CVE-2019-10172

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 18-11-2019 06:15

Last modified: - 18-04-2022 04:27

Total changes: - 16

Description

A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

None

Confidentiality

High

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

7.5

Base score

3.9

3.6

Exploitability score

Impact score

Verification logic

vendor=fasterxml AND product=jackson-mapper-asl AND versionEndIncluding=1.9.13 AND versionStartIncluding=1.9.0

vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=7.0

vendor=Red Hat Enterprise Linux AND product=jboss_fuse AND version=7.0.0

vendor=Debian AND product=debian_linux AND version=8.0

vendor=Debian AND product=debian_linux AND version=9.0

vendor=apache AND product=spark AND version=3.0.1

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10172
[debian-lts-announce] 20200131 [SECURITY] [DLA 2091-1] libjackson-json-java security update-Mailing List, Third Party Advisory
[cassandra-commits] 20200407 [jira] [Created] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?-Mailing List, Third Party Advisory
[cassandra-commits] 20200413 [jira] [Commented] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?-Mailing List, Third Party Advisory
[cassandra-commits] 20200420 [jira] [Updated] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?-Mailing List, Third Party Advisory
[cassandra-commits] 20200420 [jira] [Commented] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?-Mailing List, Third Party Advisory
[cassandra-commits] 20200420 [jira] [Commented] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?-Mailing List, Third Party Advisory
[cassandra-commits] 20200818 [jira] [Updated] (CASSANDRA-16056) Remove jackson-mapper-asl-1.9.13 to mitigate CVE-2019-10172-Mailing List, Third Party Advisory
[cassandra-commits] 20200818 [jira] [Created] (CASSANDRA-16056) Remove jackson-mapper-asl-1.9.13 to mitigate CVE-2019-10172-Mailing List, Third Party Advisory
[cassandra-commits] 20200819 [jira] [Updated] (CASSANDRA-16056) Remove jackson-mapper-asl-1.9.13 to mitigate CVE-2019-10172-Mailing List, Third Party Advisory
[debian-lts-announce] 20200824 [SECURITY] [DLA 2342-1] libjackson-json-java security update-Mailing List, Third Party Advisory
[hadoop-common-issues] 20200824 [jira] [Created] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172-Mailing List, Third Party Advisory
[hadoop-common-dev] 20200824 [jira] [Created] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172-Mailing List, Third Party Advisory
[hadoop-common-issues] 20200825 [jira] [Updated] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172-Mailing List, Third Party Advisory
[hadoop-common-issues] 20200825 [jira] [Commented] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172-Mailing List, Third Party Advisory
[cassandra-commits] 20200901 [jira] [Commented] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?-Mailing List, Third Party Advisory
[cassandra-commits] 20200901 [jira] [Commented] (CASSANDRA-15701) Does Cassandra 3.11.3/3.11.5 is affected by CVE-2019-10712 or not ?-Mailing List, Third Party Advisory
[spark-issues] 20210223 [jira] [Created] (SPARK-34511) Current Security vulnerabilities in spark libraries-Mailing List, Third Party Advisory
[hadoop-user] 20210317 jackson-mapper-asl vulnerability at Hadoop-Mailing List, Third Party Advisory
[hive-issues] 20210318 [jira] [Comment Edited] (HIVE-24904) CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar-Mailing List, Third Party Advisory
[hive-dev] 20210318 CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar-Mailing List, Third Party Advisory
[hive-issues] 20210318 [jira] [Assigned] (HIVE-24904) CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar-Mailing List, Third Party Advisory
[hive-dev] 20210318 [jira] [Created] (HIVE-24904) CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar-Mailing List, Third Party Advisory
[hive-issues] 20210318 [jira] [Updated] (HIVE-24904) CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar-Mailing List, Third Party Advisory
[hive-issues] 20210318 [jira] [Commented] (HIVE-24904) CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar-Mailing List, Third Party Advisory
[hadoop-common-issues] 20210320 [jira] [Commented] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172-Mailing List, Third Party Advisory
[hive-issues] 20210729 [jira] [Resolved] (HIVE-24904) CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar-Mailing List, Third Party Advisory
[hadoop-common-issues] 20210906 [jira] [Commented] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172-Mailing List, Third Party Advisory
[hadoop-common-issues] 20210907 [jira] [Commented] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172-Mailing List, Third Party Advisory
[hadoop-common-issues] 20210920 [jira] [Commented] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172-Mailing List, Third Party Advisory
[hadoop-common-issues] 20210921 [jira] [Commented] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172-Mailing List, Third Party Advisory
[hadoop-common-issues] 20210924 [jira] [Commented] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172-Mailing List, Third Party Advisory
[hadoop-common-issues] 20210924 [jira] [Updated] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172-Mailing List, Third Party Advisory
[cassandra-commits] 20210926 [jira] [Commented] (CASSANDRA-16056) Remove jackson-mapper-asl-1.9.13 to mitigate CVE-2019-10172-Mailing List, Third Party Advisory
[hadoop-common-issues] 20210927 [jira] [Commented] (HADOOP-17225) Update jackson-mapper-asl-1.9.13 to atlassian version to mitigate: CVE-2019-10172-Mailing List, Third Party Advisory
[cassandra-commits] 20210927 [jira] [Updated] (CASSANDRA-16056) Remove jackson-mapper-asl-1.9.13 to mitigate CVE-2019-10172-Mailing List, Third Party Advisory
[cassandra-commits] 20210927 [jira] [Assigned] (CASSANDRA-16056) Remove jackson-mapper-asl-1.9.13 to mitigate CVE-2019-10172-Mailing List, Third Party Advisory

Keywords

CVE-2019-10172

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2019-10172

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures