Miggo Logo
Miggo Vulnerability Database
CVE-2019-14439

CVE-2019-14439: Deserialization of untrusted data in FasterXML jackson-databind

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2019-14439
GHSA ID
GHSA-gwp4-hfv6-p7hw
EPSS Score
0.92512%
CWE
CWE-502
Published
8/1/2019
Updated
11/27/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
com.fasterxml.jackson.core:jackson-databindmaven>= 2.9.0, < 2.9.9.22.9.9.2
com.fasterxml.jackson.core:jackson-databindmaven>= 2.7.0, < 2.7.9.62.7.9.6
com.fasterxml.jackson.core:jackson-databindmaven< 2.6.7.32.6.7.3
com.fasterxml.jackson.core:jackson-databindmaven>= 2.8.0, < 2.8.11.42.8.11.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis:
In progress

WAF Protection Rules

WAF Rule

* Polymorp*i* Typin* issu* w*s *is*ov*r** in **st*rXML j**kson-**t**in* *.x ***or* *.*.*.*, *.*.**.*, *.*.*.*, *n* *.*.*.*. T*is o**urs w**n ****ult Typin* is *n**l** (*it**r *lo**lly or *or * sp**i*i* prop*rty) *or *n *xt*rn*lly *xpos** JSON *n*poin

Reasoning

No *n*lysis *v*il**l*