Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/eap7-jackson-modules-base@2.9.10-2.redhat_00003.1?arch=el6eap
purl pkg:rpm/redhat/eap7-jackson-modules-base@2.9.10-2.redhat_00003.1?arch=el6eap
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.5
Vulnerabilities affecting this package (12)
Vulnerability Summary Fixed by
VCID-16af-yv1z-xufy
Aliases:
CVE-2019-17531
GHSA-gjmw-vf9h-g25v
jackson-databind polymorphic typing issue A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload. There are no reported fixed by versions.
VCID-8tmq-zbmb-m7h4
Aliases:
CVE-2019-16943
GHSA-fmmc-742q-jg75
jackson-databind polymorphic typing issue A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling. There are no reported fixed by versions.
VCID-avut-gmwd-jqfp
Aliases:
CVE-2019-16942
GHSA-mx7p-6679-8g3q
Polymorphic Typing in FasterXML jackson-databind A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling. There are no reported fixed by versions.
VCID-bypv-wfhs-sbe4
Aliases:
CVE-2019-14540
GHSA-h822-r4r5-v8jg
Polymorphic Typing issue in FasterXML jackson-databind A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10, 2.8.11.5, and 2.6.7.3. It is related to `com.zaxxer.hikari.HikariConfig`. There are no reported fixed by versions.
VCID-d4z1-hdkt-r7g1
Aliases:
CVE-2019-10219
GHSA-m8p2-495h-ccmh
The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. There are no reported fixed by versions.
VCID-jx9y-fyfm-bqdr
Aliases:
CVE-2019-16335
GHSA-85cw-hj65-qqv9
Polymorphic Typing issue in FasterXML jackson-databind A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10, 2.8.11.5, and 2.6.7.3. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540. There are no reported fixed by versions.
VCID-mba8-bg91-77ak
Aliases:
CVE-2019-16869
GHSA-p979-4mfw-53vg
HTTP Request Smuggling in Netty Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. There are no reported fixed by versions.
VCID-p9y4-yce4-zqbk
Aliases:
CVE-2019-14888
GHSA-vjxc-frw4-jmh5
Undertow vulnerable to Uncontrolled Resource Consumption A vulnerability was found in the Undertow HTTP server in versions before 2.0.29 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL. There are no reported fixed by versions.
VCID-svkb-adja-qfef
Aliases:
CVE-2019-17267
GHSA-f3j5-rmmp-3fc5
Improper Input Validation in jackson-databind A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10 and 2.8.11.5. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. There are no reported fixed by versions.
VCID-tm7y-tnx3-43dq
Aliases:
CVE-2019-14893
GHSA-qmqc-x3r4-6v39
Polymorphic deserialization of malicious object in jackson-databind A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code. There are no reported fixed by versions.
VCID-x8c2-2u1w-yyfn
Aliases:
CVE-2019-14892
GHSA-cf6r-3wgc-h863
Polymorphic deserialization of malicious object in jackson-databind A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5, and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code. There are no reported fixed by versions.
VCID-yrd5-ev3p-xyg1
Aliases:
CVE-2019-14885
EAP: Vault system property security attribute value is revealed on CLI 'reload' command There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:16:52.248953+00:00 RedHat Importer Affected by VCID-d4z1-hdkt-r7g1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10219.json 38.0.0
2026-04-01T14:16:25.633678+00:00 RedHat Importer Affected by VCID-bypv-wfhs-sbe4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14540.json 38.0.0
2026-04-01T14:16:23.323534+00:00 RedHat Importer Affected by VCID-jx9y-fyfm-bqdr https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16335.json 38.0.0
2026-04-01T14:16:20.712023+00:00 RedHat Importer Affected by VCID-svkb-adja-qfef https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17267.json 38.0.0
2026-04-01T14:16:12.654400+00:00 RedHat Importer Affected by VCID-x8c2-2u1w-yyfn https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14892.json 38.0.0
2026-04-01T14:16:10.160666+00:00 RedHat Importer Affected by VCID-tm7y-tnx3-43dq https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14893.json 38.0.0
2026-04-01T14:16:06.344166+00:00 RedHat Importer Affected by VCID-mba8-bg91-77ak https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16869.json 38.0.0
2026-04-01T14:16:03.688439+00:00 RedHat Importer Affected by VCID-8tmq-zbmb-m7h4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16943.json 38.0.0
2026-04-01T14:16:01.267031+00:00 RedHat Importer Affected by VCID-avut-gmwd-jqfp https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16942.json 38.0.0
2026-04-01T14:15:49.548528+00:00 RedHat Importer Affected by VCID-16af-yv1z-xufy https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17531.json 38.0.0
2026-04-01T14:13:58.220190+00:00 RedHat Importer Affected by VCID-yrd5-ev3p-xyg1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14885.json 38.0.0
2026-04-01T14:13:54.754943+00:00 RedHat Importer Affected by VCID-p9y4-yce4-zqbk https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14888.json 38.0.0