Description

A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.

Remediation

References

CVE-2019-10202

Related Vulnerabilities

WordPress Plugin Slider Revolution Responsive Local File Inclusion (4.1.4)

WordPress Plugin Database for Contact Form 7, WPforms, Elementor forms Arbitrary File Upload (1.3.2)

Envoy Proxy Improper Certificate Validation Vulnerability (CVE-2022-21656)

Liferay Portal Excessive Iteration Vulnerability (CVE-2024-25144)

Apache HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-0455)

Severity

Critical

Classification

CVE-2019-10202 CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities