UBUNTU-CVE-2019-14439
Advisory lineage Upstream: 1 Downstream: 1
Upstream
Downstream
Published: 30 Jul 2019, 11:15
Last modified:04 Feb 2026, 03:59
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
7.5 HIGH
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
30 Jul 2019, 11:15
Published
Vulnerability first disclosed
04 Feb 2026, 03:59
Last Modified
Vulnerability information updated
Description
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Systems
- ubuntu•jackson-databind
all | < 2.4.2-3ubuntu0.1~esm2 | all
References (6)
- https://ubuntu.com/security/CVE-2019-14439
- https://github.com/FasterXML/jackson-databind/issues/2389
- https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b
- https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2
- https://ubuntu.com/security/notices/USN-4813-1
- https://www.cve.org/CVERecord?id=CVE-2019-14439