25854",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25854"
},
{
"name": "CVE-2021-22573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22573"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2026-2332",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2332"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2026-1526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
},
{
"name": "CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"name": "CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2026-33672",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33672"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2020-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
},
{
"name": "CVE-2023-42503",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42503"
},
{
"name": "CVE-2024-56373",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56373"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2020-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2021-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2026-22735",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22735"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2026-24733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24733"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2025-68157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68157"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-8885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"name": "CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"name": "CVE-2020-10968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2025-68675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68675"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2026-34483",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34483"
},
{
"name": "CVE-2022-37599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
},
{
"name": "CVE-2026-32141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
},
{
"name": "CVE-2025-59419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59419"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2026-33816",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33816"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2026-25219",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25219"
},
{
"name": "CVE-2020-11112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
},
{
"name": "CVE-2020-11111",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
},
{
"name": "CVE-2026-31802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31802"
},
{
"name": "CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"name": "CVE-2025-22227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22227"
},
{
"name": "CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"name": "CVE-2026-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
},
{
"name": "CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"name": "CVE-2020-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2019-20445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
},
{
"name": "CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
}
],
"initial_release_date": "2026-04-27T00:00:00",
"last_revision_date": "2026-04-27T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0500",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
"vendor_advisories": [
{
"published_at": "2026-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37405",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37405"
},
{
"published_at": "2026-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37404",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37404"
}
]
}
CERTFR-2026-AVI-0556
Vulnerability from certfr_avis - Published: 2026-05-11 - Updated: 2026-05-11
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu | Tanzu RabbitMQ on Kubernetes versions 31.3.x antérieures à 3.13.15 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Streaming Server For Kubernetes versions antérieures à 1.3.0 | ||
| VMware | Tanzu | Tanzu Data Flow on Kubernetes versions antérieures à 2.1.0 | ||
| VMware | Tanzu | Tanzu RabbitMQ on Kubernetes versions 4.0.x antérieures à 4.0.20 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Backup and Restore versions antérieures à1.33.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Data Copy Utility versions antérieures à 2.9.3 | ||
| VMware | Tanzu | Tanzu for Valkey on Kubernetes versions antérieures à 3.3.4 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Command Center versions 6.17.x antérieures à 6.17.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum on Kubernetes versions antérieures à 1.1.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Platform Extension Framework versions antérieures à 8.0.0 | ||
| VMware | Tanzu | Tanzu RabbitMQ on Kubernetes versions 4.2.x antérieures à 4.2.6 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Text versions antérieures à 4.0.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Streaming Server versions antérieures à 2.3.0 | ||
| VMware | Tanzu | Tanzu RabbitMQ on Kubernetes versions 4.3.x antérieures à 4.3.0 | ||
| VMware | Tanzu | Tanzu for Valkey on Kubernetes versions antérieures à 3.4.0 | ||
| VMware | Tanzu Gemfire | Tanzu GemFire versions antérieures à 10.2.3 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Upgrade versions antérieures à 2.0.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplumversions antérieures à 7.8.0 | ||
| VMware | Tanzu Gemfire | Tanzu GemFire Vector Database versions antérieures à 1.2.2 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum versions antérieures à 6.33.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Command Center versions 7.7.x antérieures à 7.7.0 | ||
| VMware | Tanzu | Tanzu RabbitMQ on Kubernetes versions 4.1.x antérieures à 4.1.11 | ||
| VMware | Tanzu | Tanzu for MySQL on Kubernetes versions antérieures à 2.0.3 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu RabbitMQ on Kubernetes versions 31.3.x ant\u00e9rieures \u00e0 3.13.15",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Streaming Server For Kubernetes versions ant\u00e9rieures \u00e0 1.3.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Data Flow on Kubernetes versions ant\u00e9rieures \u00e0 2.1.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ on Kubernetes versions 4.0.x ant\u00e9rieures \u00e0 4.0.20",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Backup and Restore versions ant\u00e9rieures \u00e01.33.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Data Copy Utility versions ant\u00e9rieures \u00e0 2.9.3",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu for Valkey on Kubernetes versions ant\u00e9rieures \u00e0 3.3.4",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Command Center versions 6.17.x ant\u00e9rieures \u00e0 6.17.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum on Kubernetes versions ant\u00e9rieures \u00e0 1.1.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Platform Extension Framework versions ant\u00e9rieures \u00e0 8.0.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ on Kubernetes versions 4.2.x ant\u00e9rieures \u00e0 4.2.6",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Text versions ant\u00e9rieures \u00e0 4.0.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Streaming Server versions ant\u00e9rieures \u00e0 2.3.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ on Kubernetes versions 4.3.x ant\u00e9rieures \u00e0 4.3.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu for Valkey on Kubernetes versions ant\u00e9rieures \u00e0 3.4.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": " Tanzu GemFire versions ant\u00e9rieures \u00e0 10.2.3",
"product": {
"name": "Tanzu Gemfire",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Upgrade versions ant\u00e9rieures \u00e0 2.0.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplumversions ant\u00e9rieures \u00e0 7.8.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire Vector Database versions ant\u00e9rieures \u00e0 1.2.2",
"product": {
"name": "Tanzu Gemfire",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum versions ant\u00e9rieures \u00e0 6.33.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Command Center versions 7.7.x ant\u00e9rieures \u00e0 7.7.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ on Kubernetes versions 4.1.x ant\u00e9rieures \u00e0 4.1.11",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu for MySQL on Kubernetes versions ant\u00e9rieures \u00e0 2.0.3\n",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-8715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
},
{
"name": "CVE-2025-30681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
},
{
"name": "CVE-2018-19361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
},
{
"name": "CVE-2019-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
},
{
"name": "CVE-2025-69534",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69534"
},
{
"name": "CVE-2025-61730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
},
{
"name": "CVE-2026-27135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27135"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2025-3264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3264"
},
{
"name": "CVE-2018-19362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
},
{
"name": "CVE-2025-15282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15282"
},
{
"name": "CVE-2026-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
},
{
"name": "CVE-2026-22737",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22737"
},
{
"name": "CVE-2020-26939",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26939"
},
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2025-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53042"
},
{
"name": "CVE-2026-4878",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4878"
},
{
"name": "CVE-2026-35238",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35238"
},
{
"name": "CVE-2025-30689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
},
{
"name": "CVE-2026-27205",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27205"
},
{
"name": "CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"name": "CVE-2025-30715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2025-30682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
},
{
"name": "CVE-2026-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32990"
},
{
"name": "CVE-2022-30973",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30973"
},
{
"name": "CVE-2025-50102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50102"
},
{
"name": "CVE-2026-1669",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1669"
},
{
"name": "CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"name": "CVE-2021-27906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27906"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2026-34267",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34267"
},
{
"name": "CVE-2023-50386",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50386"
},
{
"name": "CVE-2026-21936",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21936"
},
{
"name": "CVE-2026-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21937"
},
{
"name": "CVE-2025-66614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66614"
},
{
"name": "CVE-2020-15250",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15250"
},
{
"name": "CVE-2016-1000341",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000341"
},
{
"name": "CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"name": "CVE-2025-50100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50100"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2020-13956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
},
{
"name": "CVE-2026-35239",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35239"
},
{
"name": "CVE-2026-3497",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3497"
},
{
"name": "CVE-2025-53062",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53062"
},
{
"name": "CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"name": "CVE-2026-32288",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32288"
},
{
"name": "CVE-2021-36373",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36373"
},
{
"name": "CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"name": "CVE-2020-35728",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
},
{
"name": "CVE-2026-0897",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0897"
},
{
"name": "CVE-2025-5197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5197"
},
{
"name": "CVE-2026-34271",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34271"
},
{
"name": "CVE-2019-10094",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10094"
},
{
"name": "CVE-2026-24308",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24308"
},
{
"name": "CVE-2025-11468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11468"
},
{
"name": "CVE-2025-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
},
{
"name": "CVE-2020-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2026-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3446"
},
{
"name": "CVE-2026-32875",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32875"
},
{
"name": "CVE-2020-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2016-1000343",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000343"
},
{
"name": "CVE-2020-24616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
},
{
"name": "CVE-2020-10683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
},
{
"name": "CVE-2022-24613",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24613"
},
{
"name": "CVE-2025-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50080"
},
{
"name": "CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"name": "CVE-2026-27456",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27456"
},
{
"name": "CVE-2026-22701",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22701"
},
{
"name": "CVE-2026-34270",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34270"
},
{
"name": "CVE-2026-34303",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34303"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2953"
},
{
"name": "CVE-2020-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
},
{
"name": "CVE-2025-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50078"
},
{
"name": "CVE-2025-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3933"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"name": "CVE-2018-8036",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8036"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2022-26612",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26612"
},
{
"name": "CVE-2022-36364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36364"
},
{
"name": "CVE-2026-27143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2025-30696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
},
{
"name": "CVE-2026-22009",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22009"
},
{
"name": "CVE-2018-1320",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1320"
},
{
"name": "CVE-2025-13837",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13837"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2026-29145",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29145"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-49128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49128"
},
{
"name": "CVE-2026-21998",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21998"
},
{
"name": "CVE-2019-17558",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17558"
},
{
"name": "CVE-2020-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
},
{
"name": "CVE-2026-35469",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35469"
},
{
"name": "CVE-2020-13955",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13955"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2020-10650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
},
{
"name": "CVE-2025-21584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
},
{
"name": "CVE-2025-66516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66516"
},
{
"name": "CVE-2025-15367",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15367"
},
{
"name": "CVE-2016-1000346",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000346"
},
{
"name": "CVE-2020-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2025-9820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
},
{
"name": "CVE-2026-2006",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2006"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2026-35236",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35236"
},
{
"name": "CVE-2026-33870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
},
{
"name": "CVE-2020-13936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
},
{
"name": "CVE-2025-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50085"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2021-35516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35516"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2018-19360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
},
{
"name": "CVE-2023-33202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2026-5121",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5121"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2026-35237",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35237"
},
{
"name": "CVE-2014-0114",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0114"
},
{
"name": "CVE-2026-33236",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33236"
},
{
"name": "CVE-2022-32287",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32287"
},
{
"name": "CVE-2026-2005",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2005"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2016-1000345",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000345"
},
{
"name": "CVE-2026-24051",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24051"
},
{
"name": "CVE-2022-39135",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39135"
},
{
"name": "CVE-2025-33042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33042"
},
{
"name": "CVE-2026-34073",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34073"
},
{
"name": "CVE-2026-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2026-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22017"
},
{
"name": "CVE-2022-26336",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26336"
},
{
"name": "CVE-2024-21244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21244"
},
{
"name": "CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"name": "CVE-2025-30683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
},
{
"name": "CVE-2025-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2018-1338",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1338"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2023-50298",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50298"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2021-29262",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29262"
},
{
"name": "CVE-2020-11113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
},
{
"name": "CVE-2024-21503",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21503"
},
{
"name": "CVE-2016-1000338",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000338"
},
{
"name": "CVE-2026-0861",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0861"
},
{
"name": "CVE-2026-1703",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1703"
},
{
"name": "CVE-2026-25645",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25645"
},
{
"name": "CVE-2026-21860",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21860"
},
{
"name": "CVE-2026-3479",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3479"
},
{
"name": "CVE-2024-52012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52012"
},
{
"name": "CVE-2021-35517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
},
{
"name": "CVE-2025-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50098"
},
{
"name": "CVE-2026-39883",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39883"
},
{
"name": "CVE-2026-4424",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4424"
},
{
"name": "CVE-2019-10088",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10088"
},
{
"name": "CVE-2025-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50086"
},
{
"name": "CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"name": "CVE-2026-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1839"
},
{
"name": "CVE-2026-27142",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
},
{
"name": "CVE-2026-34515",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34515"
},
{
"name": "CVE-2026-5598",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5598"
},
{
"name": "CVE-2026-34519",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34519"
},
{
"name": "CVE-2018-11797",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11797"
},
{
"name": "CVE-2026-22022",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22022"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2026-34304",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34304"
},
{
"name": "CVE-2025-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50082"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2025-50097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50097"
},
{
"name": "CVE-2026-30922",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-30922"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"name": "CVE-2024-21742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21742"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2025-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50084"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2025-50079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50079"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2021-37533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
},
{
"name": "CVE-2025-21574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
},
{
"name": "CVE-2018-8017",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8017"
},
{
"name": "CVE-2020-10969",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2026-21948",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21948"
},
{
"name": "CVE-2025-11143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2025-21580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
},
{
"name": "CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"name": "CVE-2025-53023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53023"
},
{
"name": "CVE-2025-21575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
},
{
"name": "CVE-2020-36187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2017-15691",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15691"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2025-21577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
},
{
"name": "CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"name": "CVE-2026-22002",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22002"
},
{
"name": "CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"name": "CVE-2026-34518",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34518"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2016-1000342",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000342"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2018-17197",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17197"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2025-62813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62813"
},
{
"name": "CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2026-34308",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34308"
},
{
"name": "CVE-2016-1000339",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000339"
},
{
"name": "CVE-2018-12022",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
},
{
"name": "CVE-2026-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3219"
},
{
"name": "CVE-2025-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50096"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2023-50291",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50291"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"name": "CVE-2025-21499",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21499"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2026-27199",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27199"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2020-1945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1945"
},
{
"name": "CVE-2025-30705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
},
{
"name": "CVE-2021-23926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23926"
},
{
"name": "CVE-2026-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21964"
},
{
"name": "CVE-2025-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
},
{
"name": "CVE-2025-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
},
{
"name": "CVE-2026-22731",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22731"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2025-68146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68146"
},
{
"name": "CVE-2020-24750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
},
{
"name": "CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2025-3730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3730"
},
{
"name": "CVE-2025-13836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2026-34525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34525"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2026-22732",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22732"
},
{
"name": "CVE-2025-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50077"
},
{
"name": "CVE-2020-9492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9492"
},
{
"name": "CVE-2025-54988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
},
{
"name": "CVE-2026-32274",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32274"
},
{
"name": "CVE-2026-40192",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40192"
},
{
"name": "CVE-2026-35240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35240"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2026-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22004"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2018-1324",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1324"
},
{
"name": "CVE-2025-10158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10158"
},
{
"name": "CVE-2025-50092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50092"
},
{
"name": "CVE-2025-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50099"
},
{
"name": "CVE-2026-22001",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22001"
},
{
"name": "CVE-2026-32874",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32874"
},
{
"name": "CVE-2025-3263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3263"
},
{
"name": "CVE-2025-12818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12818"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2026-4539",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4539"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2021-31812",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31812"
},
{
"name": "CVE-2026-4519",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4519"
},
{
"name": "CVE-2025-15366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15366"
},
{
"name": "CVE-2025-13462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13462"
},
{
"name": "CVE-2025-30684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
},
{
"name": "CVE-2026-32289",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32289"
},
{
"name": "CVE-2026-0865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0865"
},
{
"name": "CVE-2021-37404",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37404"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2025-66221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66221"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2025-6051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6051"
},
{
"name": "CVE-2026-4111",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4111"
},
{
"name": "CVE-2025-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50093"
},
{
"name": "CVE-2025-53069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53069"
},
{
"name": "CVE-2024-28085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
},
{
"name": "CVE-2025-66034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66034"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2020-14195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
},
{
"name": "CVE-2025-21579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
},
{
"name": "CVE-2018-10237",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
},
{
"name": "CVE-2019-12814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2025-53044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53044"
},
{
"name": "CVE-2026-3298",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3298"
},
{
"name": "CVE-2026-6100",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6100"
},
{
"name": "CVE-2026-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21968"
},
{
"name": "CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"name": "CVE-2025-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50087"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2024-21232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21232"
},
{
"name": "CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"name": "CVE-2024-9823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9823"
},
{
"name": "CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2026-4224",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4224"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2025-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
},
{
"name": "CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"name": "CVE-2019-12415",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12415"
},
{
"name": "CVE-2025-8869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8869"
},
{
"name": "CVE-2020-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
},
{
"name": "CVE-2026-25854",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25854"
},
{
"name": "CVE-2026-22015",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22015"
},
{
"name": "CVE-2025-12817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12817"
},
{
"name": "CVE-2021-22573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22573"
},
{
"name": "CVE-2026-23949",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23949"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2026-1519",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1519"
},
{
"name": "CVE-2026-2332",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2332"
},
{
"name": "CVE-2025-31672",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31672"
},
{
"name": "CVE-2018-11761",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11761"
},
{
"name": "CVE-2025-30721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2018-11771",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11771"
},
{
"name": "CVE-2025-50091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50091"
},
{
"name": "CVE-2018-1335",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1335"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2026-0915",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0915"
},
{
"name": "CVE-2025-15281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15281"
},
{
"name": "CVE-2025-21493",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21493"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2018-11762",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11762"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2026-22733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22733"
},
{
"name": "CVE-2026-2297",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2297"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2025-53054",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53054"
},
{
"name": "CVE-2020-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2026-22005",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22005"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2016-1000340",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000340"
},
{
"name": "CVE-2026-34516",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34516"
},
{
"name": "CVE-2026-1299",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1299"
},
{
"name": "CVE-2020-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
},
{
"name": "CVE-2018-12023",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12023"
},
{
"name": "CVE-2026-3644",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3644"
},
{
"name": "CVE-2026-27140",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27140"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"name": "CVE-2025-50104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50104"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2018-14720",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2026-29129",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29129"
},
{
"name": "CVE-2022-31159",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31159"
},
{
"name": "CVE-2026-22735",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22735"
},
{
"name": "CVE-2026-34517",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34517"
},
{
"name": "CVE-2025-30687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
},
{
"name": "CVE-2020-15522",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15522"
},
{
"name": "CVE-2025-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50101"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2018-1339",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1339"
},
{
"name": "CVE-2016-1000352",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000352"
},
{
"name": "CVE-2026-27139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27139"
},
{
"name": "CVE-2025-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4207"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2025-14009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14009"
},
{
"name": "CVE-2025-53040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53040"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"name": "CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"name": "CVE-2018-14721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"name": "CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"name": "CVE-2026-34278",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34278"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2026-34513",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34513"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2026-2003",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2003"
},
{
"name": "CVE-2025-30704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
},
{
"name": "CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"name": "CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"name": "CVE-2026-34514",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34514"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"name": "CVE-2025-53045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53045"
},
{
"name": "CVE-2019-10086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10086"
},
{
"name": "CVE-2020-10968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
},
{
"name": "CVE-2025-2099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2099"
},
{
"name": "CVE-2025-1194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1194"
},
{
"name": "CVE-2025-6638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6638"
},
{
"name": "CVE-2025-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
},
{
"name": "CVE-2025-14819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14819"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2026-4786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4786"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2026-27141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27141"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"name": "CVE-2016-1000344",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000344"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2017-3164",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3164"
},
{
"name": "CVE-2026-41066",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41066"
},
{
"name": "CVE-2026-34520",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34520"
},
{
"name": "CVE-2025-53053",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53053"
},
{
"name": "CVE-2025-59419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59419"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2026-24880",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24880"
},
{
"name": "CVE-2021-35515",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35515"
},
{
"name": "CVE-2026-33816",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33816"
},
{
"name": "CVE-2026-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2004"
},
{
"name": "CVE-2026-0672",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0672"
},
{
"name": "CVE-2017-7669",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7669"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2025-21581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
},
{
"name": "CVE-2017-8806",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8806"
},
{
"name": "CVE-2025-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
},
{
"name": "CVE-2019-0193",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0193"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2026-33231",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33231"
},
{
"name": "CVE-2022-30126",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30126"
},
{
"name": "CVE-2025-46392",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46392"
},
{
"name": "CVE-2020-11112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
},
{
"name": "CVE-2025-30685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
},
{
"name": "CVE-2018-1000180",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000180"
},
{
"name": "CVE-2025-6921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6921"
},
{
"name": "CVE-2025-30695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
},
{
"name": "CVE-2025-30688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
},
{
"name": "CVE-2023-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
},
{
"name": "CVE-2026-34276",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34276"
},
{
"name": "CVE-2022-24614",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24614"
},
{
"name": "CVE-2026-22815",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22815"
},
{
"name": "CVE-2020-13959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13959"
},
{
"name": "CVE-2025-24814",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24814"
},
{
"name": "CVE-2020-11111",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
},
{
"name": "CVE-2020-11979",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11979"
},
{
"name": "CVE-2025-67221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67221"
},
{
"name": "CVE-2024-21243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21243"
},
{
"name": "CVE-2026-33230",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33230"
},
{
"name": "CVE-2021-31811",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31811"
},
{
"name": "CVE-2021-27807",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27807"
},
{
"name": "CVE-2026-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
},
{
"name": "CVE-2026-24281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24281"
},
{
"name": "CVE-2026-1462",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1462"
},
{
"name": "CVE-2025-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50083"
},
{
"name": "CVE-2022-25168",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25168"
},
{
"name": "CVE-2026-34293",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34293"
},
{
"name": "CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"name": "CVE-2020-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2018-11802",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11802"
},
{
"name": "CVE-2025-3777",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3777"
},
{
"name": "CVE-2025-14831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14831"
},
{
"name": "CVE-2018-11796",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11796"
},
{
"name": "CVE-2020-13957",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13957"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"name": "CVE-2018-1000632",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000632"
},
{
"name": "CVE-2026-0846",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0846"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
},
{
"name": "CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
}
],
"initial_release_date": "2026-05-11T00:00:00",
"last_revision_date": "2026-05-11T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0556",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37451",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37451"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37445",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37445"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37460",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37460"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37449",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37449"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37450",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37450"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37466",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37466"
},
{
"published_at": "2026-05-08",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37468",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37468"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37444",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37444"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37461",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37461"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2016-11",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37459"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37446",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37446"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37465",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37465"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37448",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37448"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37447",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37447"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37463",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37463"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37452",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37452"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37462",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37462"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37464",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37464"
}
]
}
Title
FasterXML jackson-databind信息泄露漏洞(CNVD-2019-41724)
Description
FasterXML Jackson是美国FasterXML公司的一款适用于Java的数据处理工具。jackson-databind是其中的一个具有数据绑定功能的组件。
FasterXML jackson-databind存在信息泄露漏洞。攻击者可利用漏洞获取受影响组件敏感信息。
Severity
中
Patch Name
FasterXML jackson-databind信息泄露漏洞(CNVD-2019-41724)的补丁
Patch Description
FasterXML Jackson是美国FasterXML公司的一款适用于Java的数据处理工具。jackson-databind是其中的一个具有数据绑定功能的组件。
FasterXML jackson-databind存在信息泄露漏洞。攻击者可利用漏洞获取受影响组件敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://github.com/FasterXML/jackson-databind/issues/2341
Reference
https://security.netapp.com/advisory/ntap-20190625-0006/
Impacted products
| Name | FasterXML FasterXML jackson-databind >=2.*,<=2.9.9 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-12814",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-12814"
}
},
"description": "FasterXML Jackson\u662f\u7f8e\u56fdFasterXML\u516c\u53f8\u7684\u4e00\u6b3e\u9002\u7528\u4e8eJava\u7684\u6570\u636e\u5904\u7406\u5de5\u5177\u3002jackson-databind\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5177\u6709\u6570\u636e\u7ed1\u5b9a\u529f\u80fd\u7684\u7ec4\u4ef6\u3002\n\nFasterXML jackson-databind\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u53d7\u5f71\u54cd\u7ec4\u4ef6\u654f\u611f\u4fe1\u606f\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/FasterXML/jackson-databind/issues/2341",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-41724",
"openTime": "2019-11-20",
"patchDescription": "FasterXML Jackson\u662f\u7f8e\u56fdFasterXML\u516c\u53f8\u7684\u4e00\u6b3e\u9002\u7528\u4e8eJava\u7684\u6570\u636e\u5904\u7406\u5de5\u5177\u3002jackson-databind\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5177\u6709\u6570\u636e\u7ed1\u5b9a\u529f\u80fd\u7684\u7ec4\u4ef6\u3002\r\n\r\nFasterXML jackson-databind\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u53d7\u5f71\u54cd\u7ec4\u4ef6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "FasterXML jackson-databind\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2019-41724\uff09\u7684\u8865\u4e01",
"products": {
"product": "FasterXML FasterXML jackson-databind \u003e=2.*\uff0c\u003c=2.9.9"
},
"referenceLink": "https://security.netapp.com/advisory/ntap-20190625-0006/",
"serverity": "\u4e2d",
"submitTime": "2019-06-21",
"title": "FasterXML jackson-databind\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2019-41724\uff09"
}
FKIE_CVE-2019-12814
Vulnerability from fkie_nvd - Published: 2019-06-19 14:15 - Updated: 2025-08-27 21:15
Severity
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:2858 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:2935 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:2936 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:2937 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:2938 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3044 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3045 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3046 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3050 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3149 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3200 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3292 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3297 | Third Party Advisory | |
| cve@mitre.org | https://github.com/FasterXML/jackson-databind/issues/2341 | Third Party Advisory | |
| cve@mitre.org | https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731%40%3Cdev.zookeeper.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1%40%3Cissues.zookeeper.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0%40%3Cnotifications.zookeeper.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c%40%3Cissues.zookeeper.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560%40%3Cissues.zookeeper.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324%40%3Cnotifications.zookeeper.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3%40%3Cissues.zookeeper.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4%40%3Cnotifications.zookeeper.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f%40%3Cissues.zookeeper.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957%40%3Cissues.zookeeper.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209%40%3Cissues.zookeeper.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2%40%3Cnotifications.zookeeper.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd%40%3Ccommits.accumulo.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E | ||
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ | ||
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20190625-0006/ | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujan2020.html | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujul2020.html | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuoct2020.html | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2858 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2935 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2936 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2937 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2938 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3044 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3045 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3046 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3050 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3149 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3200 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3292 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3297 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FasterXML/jackson-databind/issues/2341 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731%40%3Cdev.zookeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1%40%3Cissues.zookeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0%40%3Cnotifications.zookeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c%40%3Cissues.zookeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560%40%3Cissues.zookeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324%40%3Cnotifications.zookeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3%40%3Cissues.zookeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4%40%3Cnotifications.zookeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f%40%3Cissues.zookeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957%40%3Cissues.zookeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209%40%3Cissues.zookeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2%40%3Cnotifications.zookeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd%40%3Ccommits.accumulo.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20190625-0006/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2020.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2020.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2020.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fasterxml | jackson-databind | * | |
| fasterxml | jackson-databind | * | |
| fasterxml | jackson-databind | * | |
| fasterxml | jackson-databind | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7036DA13-110D-40B3-8494-E361BBF4AFCD",
"versionEndExcluding": "2.6.7.3",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89660FC3-9198-414C-B89D-C61A4438BA3B",
"versionEndExcluding": "2.7.9.6",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB8A2D4-0FDE-4216-896B-52824106B97B",
"versionEndExcluding": "2.8.11.4",
"versionStartIncluding": "2.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04641592-DAF4-47BB-A9DE-FC4C84A20401",
"versionEndExcluding": "2.9.9.2",
"versionStartIncluding": "2.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema de tipificaci\u00f3n polim\u00f3rfica en FasterXML jackson-databind 2.x hasta la 2.9.9. Cuando la escritura predeterminada est\u00e1 habilitada (ya sea globalmente o para una propiedad espec\u00edfica) para un dispositivo remoto JSON expuesto externamente y el servicio cuenta con el JDOM 1.x or 2.x jar en el classpath, un atacante puede enviar un mensaje JSON espec\u00edficamente dise\u00f1ado que les permite leer archivos locales arbitrarios en el servidor."
}
],
"id": "CVE-2019-12814",
"lastModified": "2025-08-27T21:15:34.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2019-06-19T14:15:10.897",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2858"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2935"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2936"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2937"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2938"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3044"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3045"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3046"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3050"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3149"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3292"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3297"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2341"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd%40%3Ccommits.accumulo.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190625-0006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2938"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd%40%3Ccommits.accumulo.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190625-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-CMFG-87VQ-G5G4
Vulnerability from github – Published: 2019-07-17 15:26 – Updated: 2024-03-15 01:01
VLAI
Summary
Deserialization of untrusted data in FasterXML jackson-databind
Details
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.
Severity
5.9 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.fasterxml.jackson.core:jackson-databind"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.fasterxml.jackson.core:jackson-databind"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.11.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.fasterxml.jackson.core:jackson-databind"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.9.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.fasterxml.jackson.core:jackson-databind"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.6.7.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-12814"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": true,
"github_reviewed_at": "2019-07-17T14:51:50Z",
"nvd_published_at": "2019-06-19T14:15:10Z",
"severity": "MODERATE"
},
"details": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.",
"id": "GHSA-cmfg-87vq-g5g4",
"modified": "2024-03-15T01:01:07Z",
"published": "2019-07-17T15:26:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12814"
},
{
"type": "WEB",
"url": "https://github.com/FasterXML/jackson-databind/issues/2341"
},
{
"type": "WEB",
"url": "https://github.com/FasterXML/jackson-databind/commit/5f7c69bba07a7155adde130d9dee2e54a54f1fa5"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd@%3Ccommits.accumulo.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190625-0006"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2858"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2935"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2936"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2937"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2938"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3044"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3045"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3046"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3050"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3149"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3292"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3297"
},
{
"type": "PACKAGE",
"url": "https://github.com/FasterXML/jackson-databind"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731@%3Cdev.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Deserialization of untrusted data in FasterXML jackson-databind"
}
GSD-2019-12814
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-12814",
"description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.",
"id": "GSD-2019-12814",
"references": [
"https://www.suse.com/security/cve/CVE-2019-12814.html",
"https://access.redhat.com/errata/RHSA-2020:0983",
"https://access.redhat.com/errata/RHBA-2019:3416",
"https://access.redhat.com/errata/RHSA-2019:3297",
"https://access.redhat.com/errata/RHSA-2019:3292",
"https://access.redhat.com/errata/RHSA-2019:3200",
"https://access.redhat.com/errata/RHSA-2019:3149",
"https://access.redhat.com/errata/RHSA-2019:3050",
"https://access.redhat.com/errata/RHSA-2019:3046",
"https://access.redhat.com/errata/RHSA-2019:3045",
"https://access.redhat.com/errata/RHSA-2019:3044",
"https://access.redhat.com/errata/RHSA-2019:2938",
"https://access.redhat.com/errata/RHSA-2019:2937",
"https://access.redhat.com/errata/RHSA-2019:2936",
"https://access.redhat.com/errata/RHSA-2019:2935",
"https://access.redhat.com/errata/RHSA-2019:2858",
"https://access.redhat.com/errata/RHSA-2019:2804",
"https://advisories.mageia.org/CVE-2019-12814.html",
"https://ubuntu.com/security/CVE-2019-12814"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-12814"
],
"details": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.",
"id": "GSD-2019-12814",
"modified": "2023-12-13T01:23:43.569990Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html"
},
{
"name": "[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd@%3Ccommits.accumulo.apache.org%3E"
},
{
"name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E"
},
{
"name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E"
},
{
"name": "FEDORA-2019-99ff6aa32c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"
},
{
"name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to \u003e= 2.9.9.3 to address security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "FEDORA-2019-ae6a703b8f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
},
{
"name": "FEDORA-2019-fb23eccc03",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
},
{
"name": "RHSA-2019:2858",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2858"
},
{
"name": "RHSA-2019:2937",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2937"
},
{
"name": "RHSA-2019:2935",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2935"
},
{
"name": "RHSA-2019:2936",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2936"
},
{
"name": "RHSA-2019:2938",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2938"
},
{
"name": "[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E"
},
{
"name": "RHSA-2019:3044",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3044"
},
{
"name": "RHSA-2019:3045",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3045"
},
{
"name": "RHSA-2019:3050",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3050"
},
{
"name": "RHSA-2019:3046",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3046"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "RHSA-2019:3149",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3149"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "RHSA-2019:3200",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"name": "RHSA-2019:3292",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3292"
},
{
"name": "RHSA-2019:3297",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3297"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "https://github.com/FasterXML/jackson-databind/issues/2341",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/issues/2341"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190625-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190625-0006/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[2.7.0,2.7.9.5],[2.8.0,2.8.11.3],[2.9.0,2.9.9.1)",
"affected_versions": "All versions starting from 2.7.0 up to 2.7.9.5, all versions starting from 2.8.0 up to 2.8.11.3, all versions starting from 2.9.0 before 2.9.9.1",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-502",
"CWE-937"
],
"date": "2019-09-05",
"description": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.",
"fixed_versions": [
"2.7.9.6",
"2.8.11.4",
"2.9.9.1"
],
"identifier": "CVE-2019-12814",
"identifiers": [
"CVE-2019-12814"
],
"not_impacted": "All versions before 2.7.0, all versions after 2.7.9.5 before 2.8.0, all versions after 2.8.11.3 before 2.9.0, all versions starting from 2.9.9.1",
"package_slug": "maven/com.fasterxml.jackson.core/jackson-databind",
"pubdate": "2019-06-19",
"solution": "Upgrade to versions 2.7.9.6, 2.8.11.4, 2.9.9.1 or above.",
"title": "Information Disclosure",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2019-12814",
"https://github.com/FasterXML/jackson-databind/issues/2341",
"https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html"
],
"uuid": "64a8d8c4-3e77-4d6b-a195-f4e2f93d95fe"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.9.2",
"versionStartIncluding": "2.9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.7.9.6",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8.11.4",
"versionStartIncluding": "2.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.6.7.3",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12814"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/FasterXML/jackson-databind/issues/2341",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2341"
},
{
"name": "[debian-lts-announce] 20190621 [SECURITY] [DLA 1831-1] jackson-databind security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html"
},
{
"name": "[zookeeper-issues] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190623 [GitHub] [zookeeper] eolivelli opened a new pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190623 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20190623 [jira] [Created] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] phunt commented on a change in pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli closed pull request #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190624 [GitHub] [zookeeper] eolivelli commented on issue #1001: ZOOKEEPER-3441 OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190625-0006/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190625-0006/"
},
{
"name": "[zookeeper-issues] 20190708 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt opened a new pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20190710 [GitHub] [zookeeper] phunt closed pull request #1013: ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190712 [jira] [Resolved] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190712 [jira] [Assigned] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190712 [jira] [Commented] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190713 [jira] [Updated] (ZOOKEEPER-3441) OWASP is flagging jackson-databind-2.9.9.jar for CVE-2019-12814",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[accumulo-commits] 20190723 [accumulo] branch 2.0 updated: Fix CVE-2019-12814 Use jackson-databind 2.9.9.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd@%3Ccommits.accumulo.apache.org%3E"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E"
},
{
"name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E"
},
{
"name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E"
},
{
"name": "FEDORA-2019-99ff6aa32c",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"
},
{
"name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to \u003e= 2.9.9.3 to address security vulnerabilities",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "FEDORA-2019-ae6a703b8f",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
},
{
"name": "FEDORA-2019-fb23eccc03",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
},
{
"name": "RHSA-2019:2858",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2858"
},
{
"name": "RHSA-2019:2937",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2937"
},
{
"name": "RHSA-2019:2936",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2936"
},
{
"name": "RHSA-2019:2935",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2935"
},
{
"name": "RHSA-2019:2938",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2938"
},
{
"name": "[geode-notifications] 20191007 [GitHub] [geode] jmelchio commented on issue #4102: Fix for GEODE-7255: Pickup Jackson CVE fix",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E"
},
{
"name": "RHSA-2019:3046",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3046"
},
{
"name": "RHSA-2019:3045",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3045"
},
{
"name": "RHSA-2019:3044",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3044"
},
{
"name": "RHSA-2019:3050",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3050"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "RHSA-2019:3149",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3149"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "RHSA-2019:3292",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3292"
},
{
"name": "RHSA-2019:3297",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3297"
},
{
"name": "RHSA-2019:3200",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3200"
},
{
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-09-13T14:15Z",
"publishedDate": "2019-06-19T14:15Z"
}
}
}
OPENSUSE-SU-2024:10868-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
jackson-databind-2.10.5.1-2.2 on GA media
Severity
Moderate
Notes
Title of the patch: jackson-databind-2.10.5.1-2.2 on GA media
Description of the patch: These are all security issues fixed in the jackson-databind-2.10.5.1-2.2 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10868
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
10 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.1 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.8 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.3 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
59 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2018-11307/ | self |
| https://www.suse.com/security/cve/CVE-2018-12022/ | self |
| https://www.suse.com/security/cve/CVE-2018-12023/ | self |
| https://www.suse.com/security/cve/CVE-2018-14718/ | self |
| https://www.suse.com/security/cve/CVE-2018-14721/ | self |
| https://www.suse.com/security/cve/CVE-2018-19360/ | self |
| https://www.suse.com/security/cve/CVE-2018-19361/ | self |
| https://www.suse.com/security/cve/CVE-2018-7489/ | self |
| https://www.suse.com/security/cve/CVE-2019-12086/ | self |
| https://www.suse.com/security/cve/CVE-2019-12384/ | self |
| https://www.suse.com/security/cve/CVE-2019-12814/ | self |
| https://www.suse.com/security/cve/CVE-2019-14379/ | self |
| https://www.suse.com/security/cve/CVE-2019-14439/ | self |
| https://www.suse.com/security/cve/CVE-2019-14540/ | self |
| https://www.suse.com/security/cve/CVE-2019-14893/ | self |
| https://www.suse.com/security/cve/CVE-2019-16942/ | self |
| https://www.suse.com/security/cve/CVE-2019-17267/ | self |
| https://www.suse.com/security/cve/CVE-2019-17531/ | self |
| https://www.suse.com/security/cve/CVE-2019-20330/ | self |
| https://www.suse.com/security/cve/CVE-2020-25649/ | self |
| https://www.suse.com/security/cve/CVE-2020-35728/ | self |
| https://www.suse.com/security/cve/CVE-2021-20190/ | self |
| https://www.suse.com/security/cve/CVE-2018-11307 | external |
| https://www.suse.com/security/cve/CVE-2018-12022 | external |
| https://www.suse.com/security/cve/CVE-2018-12023 | external |
| https://www.suse.com/security/cve/CVE-2018-14718 | external |
| https://www.suse.com/security/cve/CVE-2018-14721 | external |
| https://www.suse.com/security/cve/CVE-2018-19360 | external |
| https://www.suse.com/security/cve/CVE-2018-19361 | external |
| https://www.suse.com/security/cve/CVE-2018-7489 | external |
| https://bugzilla.suse.com/1202327 | external |
| https://www.suse.com/security/cve/CVE-2019-12086 | external |
| https://bugzilla.suse.com/1202327 | external |
| https://www.suse.com/security/cve/CVE-2019-12384 | external |
| https://www.suse.com/security/cve/CVE-2019-12814 | external |
| https://www.suse.com/security/cve/CVE-2019-14379 | external |
| https://bugzilla.suse.com/1165035 | external |
| https://www.suse.com/security/cve/CVE-2019-14439 | external |
| https://bugzilla.suse.com/1165034 | external |
| https://www.suse.com/security/cve/CVE-2019-14540 | external |
| https://bugzilla.suse.com/1165038 | external |
| https://bugzilla.suse.com/1165039 | external |
| https://www.suse.com/security/cve/CVE-2019-14893 | external |
| https://bugzilla.suse.com/1157186 | external |
| https://www.suse.com/security/cve/CVE-2019-16942 | external |
| https://bugzilla.suse.com/1165041 | external |
| https://www.suse.com/security/cve/CVE-2019-17267 | external |
| https://bugzilla.suse.com/1165044 | external |
| https://www.suse.com/security/cve/CVE-2019-17531 | external |
| https://www.suse.com/security/cve/CVE-2019-20330 | external |
| https://bugzilla.suse.com/1160113 | external |
| https://www.suse.com/security/cve/CVE-2020-25649 | external |
| https://bugzilla.suse.com/1177616 | external |
| https://www.suse.com/security/cve/CVE-2020-35728 | external |
| https://bugzilla.suse.com/1180391 | external |
| https://www.suse.com/security/cve/CVE-2021-20190 | external |
| https://bugzilla.suse.com/1181118 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "jackson-databind-2.10.5.1-2.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the jackson-databind-2.10.5.1-2.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10868",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10868-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-11307 page",
"url": "https://www.suse.com/security/cve/CVE-2018-11307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12022 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12022/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12023 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12023/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14718 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14721 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19360 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19360/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19361 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19361/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7489 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12086 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12384 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12384/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12814 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14379 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14379/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14439 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14439/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14540 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14540/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14893 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16942 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16942/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17267 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17267/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17531 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17531/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-20330 page",
"url": "https://www.suse.com/security/cve/CVE-2019-20330/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25649 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25649/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35728 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20190 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20190/"
}
],
"title": "jackson-databind-2.10.5.1-2.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10868-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jackson-databind-2.10.5.1-2.2.aarch64",
"product": {
"name": "jackson-databind-2.10.5.1-2.2.aarch64",
"product_id": "jackson-databind-2.10.5.1-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"product": {
"name": "jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"product_id": "jackson-databind-javadoc-2.10.5.1-2.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "jackson-databind-2.10.5.1-2.2.ppc64le",
"product": {
"name": "jackson-databind-2.10.5.1-2.2.ppc64le",
"product_id": "jackson-databind-2.10.5.1-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"product": {
"name": "jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"product_id": "jackson-databind-javadoc-2.10.5.1-2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "jackson-databind-2.10.5.1-2.2.s390x",
"product": {
"name": "jackson-databind-2.10.5.1-2.2.s390x",
"product_id": "jackson-databind-2.10.5.1-2.2.s390x"
}
},
{
"category": "product_version",
"name": "jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"product": {
"name": "jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"product_id": "jackson-databind-javadoc-2.10.5.1-2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "jackson-databind-2.10.5.1-2.2.x86_64",
"product": {
"name": "jackson-databind-2.10.5.1-2.2.x86_64",
"product_id": "jackson-databind-2.10.5.1-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "jackson-databind-javadoc-2.10.5.1-2.2.x86_64",
"product": {
"name": "jackson-databind-javadoc-2.10.5.1-2.2.x86_64",
"product_id": "jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.10.5.1-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64"
},
"product_reference": "jackson-databind-2.10.5.1-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.10.5.1-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le"
},
"product_reference": "jackson-databind-2.10.5.1-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.10.5.1-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x"
},
"product_reference": "jackson-databind-2.10.5.1-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.10.5.1-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64"
},
"product_reference": "jackson-databind-2.10.5.1-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-javadoc-2.10.5.1-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64"
},
"product_reference": "jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-javadoc-2.10.5.1-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le"
},
"product_reference": "jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-javadoc-2.10.5.1-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x"
},
"product_reference": "jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-javadoc-2.10.5.1-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
},
"product_reference": "jackson-databind-javadoc-2.10.5.1-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-11307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-11307"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-11307",
"url": "https://www.suse.com/security/cve/CVE-2018-11307"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-11307"
},
{
"cve": "CVE-2018-12022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12022"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12022",
"url": "https://www.suse.com/security/cve/CVE-2018-12022"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12022"
},
{
"cve": "CVE-2018-12023",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12023"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12023",
"url": "https://www.suse.com/security/cve/CVE-2018-12023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12023"
},
{
"cve": "CVE-2018-14718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14718"
}
],
"notes": [
{
"category": "general",
"text": "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14718",
"url": "https://www.suse.com/security/cve/CVE-2018-14718"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-14718"
},
{
"cve": "CVE-2018-14721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14721"
}
],
"notes": [
{
"category": "general",
"text": "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14721",
"url": "https://www.suse.com/security/cve/CVE-2018-14721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-14721"
},
{
"cve": "CVE-2018-19360",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19360"
}
],
"notes": [
{
"category": "general",
"text": "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19360",
"url": "https://www.suse.com/security/cve/CVE-2018-19360"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-19360"
},
{
"cve": "CVE-2018-19361",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19361"
}
],
"notes": [
{
"category": "general",
"text": "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19361",
"url": "https://www.suse.com/security/cve/CVE-2018-19361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-19361"
},
{
"cve": "CVE-2018-7489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7489"
}
],
"notes": [
{
"category": "general",
"text": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7489",
"url": "https://www.suse.com/security/cve/CVE-2018-7489"
},
{
"category": "external",
"summary": "SUSE Bug 1202327 for CVE-2018-7489",
"url": "https://bugzilla.suse.com/1202327"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-7489"
},
{
"cve": "CVE-2019-12086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12086"
}
],
"notes": [
{
"category": "general",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12086",
"url": "https://www.suse.com/security/cve/CVE-2019-12086"
},
{
"category": "external",
"summary": "SUSE Bug 1202327 for CVE-2019-12086",
"url": "https://bugzilla.suse.com/1202327"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-12086"
},
{
"cve": "CVE-2019-12384",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12384"
}
],
"notes": [
{
"category": "general",
"text": "FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12384",
"url": "https://www.suse.com/security/cve/CVE-2019-12384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-12384"
},
{
"cve": "CVE-2019-12814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12814"
}
],
"notes": [
{
"category": "general",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12814",
"url": "https://www.suse.com/security/cve/CVE-2019-12814"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-12814"
},
{
"cve": "CVE-2019-14379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14379"
}
],
"notes": [
{
"category": "general",
"text": "SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14379",
"url": "https://www.suse.com/security/cve/CVE-2019-14379"
},
{
"category": "external",
"summary": "SUSE Bug 1165035 for CVE-2019-14379",
"url": "https://bugzilla.suse.com/1165035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-14379"
},
{
"cve": "CVE-2019-14439",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14439"
}
],
"notes": [
{
"category": "general",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14439",
"url": "https://www.suse.com/security/cve/CVE-2019-14439"
},
{
"category": "external",
"summary": "SUSE Bug 1165034 for CVE-2019-14439",
"url": "https://bugzilla.suse.com/1165034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-14439"
},
{
"cve": "CVE-2019-14540",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14540"
}
],
"notes": [
{
"category": "general",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14540",
"url": "https://www.suse.com/security/cve/CVE-2019-14540"
},
{
"category": "external",
"summary": "SUSE Bug 1165038 for CVE-2019-14540",
"url": "https://bugzilla.suse.com/1165038"
},
{
"category": "external",
"summary": "SUSE Bug 1165039 for CVE-2019-14540",
"url": "https://bugzilla.suse.com/1165039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-14540"
},
{
"cve": "CVE-2019-14893",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14893"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14893",
"url": "https://www.suse.com/security/cve/CVE-2019-14893"
},
{
"category": "external",
"summary": "SUSE Bug 1157186 for CVE-2019-14893",
"url": "https://bugzilla.suse.com/1157186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-14893"
},
{
"cve": "CVE-2019-16942",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16942"
}
],
"notes": [
{
"category": "general",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16942",
"url": "https://www.suse.com/security/cve/CVE-2019-16942"
},
{
"category": "external",
"summary": "SUSE Bug 1165041 for CVE-2019-16942",
"url": "https://bugzilla.suse.com/1165041"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-16942"
},
{
"cve": "CVE-2019-17267",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17267"
}
],
"notes": [
{
"category": "general",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17267",
"url": "https://www.suse.com/security/cve/CVE-2019-17267"
},
{
"category": "external",
"summary": "SUSE Bug 1165044 for CVE-2019-17267",
"url": "https://bugzilla.suse.com/1165044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17267"
},
{
"cve": "CVE-2019-17531",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17531"
}
],
"notes": [
{
"category": "general",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17531",
"url": "https://www.suse.com/security/cve/CVE-2019-17531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-17531"
},
{
"cve": "CVE-2019-20330",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-20330"
}
],
"notes": [
{
"category": "general",
"text": "FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-20330",
"url": "https://www.suse.com/security/cve/CVE-2019-20330"
},
{
"category": "external",
"summary": "SUSE Bug 1160113 for CVE-2019-20330",
"url": "https://bugzilla.suse.com/1160113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-20330"
},
{
"cve": "CVE-2020-25649",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25649"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25649",
"url": "https://www.suse.com/security/cve/CVE-2020-25649"
},
{
"category": "external",
"summary": "SUSE Bug 1177616 for CVE-2020-25649",
"url": "https://bugzilla.suse.com/1177616"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-25649"
},
{
"cve": "CVE-2020-35728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35728"
}
],
"notes": [
{
"category": "general",
"text": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35728",
"url": "https://www.suse.com/security/cve/CVE-2020-35728"
},
{
"category": "external",
"summary": "SUSE Bug 1180391 for CVE-2020-35728",
"url": "https://bugzilla.suse.com/1180391"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-35728"
},
{
"cve": "CVE-2021-20190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20190"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20190",
"url": "https://www.suse.com/security/cve/CVE-2021-20190"
},
{
"category": "external",
"summary": "SUSE Bug 1181118 for CVE-2021-20190",
"url": "https://bugzilla.suse.com/1181118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-20190"
}
]
}
RHBA-2019:3416
Vulnerability from csaf_redhat - Published: 2019-11-05 21:19 - Updated: 2026-05-14 18:25Summary
Red Hat Bug Fix Advisory: pki-core:10.6 and pki-deps:10:6 bug fix and enhancement update
Severity
Moderate
Notes
Topic: An update for the pki-core:10.6 and pki-deps:10:6 modules is now available for Red Hat Enterprise Linux 8.
Details: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the mysql gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to read arbitrary local files
7.5 (High)
Affected products
Fixed
126 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.1.0:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.src::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.src::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:ldapjdk-javadoc-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-base-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-base-java-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-ca-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-core-0:10.7.3-1.module+el8.1.0+3964+500fc130.src::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-kra-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-server-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-servlet-4.0-api-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python3-pki-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.src::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A new polymorphic typing flaw was discovered in FasterXML jackson-databind, versions 2.x through 2.9.9. With default typing enabled, an attacker can send a specifically crafted JSON message to the server that allows them to read arbitrary local files.
7.5 (High)
Affected products
Fixed
126 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.1.0:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.src::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.src::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:ldapjdk-javadoc-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-base-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-base-java-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-ca-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-core-0:10.7.3-1.module+el8.1.0+3964+500fc130.src::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-kra-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-server-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-servlet-4.0-api-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:python3-pki-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.src::pki-core:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.1.0:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
20 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHBA-2019:3416 | self |
| https://access.redhat.com/documentation/en-us/red… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1666859 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1666921 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1673296 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1679480 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1695302 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1696849 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1698059 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1715950 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1721135 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2019-12086 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1713468 | external |
| https://www.cve.org/CVERecord?id=CVE-2019-12086 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2019-12086 | external |
| https://access.redhat.com/security/cve/CVE-2019-12814 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1725795 | external |
| https://www.cve.org/CVERecord?id=CVE-2019-12814 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2019-12814 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the pki-core:10.6 and pki-deps:10:6 modules is now available for Red Hat Enterprise Linux 8.",
"title": "Topic"
},
{
"category": "general",
"text": "For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2019:3416",
"url": "https://access.redhat.com/errata/RHBA-2019:3416"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/"
},
{
"category": "external",
"summary": "1666859",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666859"
},
{
"category": "external",
"summary": "1666921",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666921"
},
{
"category": "external",
"summary": "1673296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1673296"
},
{
"category": "external",
"summary": "1679480",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1679480"
},
{
"category": "external",
"summary": "1695302",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695302"
},
{
"category": "external",
"summary": "1696849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1696849"
},
{
"category": "external",
"summary": "1698059",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1698059"
},
{
"category": "external",
"summary": "1715950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1715950"
},
{
"category": "external",
"summary": "1721135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1721135"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhba-2019_3416.json"
}
],
"title": "Red Hat Bug Fix Advisory: pki-core:10.6 and pki-deps:10:6 bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-05-14T18:25:09+00:00",
"generator": {
"date": "2026-05-14T18:25:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHBA-2019:3416",
"initial_release_date": "2019-11-05T21:19:17+00:00",
"revision_history": [
{
"date": "2019-11-05T21:19:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-11-05T21:19:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T18:25:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-collections@3.2.2-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-lang@2.6-21.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bea-stax-api@1.2.0-16.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-fastinfoset@1.2.13-9.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-api@2.2.12-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-core@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-runtime@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-txw2@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"product": {
"name": "jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch (pki-deps:10.6)",
"product_id": "jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-annotations@2.9.9-1.module%2Bel8.1.0%2B3832%2B9784644d?arch=noarch\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"product": {
"name": "jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch (pki-deps:10.6)",
"product_id": "jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-core@2.9.9-1.module%2Bel8.1.0%2B3832%2B9784644d?arch=noarch\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"product": {
"name": "jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.noarch (pki-deps:10.6)",
"product_id": "jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-databind@2.9.9.2-1.module%2Bel8.1.0%2B3832%2B9784644d?arch=noarch\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"product": {
"name": "jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch (pki-deps:10.6)",
"product_id": "jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-json-provider@2.9.9-1.module%2Bel8.1.0%2B3832%2B9784644d?arch=noarch\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"product": {
"name": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch (pki-deps:10.6)",
"product_id": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-providers@2.9.9-1.module%2Bel8.1.0%2B3832%2B9784644d?arch=noarch\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-module-jaxb-annotations@2.7.6-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-28.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/javassist@3.18.1-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/javassist-javadoc@3.18.1-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-4.0-api-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "pki-servlet-4.0-api-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "pki-servlet-4.0-api-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-4.0-api@9.0.7-16.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.7-16.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/relaxngDatatype@2011.1-7.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resteasy@3.0.26-3.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slf4j@1.7.25-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slf4j-jdk14@1.7.25-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/stax-ex@1.7.7-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/velocity@1.7-24.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xalan-j2@2.7.1-38.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.11.0-34.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-apis@1.4.01-25.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-resolver@1.2-26.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlstreambuffer@1.5.4-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6)",
"product_id": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xsom@0-19.20110809svn.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=noarch\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"product": {
"name": "ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch (pki-core:10.6)",
"product_id": "ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ldapjdk@4.21.0-1.module%2Bel8.1.0%2B3370%2B6d076660?arch=noarch\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "ldapjdk-javadoc-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"product": {
"name": "ldapjdk-javadoc-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch (pki-core:10.6)",
"product_id": "ldapjdk-javadoc-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ldapjdk-javadoc@4.21.0-1.module%2Bel8.1.0%2B3370%2B6d076660?arch=noarch\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-base-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"product": {
"name": "pki-base-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch (pki-core:10.6)",
"product_id": "pki-base-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-base@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=noarch\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-base-java-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"product": {
"name": "pki-base-java-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch (pki-core:10.6)",
"product_id": "pki-base-java-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-base-java@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=noarch\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-ca-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"product": {
"name": "pki-ca-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch (pki-core:10.6)",
"product_id": "pki-ca-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-ca@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=noarch\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-kra-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"product": {
"name": "pki-kra-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch (pki-core:10.6)",
"product_id": "pki-kra-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-kra@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=noarch\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-server-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"product": {
"name": "pki-server-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch (pki-core:10.6)",
"product_id": "pki-server-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-server@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=noarch\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "python3-pki-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"product": {
"name": "python3-pki-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch (pki-core:10.6)",
"product_id": "python3-pki-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pki@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=noarch\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"product": {
"name": "tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.noarch (pki-core:10.6)",
"product_id": "tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcatjss@7.4.1-1.module%2Bel8.1.0%2B3370%2B6d076660?arch=noarch\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-collections@3.2.2-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-lang@2.6-21.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bea-stax@1.2.0-16.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-fastinfoset@1.2.13-9.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb@2.2.11-11.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/glassfish-jaxb-api@2.2.12-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"product": {
"name": "jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.src (pki-deps:10.6)",
"product_id": "jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-annotations@2.9.9-1.module%2Bel8.1.0%2B3832%2B9784644d?arch=src\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"product": {
"name": "jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.src (pki-deps:10.6)",
"product_id": "jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-core@2.9.9-1.module%2Bel8.1.0%2B3832%2B9784644d?arch=src\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"product": {
"name": "jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.src (pki-deps:10.6)",
"product_id": "jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-databind@2.9.9.2-1.module%2Bel8.1.0%2B3832%2B9784644d?arch=src\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"product": {
"name": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src (pki-deps:10.6)",
"product_id": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-providers@2.9.9-1.module%2Bel8.1.0%2B3832%2B9784644d?arch=src\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-module-jaxb-annotations@2.7.6-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-httpclient@3.1-28.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/javassist@3.18.1-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-servlet-engine@9.0.7-16.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026epoch=1\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/relaxngDatatype@2011.1-7.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resteasy@3.0.26-3.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/slf4j@1.7.25-4.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/stax-ex@1.7.7-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/velocity@1.7-24.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xalan-j2@2.7.1-38.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.11.0-34.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-apis@1.4.01-25.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-resolver@1.2-26.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlstreambuffer@1.5.4-8.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6)",
"product_id": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xsom@0-19.20110809svn.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=src\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.src::pki-core:10.6",
"product": {
"name": "jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.src (pki-core:10.6)",
"product_id": "jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.src::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss@4.6.0-5.module%2Bel8.1.0%2B4218%2B3fd65c36?arch=src\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.src::pki-core:10.6",
"product": {
"name": "ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.src (pki-core:10.6)",
"product_id": "ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.src::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ldapjdk@4.21.0-1.module%2Bel8.1.0%2B3370%2B6d076660?arch=src\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-core-0:10.7.3-1.module+el8.1.0+3964+500fc130.src::pki-core:10.6",
"product": {
"name": "pki-core-0:10.7.3-1.module+el8.1.0+3964+500fc130.src (pki-core:10.6)",
"product_id": "pki-core-0:10.7.3-1.module+el8.1.0+3964+500fc130.src::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=src\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.src::pki-core:10.6",
"product": {
"name": "tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.src (pki-core:10.6)",
"product_id": "tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.src::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcatjss@7.4.1-1.module%2Bel8.1.0%2B3370%2B6d076660?arch=src\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6)",
"product_id": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-debugsource@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6)",
"product_id": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-doc@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6)",
"product_id": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6)",
"product_id": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss-debuginfo@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=x86_64\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"product": {
"name": "jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64 (pki-core:10.6)",
"product_id": "jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss@4.6.0-5.module%2Bel8.1.0%2B4218%2B3fd65c36?arch=x86_64\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"product": {
"name": "jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64 (pki-core:10.6)",
"product_id": "jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debuginfo@4.6.0-5.module%2Bel8.1.0%2B4218%2B3fd65c36?arch=x86_64\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"product": {
"name": "jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64 (pki-core:10.6)",
"product_id": "jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debugsource@4.6.0-5.module%2Bel8.1.0%2B4218%2B3fd65c36?arch=x86_64\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"product": {
"name": "jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64 (pki-core:10.6)",
"product_id": "jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-javadoc@4.6.0-5.module%2Bel8.1.0%2B4218%2B3fd65c36?arch=x86_64\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"product": {
"name": "pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64 (pki-core:10.6)",
"product_id": "pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debuginfo@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=x86_64\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"product": {
"name": "pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64 (pki-core:10.6)",
"product_id": "pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debugsource@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=x86_64\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"product": {
"name": "pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64 (pki-core:10.6)",
"product_id": "pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=x86_64\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"product": {
"name": "pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64 (pki-core:10.6)",
"product_id": "pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey-debuginfo@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=x86_64\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"product": {
"name": "pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64 (pki-core:10.6)",
"product_id": "pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=x86_64\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"product": {
"name": "pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64 (pki-core:10.6)",
"product_id": "pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools-debuginfo@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=x86_64\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"product": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x (pki-deps:10.6)",
"product_id": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-debugsource@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=s390x\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"product": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x (pki-deps:10.6)",
"product_id": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-doc@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=s390x\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"product": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x (pki-deps:10.6)",
"product_id": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=s390x\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"product": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x (pki-deps:10.6)",
"product_id": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss-debuginfo@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=s390x\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"product": {
"name": "jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x (pki-core:10.6)",
"product_id": "jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss@4.6.0-5.module%2Bel8.1.0%2B4218%2B3fd65c36?arch=s390x\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"product": {
"name": "jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x (pki-core:10.6)",
"product_id": "jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debuginfo@4.6.0-5.module%2Bel8.1.0%2B4218%2B3fd65c36?arch=s390x\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"product": {
"name": "jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x (pki-core:10.6)",
"product_id": "jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debugsource@4.6.0-5.module%2Bel8.1.0%2B4218%2B3fd65c36?arch=s390x\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"product": {
"name": "jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x (pki-core:10.6)",
"product_id": "jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-javadoc@4.6.0-5.module%2Bel8.1.0%2B4218%2B3fd65c36?arch=s390x\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"product": {
"name": "pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x (pki-core:10.6)",
"product_id": "pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debuginfo@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=s390x\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"product": {
"name": "pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x (pki-core:10.6)",
"product_id": "pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debugsource@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=s390x\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"product": {
"name": "pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x (pki-core:10.6)",
"product_id": "pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=s390x\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"product": {
"name": "pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x (pki-core:10.6)",
"product_id": "pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey-debuginfo@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=s390x\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"product": {
"name": "pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x (pki-core:10.6)",
"product_id": "pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=s390x\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"product": {
"name": "pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x (pki-core:10.6)",
"product_id": "pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools-debuginfo@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=s390x\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"product": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le (pki-deps:10.6)",
"product_id": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-debugsource@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=ppc64le\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"product": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le (pki-deps:10.6)",
"product_id": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-doc@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=ppc64le\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"product": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le (pki-deps:10.6)",
"product_id": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=ppc64le\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"product": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le (pki-deps:10.6)",
"product_id": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss-debuginfo@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=ppc64le\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"product": {
"name": "jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le (pki-core:10.6)",
"product_id": "jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss@4.6.0-5.module%2Bel8.1.0%2B4218%2B3fd65c36?arch=ppc64le\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"product": {
"name": "jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le (pki-core:10.6)",
"product_id": "jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debuginfo@4.6.0-5.module%2Bel8.1.0%2B4218%2B3fd65c36?arch=ppc64le\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"product": {
"name": "jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le (pki-core:10.6)",
"product_id": "jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debugsource@4.6.0-5.module%2Bel8.1.0%2B4218%2B3fd65c36?arch=ppc64le\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"product": {
"name": "jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le (pki-core:10.6)",
"product_id": "jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-javadoc@4.6.0-5.module%2Bel8.1.0%2B4218%2B3fd65c36?arch=ppc64le\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"product": {
"name": "pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le (pki-core:10.6)",
"product_id": "pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debuginfo@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=ppc64le\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"product": {
"name": "pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le (pki-core:10.6)",
"product_id": "pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debugsource@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=ppc64le\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"product": {
"name": "pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le (pki-core:10.6)",
"product_id": "pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=ppc64le\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"product": {
"name": "pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le (pki-core:10.6)",
"product_id": "pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey-debuginfo@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=ppc64le\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"product": {
"name": "pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le (pki-core:10.6)",
"product_id": "pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=ppc64le\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"product": {
"name": "pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le (pki-core:10.6)",
"product_id": "pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools-debuginfo@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=ppc64le\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"product": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64 (pki-deps:10.6)",
"product_id": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-debugsource@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=aarch64\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"product": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64 (pki-deps:10.6)",
"product_id": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-nss-doc@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=aarch64\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"product": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64 (pki-deps:10.6)",
"product_id": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=aarch64\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"product": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64 (pki-deps:10.6)",
"product_id": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-nss-debuginfo@1.0.1-10.module%2Bel8.1.0%2B3366%2B6dfb954c?arch=aarch64\u0026rpmmod=pki-deps:10.6:8010020190731203900:cdc1202b"
}
}
},
{
"category": "product_version",
"name": "jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"product": {
"name": "jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64 (pki-core:10.6)",
"product_id": "jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss@4.6.0-5.module%2Bel8.1.0%2B4218%2B3fd65c36?arch=aarch64\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"product": {
"name": "jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64 (pki-core:10.6)",
"product_id": "jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debuginfo@4.6.0-5.module%2Bel8.1.0%2B4218%2B3fd65c36?arch=aarch64\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"product": {
"name": "jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64 (pki-core:10.6)",
"product_id": "jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-debugsource@4.6.0-5.module%2Bel8.1.0%2B4218%2B3fd65c36?arch=aarch64\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"product": {
"name": "jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64 (pki-core:10.6)",
"product_id": "jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jss-javadoc@4.6.0-5.module%2Bel8.1.0%2B4218%2B3fd65c36?arch=aarch64\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"product": {
"name": "pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64 (pki-core:10.6)",
"product_id": "pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debuginfo@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=aarch64\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"product": {
"name": "pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64 (pki-core:10.6)",
"product_id": "pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-core-debugsource@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=aarch64\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"product": {
"name": "pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64 (pki-core:10.6)",
"product_id": "pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=aarch64\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"product": {
"name": "pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64 (pki-core:10.6)",
"product_id": "pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-symkey-debuginfo@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=aarch64\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"product": {
"name": "pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64 (pki-core:10.6)",
"product_id": "pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=aarch64\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
},
{
"category": "product_version",
"name": "pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"product": {
"name": "pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64 (pki-core:10.6)",
"product_id": "pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-tools-debuginfo@10.7.3-1.module%2Bel8.1.0%2B3964%2B500fc130?arch=aarch64\u0026rpmmod=pki-core:10.6:8010020190912123424:8ba0ffbe"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6"
},
"product_reference": "jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6"
},
"product_reference": "jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6"
},
"product_reference": "jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6"
},
"product_reference": "jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6"
},
"product_reference": "jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6"
},
"product_reference": "jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6"
},
"product_reference": "jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64 (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6"
},
"product_reference": "jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6"
},
"product_reference": "jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6"
},
"product_reference": "jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.src (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.src::pki-core:10.6"
},
"product_reference": "jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.src::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64 (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6"
},
"product_reference": "jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64 (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6"
},
"product_reference": "jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6"
},
"product_reference": "jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6"
},
"product_reference": "jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64 (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6"
},
"product_reference": "jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64 (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6"
},
"product_reference": "jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6"
},
"product_reference": "jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6"
},
"product_reference": "jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64 (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6"
},
"product_reference": "jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64 (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6"
},
"product_reference": "jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6"
},
"product_reference": "jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6"
},
"product_reference": "jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64 (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6"
},
"product_reference": "jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6"
},
"product_reference": "ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.src (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.src::pki-core:10.6"
},
"product_reference": "ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.src::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ldapjdk-javadoc-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:ldapjdk-javadoc-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6"
},
"product_reference": "ldapjdk-javadoc-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-base-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-base-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6"
},
"product_reference": "pki-base-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-base-java-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-base-java-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6"
},
"product_reference": "pki-base-java-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-ca-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-ca-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6"
},
"product_reference": "pki-ca-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-0:10.7.3-1.module+el8.1.0+3964+500fc130.src (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-core-0:10.7.3-1.module+el8.1.0+3964+500fc130.src::pki-core:10.6"
},
"product_reference": "pki-core-0:10.7.3-1.module+el8.1.0+3964+500fc130.src::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64 (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6"
},
"product_reference": "pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6"
},
"product_reference": "pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6"
},
"product_reference": "pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64 (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6"
},
"product_reference": "pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64 (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6"
},
"product_reference": "pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6"
},
"product_reference": "pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6"
},
"product_reference": "pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64 (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6"
},
"product_reference": "pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-kra-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-kra-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6"
},
"product_reference": "pki-kra-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-server-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-server-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6"
},
"product_reference": "pki-server-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-4.0-api-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-servlet-4.0-api-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "pki-servlet-4.0-api-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64 (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6"
},
"product_reference": "pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6"
},
"product_reference": "pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6"
},
"product_reference": "pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64 (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6"
},
"product_reference": "pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64 (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6"
},
"product_reference": "pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6"
},
"product_reference": "pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6"
},
"product_reference": "pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64 (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6"
},
"product_reference": "pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64 (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6"
},
"product_reference": "pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6"
},
"product_reference": "pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6"
},
"product_reference": "pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64 (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6"
},
"product_reference": "pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64 (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6"
},
"product_reference": "pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6"
},
"product_reference": "pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6"
},
"product_reference": "pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64 (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6"
},
"product_reference": "pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6"
},
"product_reference": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6"
},
"product_reference": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6"
},
"product_reference": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6"
},
"product_reference": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6"
},
"product_reference": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6"
},
"product_reference": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6"
},
"product_reference": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6"
},
"product_reference": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6"
},
"product_reference": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6"
},
"product_reference": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6"
},
"product_reference": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6"
},
"product_reference": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64 (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6"
},
"product_reference": "python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pki-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:python3-pki-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6"
},
"product_reference": "python3-pki-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.noarch (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6"
},
"product_reference": "tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.src (pki-core:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.src::pki-core:10.6"
},
"product_reference": "tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.src::pki-core:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6"
},
"product_reference": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src (pki-deps:10.6) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.1.0:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
},
"product_reference": "xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"relates_to_product_reference": "AppStream-8.1.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-12086",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-05-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1713468"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the mysql gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to read arbitrary local files",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.src::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"AppStream-8.1.0:ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.src::pki-core:10.6",
"AppStream-8.1.0:ldapjdk-javadoc-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-base-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-base-java-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-ca-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-core-0:10.7.3-1.module+el8.1.0+3964+500fc130.src::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-kra-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-server-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-servlet-4.0-api-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python3-pki-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"AppStream-8.1.0:tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.src::pki-core:10.6",
"AppStream-8.1.0:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12086"
},
{
"category": "external",
"summary": "RHBZ#1713468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713468"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12086",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12086"
}
],
"release_date": "2019-05-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-05T21:19:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.1.0:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.src::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"AppStream-8.1.0:ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.src::pki-core:10.6",
"AppStream-8.1.0:ldapjdk-javadoc-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-base-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-base-java-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-ca-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-core-0:10.7.3-1.module+el8.1.0+3964+500fc130.src::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-kra-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-server-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-servlet-4.0-api-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python3-pki-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"AppStream-8.1.0:tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.src::pki-core:10.6",
"AppStream-8.1.0:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2019:3416"
},
{
"category": "workaround",
"details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`",
"product_ids": [
"AppStream-8.1.0:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.src::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"AppStream-8.1.0:ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.src::pki-core:10.6",
"AppStream-8.1.0:ldapjdk-javadoc-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-base-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-base-java-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-ca-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-core-0:10.7.3-1.module+el8.1.0+3964+500fc130.src::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-kra-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-server-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-servlet-4.0-api-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python3-pki-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"AppStream-8.1.0:tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.src::pki-core:10.6",
"AppStream-8.1.0:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.1.0:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.src::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"AppStream-8.1.0:ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.src::pki-core:10.6",
"AppStream-8.1.0:ldapjdk-javadoc-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-base-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-base-java-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-ca-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-core-0:10.7.3-1.module+el8.1.0+3964+500fc130.src::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-kra-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-server-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-servlet-4.0-api-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python3-pki-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"AppStream-8.1.0:tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.src::pki-core:10.6",
"AppStream-8.1.0:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server."
},
{
"cve": "CVE-2019-12814",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1725795"
}
],
"notes": [
{
"category": "description",
"text": "A new polymorphic typing flaw was discovered in FasterXML jackson-databind, versions 2.x through 2.9.9. With default typing enabled, an attacker can send a specifically crafted JSON message to the server that allows them to read arbitrary local files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Red Hat Satellite 6 does not include the jdom or jdom2 packages, thus it is not affected by this vulnerability. \n* Red Hat OpenStack\u0027s OpenDaylight does not include the jdom or jdom2 packages, thus it is not affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.src::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"AppStream-8.1.0:ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.src::pki-core:10.6",
"AppStream-8.1.0:ldapjdk-javadoc-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-base-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-base-java-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-ca-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-core-0:10.7.3-1.module+el8.1.0+3964+500fc130.src::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-kra-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-server-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-servlet-4.0-api-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python3-pki-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"AppStream-8.1.0:tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.src::pki-core:10.6",
"AppStream-8.1.0:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-12814"
},
{
"category": "external",
"summary": "RHBZ#1725795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1725795"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-12814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-12814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12814"
}
],
"release_date": "2019-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-11-05T21:19:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.1.0:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.src::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"AppStream-8.1.0:ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.src::pki-core:10.6",
"AppStream-8.1.0:ldapjdk-javadoc-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-base-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-base-java-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-ca-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-core-0:10.7.3-1.module+el8.1.0+3964+500fc130.src::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-kra-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-server-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-servlet-4.0-api-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python3-pki-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"AppStream-8.1.0:tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.src::pki-core:10.6",
"AppStream-8.1.0:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2019:3416"
},
{
"category": "workaround",
"details": "This vulnerability relies on jdom (org.jdom) or jdom2 (org.jdom2) being present in the application\u0027s ClassPath. Applications using jackson-databind that do not also use jdom or jdom2 are not impacted by this vulnerability.",
"product_ids": [
"AppStream-8.1.0:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.src::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"AppStream-8.1.0:ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.src::pki-core:10.6",
"AppStream-8.1.0:ldapjdk-javadoc-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-base-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-base-java-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-ca-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-core-0:10.7.3-1.module+el8.1.0+3964+500fc130.src::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-kra-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-server-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-servlet-4.0-api-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python3-pki-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"AppStream-8.1.0:tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.src::pki-core:10.6",
"AppStream-8.1.0:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.1.0:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:apache-commons-collections-0:3.2.2-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:apache-commons-lang-0:2.6-21.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:bea-stax-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:bea-stax-api-0:1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-fastinfoset-0:1.2.13-9.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-api-0:2.2.12-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-core-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-runtime-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:glassfish-jaxb-txw2-0:2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-annotations-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-core-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-databind-0:2.9.9.2-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-jaxrs-json-provider-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-jaxrs-providers-0:2.9.9-1.module+el8.1.0+3832+9784644d.src::pki-deps:10.6",
"AppStream-8.1.0:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jakarta-commons-httpclient-1:3.1-28.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:javassist-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:javassist-javadoc-0:3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.src::pki-core:10.6",
"AppStream-8.1.0:jss-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-debuginfo-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-debugsource-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.aarch64::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.ppc64le::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.s390x::pki-core:10.6",
"AppStream-8.1.0:jss-javadoc-0:4.6.0-5.module+el8.1.0+4218+3fd65c36.x86_64::pki-core:10.6",
"AppStream-8.1.0:ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"AppStream-8.1.0:ldapjdk-0:4.21.0-1.module+el8.1.0+3370+6d076660.src::pki-core:10.6",
"AppStream-8.1.0:ldapjdk-javadoc-0:4.21.0-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-base-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-base-java-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-ca-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-core-0:10.7.3-1.module+el8.1.0+3964+500fc130.src::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-core-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-core-debugsource-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-kra-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-server-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:pki-servlet-4.0-api-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:pki-servlet-engine-1:9.0.7-16.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-symkey-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-tools-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.aarch64::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.ppc64le::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.s390x::pki-core:10.6",
"AppStream-8.1.0:pki-tools-debuginfo-0:10.7.3-1.module+el8.1.0+3964+500fc130.x86_64::pki-core:10.6",
"AppStream-8.1.0:python-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python-nss-debugsource-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python-nss-doc-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x::pki-deps:10.6",
"AppStream-8.1.0:python3-nss-debuginfo-0:1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64::pki-deps:10.6",
"AppStream-8.1.0:python3-pki-0:10.7.3-1.module+el8.1.0+3964+500fc130.noarch::pki-core:10.6",
"AppStream-8.1.0:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:relaxngDatatype-0:2011.1-7.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:resteasy-0:3.0.26-3.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:slf4j-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:slf4j-jdk14-0:1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:stax-ex-0:1.7.7-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.noarch::pki-core:10.6",
"AppStream-8.1.0:tomcatjss-0:7.4.1-1.module+el8.1.0+3370+6d076660.src::pki-core:10.6",
"AppStream-8.1.0:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:velocity-0:1.7-24.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xalan-j2-0:2.7.1-38.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xerces-j2-0:2.11.0-34.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-apis-0:1.4.01-25.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xml-commons-resolver-0:1.2-26.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xmlstreambuffer-0:1.5.4-8.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6",
"AppStream-8.1.0:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch::pki-deps:10.6",
"AppStream-8.1.0:xsom-0:0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src::pki-deps:10.6"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message."
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…