-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Block one more gadget type (logback, CVE-2019-14439) #2389
Comments
Similar to #2341 and others? -_- |
@jdelta-RBS yup, same old shite. |
Is this the correct CVE? According to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439 CVE-2019-14439 was assigned for this issue. |
I don't know. I guess this is downside of my not requesting CVE IDs -- looks like we now have TWO cve ids for same thing. :-/ Will the real CVE-for-logback please stand up? |
Hi
On Tue, Jul 30, 2019 at 03:35:23PM -0700, Tatu Saloranta wrote:
I don't know. I guess this is downside of my not requesting CVE IDs
-- looks like we now have TWO cve ids for same thing. :-/
Uh okay!
I asked MITRE (via https://cveform.mitre.org/) if they can look up and
reject one of those.
|
Thank you. |
CVE-2019-14361 was rejected. Update the title to prevent confusion? |
Done. Will need to try to hunt down refs in other places now. |
Avoids CVE-2019-14379 FasterXML/jackson-databind#2387 Avoids CVE-2019-14439 FasterXML/jackson-databind#2389 Signed-off-by: Ben Cox <1038350+ind1go@users.noreply.github.com>
Updated jackson-databind version to 2.9.9.2 which contains fix for: - [CVE-2019-14379](FasterXML/jackson-databind#2387) - [CVE-2019-14361 / CVE-2019-14439](FasterXML/jackson-databind#2389)
…nerabilities FasterXML/jackson-databind#2326: Block class for CVE-2019-12086 FasterXML/jackson-databind#2334: Block class for CVE-2019-12384 FasterXML/jackson-databind#2341: Block class for CVE-2019-12814 FasterXML/jackson-databind#2387: Block class for CVE-2019-14379 FasterXML/jackson-databind#2389: Block class for CVE-2019-14439
Another gadget type report regarding logback/JNDI.
Mitre id: CVE-2019-14439
Reporter: xiexq@knownsec.com (Badcode of Knownsec 404 Team)
Fixed in:
The text was updated successfully, but these errors were encountered: