Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Block one more gadget type (ehcache, CVE-2019-17267) #2460

Closed
lufeirider opened this issue Sep 17, 2019 · 3 comments
Closed

Block one more gadget type (ehcache, CVE-2019-17267) #2460

lufeirider opened this issue Sep 17, 2019 · 3 comments
Labels
CVE Issues related to public CVEs (security vuln reports)
Milestone
2.9.10

Comments

@lufeirider
Copy link

lufeirider commented Sep 17, 2019
edited by cowtowncoder
Loading

Another gadget (*) type report regarding a class of ehcache package (follow up for #2387)

Mitre id: CVE-2019-17267
Reporter: lufeirider

Fix included in:

  • 2.9.10
  • 2.8.11.5
  • does not affect 2.10.0 and later

(*) See https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 for more on general problem type
@cowtowncoder
Copy link
Member

Thank you -- email received, will track progress with this issue. Will update description and title appropriately with more information.

@cowtowncoder cowtowncoder added ACTIVE CVE Issues related to public CVEs (security vuln reports) labels Sep 17, 2019
@cowtowncoder cowtowncoder changed the title May be a new default typing gadget Block one more gadget type (ehcache, CVE to be allocated) Sep 17, 2019
@cowtowncoder cowtowncoder modified the milestones: 2.9,0.pr4, 2.9.10 Sep 20, 2019
@abergmann
Copy link

CVE-2019-17267 was assigned to this issue.

@cowtowncoder cowtowncoder changed the title Block one more gadget type (ehcache, CVE to be allocated) Block one more gadget type (ehcache, CVE-2019-17267) Oct 7, 2019
@cowtowncoder
Copy link
Member

@abergmann thanks!

ablekhman added a commit to atlassian/jackson-1 that referenced this issue Oct 23, 2019
@ablekhman
Block one more gadget type (ehcache, CVE-2019-17267)
fd5fc28 
Merged from FasterXML/jackson-databind#2460
@UltramanGaia UltramanGaia mentioned this issue Oct 24, 2019
Closed
This was referenced May 28, 2020
Closed
Open
Closed
Open
Closed
@mend-bolt-for-github mend-bolt-for-github bot mentioned this issue Jun 14, 2020
Open
This was referenced Jun 18, 2020
Open
Open
This was referenced Jun 25, 2020
Closed
Open
This was referenced Jul 2, 2020
Open
Closed
This was referenced Jul 8, 2020
Open
Open
@mend-for-github-com mend-for-github-com bot mentioned this issue Feb 27, 2022
Closed
@mend-bolt-for-github mend-bolt-for-github bot mentioned this issue Mar 1, 2022
Open
@mend-for-github-com mend-for-github-com bot mentioned this issue Mar 1, 2022
Closed
This was referenced Mar 11, 2022
Closed
Closed
This was referenced Mar 12, 2022
Closed
Closed
@mend-bolt-for-github mend-bolt-for-github bot mentioned this issue Mar 14, 2022
Open
This was referenced Mar 14, 2022
Closed
Open
@mend-bolt-for-github mend-bolt-for-github bot mentioned this issue Mar 22, 2022
Open
This was referenced Mar 31, 2022
Closed
Open
This was referenced May 10, 2022
Open
Open
@mend-bolt-for-github mend-bolt-for-github bot mentioned this issue May 31, 2022
Closed
This was referenced May 31, 2022
Closed
Closed
Closed
Closed
@scott-cx scott-cx mentioned this issue Aug 1, 2022
Open
@cxronen cxronen mentioned this issue Sep 20, 2022
Open
@margaritalm margaritalm mentioned this issue Dec 25, 2022
Open
This was referenced Feb 15, 2023
Open
Closed
@cxronen cxronen mentioned this issue May 25, 2023
Open
@cxronen cxronen mentioned this issue May 25, 2023
Open
@joshn-whitesource-app joshn-whitesource-app bot mentioned this issue Dec 27, 2023
Open
@copper-mend-app copper-mend-app bot mentioned this issue May 23, 2024
Open
@stschott stschott mentioned this issue Sep 23, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
CVE Issues related to public CVEs (security vuln reports)
Projects
None yet
Milestone
2.9.10
Development

No branches or pull requests
3 participants
@cowtowncoder @abergmann @lufeirider