Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/eap7-jackson-modules-java8@2.9.9-1.redhat_00001.1?arch=el6eap
purl pkg:rpm/redhat/eap7-jackson-modules-java8@2.9.9-1.redhat_00001.1?arch=el6eap
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.5
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-4kdg-asyc-rbdx
Aliases:
CVE-2019-10184
GHSA-w69w-jvc7-wjgv
Undertow Missing Authorization when requesting a protected directory without trailing slash undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api. There are no reported fixed by versions.
VCID-56sb-829v-6qbz
Aliases:
CVE-2019-12814
GHSA-cmfg-87vq-g5g4
Information Disclosure A Polymorphic Typing issue was discovered in FasterXML jackson-databind. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server. There are no reported fixed by versions.
VCID-9wej-f7zx-pfeq
Aliases:
CVE-2019-12086
GHSA-5ww9-j83m-q7qx
Information exposure in FasterXML jackson-databind A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation. There are no reported fixed by versions.
VCID-scjb-1mwk-rfdd
Aliases:
CVE-2019-10212
GHSA-8vh8-vc28-m2hf
Potential to access user credentials from the log files when debug logging enabled A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files. There are no reported fixed by versions.
VCID-wg36-q48g-mkds
Aliases:
CVE-2019-14379
GHSA-6fpp-rgj9-8rwc
Deserialization of untrusted data in FasterXML jackson-databind SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2, 2.8.11.4, and 2.7.9.6 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. There are no reported fixed by versions.
VCID-ygs8-4gxq-kygq
Aliases:
CVE-2019-12384
GHSA-mph4-vhrx-mv67
Deserialization of Untrusted Data in FasterXML jackson-databind FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:19:35.023981+00:00 RedHat Importer Affected by VCID-9wej-f7zx-pfeq https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12086.json 38.0.0
2026-04-01T14:19:04.949150+00:00 RedHat Importer Affected by VCID-56sb-829v-6qbz https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12814.json 38.0.0
2026-04-01T14:18:37.062451+00:00 RedHat Importer Affected by VCID-ygs8-4gxq-kygq https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12384.json 38.0.0
2026-04-01T14:18:10.163734+00:00 RedHat Importer Affected by VCID-wg36-q48g-mkds https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14379.json 38.0.0
2026-04-01T14:18:06.380696+00:00 RedHat Importer Affected by VCID-4kdg-asyc-rbdx https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10184.json 38.0.0
2026-04-01T14:15:56.726602+00:00 RedHat Importer Affected by VCID-scjb-1mwk-rfdd https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10212.json 38.0.0