Skip to content

Block two more gadget types (commons-dbcp, p6spy, CVE-2019-16942 / CVE-2019-16943) #2478

New issue
New issue
Closed
Closed
Block two more gadget types (commons-dbcp, p6spy, CVE-2019-16942 / CVE-2019-16943)#2478
Labels
CVEIssues related to public CVEs (security vuln reports)
Milestone
2.9.10.1
@bsmali4

Description

@bsmali4
bsmali4
opened on Sep 27, 2019

Another 2 gadget (*) types reported regarding classes of commons-dbcp and p6spy packages.
See https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 for description of the general problem.

Mitre id: CVE-2019-16942 (commons-dbcp)
Mitre id: CVE-2019-16943 (p6spy)
Reporter: b5mali4

Fixed in:

  • 2.9.10.1 (use jackson-bom version 2.9.10.20191020)
  • 2.6.7.3
  • 2.8.11.5
  • does not affect 2.10.0 and later

Metadata

Metadata

Assignees

No one assigned

    Labels

    CVEIssues related to public CVEs (security vuln reports)

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions