Vulnerable Libraries - jackson-databind-2.8.11.1.jar, jackson-databind-2.8.4.jar, jackson-databind-2.9.0.jar, jackson-databind-2.7.9.1.jar, jackson-databind-2.5.3.jar, jackson-databind-2.7.8.jar, jackson-databind-2.5.4.jar, jackson-databind-2.6.6.jar, jackson-databind-2.9.4.jar, jackson-databind-2.6.5.jar, jackson-databind-2.8.11.jar, jackson-databind-2.7.5.jar, jackson-databind-2.8.7.jar, jackson-databind-2.7.1.jar, jackson-databind-2.8.3.jar, jackson-databind-2.3.3.jar, jackson-databind-2.6.4.jar, jackson-databind-2.3.2.jar, jackson-databind-2.7.4.jar, jackson-databind-2.8.9.jar, jackson-databind-2.8.5.jar, jackson-databind-2.7.9.3.jar, jackson-databind-2.9.1.jar
jackson-databind-2.8.11.1.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/benchmark-integration/play-perftest/play-perftest.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.11.1/341edc63fdd8b44e17b2c36abbc9b451d8fd05a5/jackson-databind-2.8.11.1.jar
Dependency Hierarchy:
- play_2.12-2.6.20.jar (Root Library)
- ❌ jackson-databind-2.8.11.1.jar (Vulnerable Library)
jackson-databind-2.8.4.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/spring-rabbit/spring-rabbit.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.4/1c36c81e79cacdf48116afba8495e3393d267ba1/jackson-databind-2.8.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.4/1c36c81e79cacdf48116afba8495e3393d267ba1/jackson-databind-2.8.4.jar
Dependency Hierarchy:
- spring-rabbit-2.0.0.RELEASE.jar (Root Library)
- http-client-1.3.0.RELEASE.jar
- ❌ jackson-databind-2.8.4.jar (Vulnerable Library)
jackson-databind-2.9.0.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/vertx-rx-3.5/vertx-rx-3.5.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.9.0/14fb5f088cc0b0dc90a73ba745bcade4961a3ee3/jackson-databind-2.9.0.jar
Dependency Hierarchy:
- vertx-rx-java2-3.5.0.jar (Root Library)
- vertx-core-3.5.0.jar
- ❌ jackson-databind-2.9.0.jar (Vulnerable Library)
jackson-databind-2.7.9.1.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/appsec/weblog/weblog-spring-app/weblog-spring-app.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.7.9.1/85343e40e4f68d4a25226d53736646abaf0ae039/jackson-databind-2.7.9.1.jar,/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.7.9.1/85343e40e4f68d4a25226d53736646abaf0ae039/jackson-databind-2.7.9.1.jar
Dependency Hierarchy:
- ❌ jackson-databind-2.7.9.1.jar (Vulnerable Library)
jackson-databind-2.5.3.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/aws-java-sdk-1.11.0/aws-java-sdk-1.11.0.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.5.3/c37875ff66127d93e5f672708cb2dcc14c8232ab/jackson-databind-2.5.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.5.3/c37875ff66127d93e5f672708cb2dcc14c8232ab/jackson-databind-2.5.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.5.3/c37875ff66127d93e5f672708cb2dcc14c8232ab/jackson-databind-2.5.3.jar
Dependency Hierarchy:
- aws-java-sdk-sqs-1.11.0.jar (Root Library)
- aws-java-sdk-core-1.11.0.jar
- ❌ jackson-databind-2.5.3.jar (Vulnerable Library)
jackson-databind-2.7.8.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-smoke-tests/play-2.5/play-2.5.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.7.8/9bc551426f1e19b4e2d87bb4bb2e19f8ecf8d578/jackson-databind-2.7.8.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.7.8/9bc551426f1e19b4e2d87bb4bb2e19f8ecf8d578/jackson-databind-2.7.8.jar
Dependency Hierarchy:
- play_2.11-2.5.19.jar (Root Library)
- ❌ jackson-databind-2.7.8.jar (Vulnerable Library)
jackson-databind-2.5.4.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-smoke-tests/play-2.4/play-2.4.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.5.4/5dfa42af84584b4a862ea488da84bbbebbb06c35/jackson-databind-2.5.4.jar
Dependency Hierarchy:
- play_2.11-2.4.11.jar (Root Library)
- ❌ jackson-databind-2.5.4.jar (Vulnerable Library)
jackson-databind-2.6.6.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/aws-java-sqs-1.0/aws-java-sqs-1.0.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.6.6/5108dde6049374ba980b360e1ecff49847baba4a/jackson-databind-2.6.6.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.6.6/5108dde6049374ba980b360e1ecff49847baba4a/jackson-databind-2.6.6.jar
Dependency Hierarchy:
- aws-java-sdk-kinesis-1.11.106.jar (Root Library)
- jmespath-java-1.11.106.jar
- ❌ jackson-databind-2.6.6.jar (Vulnerable Library)
jackson-databind-2.9.4.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/spring-webflux-5/spring-webflux-5.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.9.4/498bbc3b94f566982c7f7c6d4d303fce365529be/jackson-databind-2.9.4.jar
Dependency Hierarchy:
- spring-boot-starter-webflux-2.0.0.RELEASE.jar (Root Library)
- spring-boot-starter-json-2.0.0.RELEASE.jar
- ❌ jackson-databind-2.9.4.jar (Vulnerable Library)
jackson-databind-2.6.5.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/transport-2/transport-2.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.6.5/d50be1723a09befd903887099ff2014ea9020333/jackson-databind-2.6.5.jar
Dependency Hierarchy:
- spring-data-elasticsearch-2.0.0.RELEASE.jar (Root Library)
- ❌ jackson-databind-2.6.5.jar (Vulnerable Library)
jackson-databind-2.8.11.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/akka-http-10.0/akka-http-10.0.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.11/569a9f220273024523799dba9dd358121b0ee09/jackson-databind-2.8.11.jar
Dependency Hierarchy:
- lagom-javadsl-testkit_2.11-1.4.0.jar (Root Library)
- lagom-persistence-core_2.11-1.4.0.jar
- play_2.11-2.6.11.jar
- ❌ jackson-databind-2.8.11.jar (Vulnerable Library)
jackson-databind-2.7.5.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/spring-cloud-zuul-2/spring-cloud-zuul-2.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.7.5/ca7084021d9f213003eafe2583d1783d3d6a3685/jackson-databind-2.7.5.jar
Dependency Hierarchy:
- zuul-core-1.3.1.jar (Root Library)
- archaius-core-0.7.6.jar
- ❌ jackson-databind-2.7.5.jar (Vulnerable Library)
jackson-databind-2.8.7.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/twilio/twilio.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.7/6c3257ef458ac58a8da69a6dca3d2a15286d88c8/jackson-databind-2.8.7.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.7/6c3257ef458ac58a8da69a6dca3d2a15286d88c8/jackson-databind-2.8.7.jar
Dependency Hierarchy:
- twilio-0.0.1.jar (Root Library)
- ❌ jackson-databind-2.8.7.jar (Vulnerable Library)
jackson-databind-2.7.1.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/play-2.4/play-2.4.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.7.1/14d88822bca655de7aa6ed3e4c498d115505710a/jackson-databind-2.7.1.jar
Dependency Hierarchy:
- play-java_2.11-2.5.0.jar (Root Library)
- play_2.11-2.5.0.jar
- ❌ jackson-databind-2.7.1.jar (Vulnerable Library)
jackson-databind-2.8.3.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-smoke-tests/log-injection/log-injection.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.3/cea3788c72271d45676ce32c0665991674b24cc5/jackson-databind-2.8.3.jar
Dependency Hierarchy:
- ❌ jackson-databind-2.8.3.jar (Vulnerable Library)
jackson-databind-2.3.3.jar
General data-binding functionality for Jackson: works on core streaming API
Path to dependency file: /dd-java-agent/instrumentation/jax-rs-annotations-1/jax-rs-annotations-1.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.3.3/63b77400b5f1cf83a81823562c48d3120ef5518e/jackson-databind-2.3.3.jar
Dependency Hierarchy:
- dropwizard-testing-0.7.1.jar (Root Library)
- dropwizard-core-0.7.1.jar
- dropwizard-jackson-0.7.1.jar
- ❌ jackson-databind-2.3.3.jar (Vulnerable Library)
jackson-databind-2.6.4.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/couchbase-2.0/couchbase-2.0.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.6.4/f2abadd10891512268b16a1a1a6f81890f3e2976/jackson-databind-2.6.4.jar
Dependency Hierarchy:
- spring-data-couchbase-2.0.0.RELEASE.jar (Root Library)
- ❌ jackson-databind-2.6.4.jar (Vulnerable Library)
jackson-databind-2.3.2.jar
General data-binding functionality for Jackson: works on core streaming API
Path to dependency file: /dd-java-agent/instrumentation/dropwizard/dropwizard-views/dropwizard-views.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.3.2/c75edc740a6d8cb1cef6fa82fa594e0bce561916/jackson-databind-2.3.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.3.2/c75edc740a6d8cb1cef6fa82fa594e0bce561916/jackson-databind-2.3.2.jar
Dependency Hierarchy:
- play-java-ws_2.11-2.3.10.jar (Root Library)
- play_2.11-2.3.10.jar
- ❌ jackson-databind-2.3.2.jar (Vulnerable Library)
jackson-databind-2.7.4.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/vertx-web-3.4/vertx-web-3.4.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.7.4/1e9c6f3659644aeac84872c3b62d8e363bf4c96d/jackson-databind-2.7.4.jar
Dependency Hierarchy:
- vertx-web-3.4.0.jar (Root Library)
- vertx-core-3.4.0.jar
- ❌ jackson-databind-2.7.4.jar (Vulnerable Library)
jackson-databind-2.8.9.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/play-2.6/play-2.6.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.9/4dfca3975be3c1a98eacb829e70f02e9a71bc159/jackson-databind-2.8.9.jar
Dependency Hierarchy:
- play_2.11-2.6.0.jar (Root Library)
- ❌ jackson-databind-2.8.9.jar (Vulnerable Library)
jackson-databind-2.8.5.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/kafka-streams-0.11/kafka-streams-0.11.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.5/b3035f37e674c04dafe36a660c3815cc59f764e2/jackson-databind-2.8.5.jar
Dependency Hierarchy:
- kafka-streams-0.11.0.0.jar (Root Library)
- connect-json-0.11.0.0.jar
- ❌ jackson-databind-2.8.5.jar (Vulnerable Library)
jackson-databind-2.7.9.3.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/datastax-cassandra-3/datastax-cassandra-3.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.7.9.3/fc6d8373d2f5a012473c764c3556704be6da15e/jackson-databind-2.7.9.3.jar
Dependency Hierarchy:
- cassandra-driver-core-3.11.0.jar (Root Library)
- ❌ jackson-databind-2.7.9.3.jar (Vulnerable Library)
jackson-databind-2.9.1.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/transport-5.3/transport-5.3.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.9.1/716da1830a2043f18882fc036ec26eb32cbe5aff/jackson-databind-2.9.1.jar
Dependency Hierarchy:
- spring-data-elasticsearch-3.0.0.RELEASE.jar (Root Library)
- ❌ jackson-databind-2.9.1.jar (Vulnerable Library)
Found in HEAD commit: 2819174635979a19573ec0ce8e3e2b63a3848079
Found in base branch: master
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022
Release Date: 2019-03-17
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.2
Direct dependency fix Resolution (com.typesafe.play:play_2.12): 2.6.21
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.2
Direct dependency fix Resolution (org.springframework.amqp:spring-rabbit): 2.0.2.RELEASE
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.9.6
Direct dependency fix Resolution (io.vertx:vertx-rx-java2): 3.5.4
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.6.7.3
Direct dependency fix Resolution (com.amazonaws:aws-java-sdk-sqs): 1.11.660
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.7.9.4
Direct dependency fix Resolution (com.typesafe.play:play_2.11): 2.6.0
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.6.7.3
Direct dependency fix Resolution (com.typesafe.play:play_2.11): 2.5.0
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.6.7.3
Direct dependency fix Resolution (com.amazonaws:aws-java-sdk-kinesis): 1.11.660
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.9.6
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-webflux): 2.0.3.RELEASE
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.6.7.3
Direct dependency fix Resolution (org.springframework.data:spring-data-elasticsearch): 2.1.0.RELEASE
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.2
Direct dependency fix Resolution (com.lightbend.lagom:lagom-javadsl-testkit_2.11): 1.5.0
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.7.9.4
Direct dependency fix Resolution (com.netflix.zuul:zuul-core): 2.1.1
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.2
Direct dependency fix Resolution (com.twilio.sdk:twilio): 7.0.0
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.7.9.4
Direct dependency fix Resolution (com.typesafe.play:play-java_2.11): 2.6.0
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.6.7.3
Direct dependency fix Resolution (io.dropwizard:dropwizard-testing): 1.3.0
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.6.7.3
Direct dependency fix Resolution (org.springframework.data:spring-data-couchbase): 2.2.0.RELEASE
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.6.7.3
Direct dependency fix Resolution (com.typesafe.play:play-java-ws_2.11): 2.5.0
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.7.9.4
Direct dependency fix Resolution (io.vertx:vertx-web): 3.5.0
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.2
Direct dependency fix Resolution (com.typesafe.play:play_2.11): 2.7.0
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.2
Direct dependency fix Resolution (org.apache.kafka:kafka-streams): 0.11.0.3
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.7.9.4
Direct dependency fix Resolution (com.datastax.cassandra:cassandra-driver-core): 3.11.2
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.9.6
Direct dependency fix Resolution (org.springframework.data:spring-data-elasticsearch): 3.0.8.RELEASE
CVE-2018-12022 - High Severity Vulnerability
jackson-databind-2.8.11.1.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/benchmark-integration/play-perftest/play-perftest.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.11.1/341edc63fdd8b44e17b2c36abbc9b451d8fd05a5/jackson-databind-2.8.11.1.jar
Dependency Hierarchy:
jackson-databind-2.8.4.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/spring-rabbit/spring-rabbit.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.4/1c36c81e79cacdf48116afba8495e3393d267ba1/jackson-databind-2.8.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.4/1c36c81e79cacdf48116afba8495e3393d267ba1/jackson-databind-2.8.4.jar
Dependency Hierarchy:
jackson-databind-2.9.0.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/vertx-rx-3.5/vertx-rx-3.5.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.9.0/14fb5f088cc0b0dc90a73ba745bcade4961a3ee3/jackson-databind-2.9.0.jar
Dependency Hierarchy:
jackson-databind-2.7.9.1.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/appsec/weblog/weblog-spring-app/weblog-spring-app.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.7.9.1/85343e40e4f68d4a25226d53736646abaf0ae039/jackson-databind-2.7.9.1.jar,/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.7.9.1/85343e40e4f68d4a25226d53736646abaf0ae039/jackson-databind-2.7.9.1.jar
Dependency Hierarchy:
jackson-databind-2.5.3.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/aws-java-sdk-1.11.0/aws-java-sdk-1.11.0.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.5.3/c37875ff66127d93e5f672708cb2dcc14c8232ab/jackson-databind-2.5.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.5.3/c37875ff66127d93e5f672708cb2dcc14c8232ab/jackson-databind-2.5.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.5.3/c37875ff66127d93e5f672708cb2dcc14c8232ab/jackson-databind-2.5.3.jar
Dependency Hierarchy:
jackson-databind-2.7.8.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-smoke-tests/play-2.5/play-2.5.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.7.8/9bc551426f1e19b4e2d87bb4bb2e19f8ecf8d578/jackson-databind-2.7.8.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.7.8/9bc551426f1e19b4e2d87bb4bb2e19f8ecf8d578/jackson-databind-2.7.8.jar
Dependency Hierarchy:
jackson-databind-2.5.4.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-smoke-tests/play-2.4/play-2.4.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.5.4/5dfa42af84584b4a862ea488da84bbbebbb06c35/jackson-databind-2.5.4.jar
Dependency Hierarchy:
jackson-databind-2.6.6.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/aws-java-sqs-1.0/aws-java-sqs-1.0.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.6.6/5108dde6049374ba980b360e1ecff49847baba4a/jackson-databind-2.6.6.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.6.6/5108dde6049374ba980b360e1ecff49847baba4a/jackson-databind-2.6.6.jar
Dependency Hierarchy:
jackson-databind-2.9.4.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/spring-webflux-5/spring-webflux-5.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.9.4/498bbc3b94f566982c7f7c6d4d303fce365529be/jackson-databind-2.9.4.jar
Dependency Hierarchy:
jackson-databind-2.6.5.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/transport-2/transport-2.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.6.5/d50be1723a09befd903887099ff2014ea9020333/jackson-databind-2.6.5.jar
Dependency Hierarchy:
jackson-databind-2.8.11.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/akka-http-10.0/akka-http-10.0.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.11/569a9f220273024523799dba9dd358121b0ee09/jackson-databind-2.8.11.jar
Dependency Hierarchy:
jackson-databind-2.7.5.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/spring-cloud-zuul-2/spring-cloud-zuul-2.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.7.5/ca7084021d9f213003eafe2583d1783d3d6a3685/jackson-databind-2.7.5.jar
Dependency Hierarchy:
jackson-databind-2.8.7.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/twilio/twilio.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.7/6c3257ef458ac58a8da69a6dca3d2a15286d88c8/jackson-databind-2.8.7.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.7/6c3257ef458ac58a8da69a6dca3d2a15286d88c8/jackson-databind-2.8.7.jar
Dependency Hierarchy:
jackson-databind-2.7.1.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/play-2.4/play-2.4.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.7.1/14d88822bca655de7aa6ed3e4c498d115505710a/jackson-databind-2.7.1.jar
Dependency Hierarchy:
jackson-databind-2.8.3.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-smoke-tests/log-injection/log-injection.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.3/cea3788c72271d45676ce32c0665991674b24cc5/jackson-databind-2.8.3.jar
Dependency Hierarchy:
jackson-databind-2.3.3.jar
General data-binding functionality for Jackson: works on core streaming API
Path to dependency file: /dd-java-agent/instrumentation/jax-rs-annotations-1/jax-rs-annotations-1.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.3.3/63b77400b5f1cf83a81823562c48d3120ef5518e/jackson-databind-2.3.3.jar
Dependency Hierarchy:
jackson-databind-2.6.4.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/couchbase-2.0/couchbase-2.0.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.6.4/f2abadd10891512268b16a1a1a6f81890f3e2976/jackson-databind-2.6.4.jar
Dependency Hierarchy:
jackson-databind-2.3.2.jar
General data-binding functionality for Jackson: works on core streaming API
Path to dependency file: /dd-java-agent/instrumentation/dropwizard/dropwizard-views/dropwizard-views.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.3.2/c75edc740a6d8cb1cef6fa82fa594e0bce561916/jackson-databind-2.3.2.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.3.2/c75edc740a6d8cb1cef6fa82fa594e0bce561916/jackson-databind-2.3.2.jar
Dependency Hierarchy:
jackson-databind-2.7.4.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/vertx-web-3.4/vertx-web-3.4.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.7.4/1e9c6f3659644aeac84872c3b62d8e363bf4c96d/jackson-databind-2.7.4.jar
Dependency Hierarchy:
jackson-databind-2.8.9.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/play-2.6/play-2.6.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.9/4dfca3975be3c1a98eacb829e70f02e9a71bc159/jackson-databind-2.8.9.jar
Dependency Hierarchy:
jackson-databind-2.8.5.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/kafka-streams-0.11/kafka-streams-0.11.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.8.5/b3035f37e674c04dafe36a660c3815cc59f764e2/jackson-databind-2.8.5.jar
Dependency Hierarchy:
jackson-databind-2.7.9.3.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/datastax-cassandra-3/datastax-cassandra-3.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.7.9.3/fc6d8373d2f5a012473c764c3556704be6da15e/jackson-databind-2.7.9.3.jar
Dependency Hierarchy:
jackson-databind-2.9.1.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /dd-java-agent/instrumentation/elasticsearch/transport-5.3/transport-5.3.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.9.1/716da1830a2043f18882fc036ec26eb32cbe5aff/jackson-databind-2.9.1.jar
Dependency Hierarchy:
Found in HEAD commit: 2819174635979a19573ec0ce8e3e2b63a3848079
Found in base branch: master
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.
Publish Date: 2019-03-21
URL: CVE-2018-12022
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022
Release Date: 2019-03-17
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.2
Direct dependency fix Resolution (com.typesafe.play:play_2.12): 2.6.21
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.2
Direct dependency fix Resolution (org.springframework.amqp:spring-rabbit): 2.0.2.RELEASE
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.9.6
Direct dependency fix Resolution (io.vertx:vertx-rx-java2): 3.5.4
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.6.7.3
Direct dependency fix Resolution (com.amazonaws:aws-java-sdk-sqs): 1.11.660
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.7.9.4
Direct dependency fix Resolution (com.typesafe.play:play_2.11): 2.6.0
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.6.7.3
Direct dependency fix Resolution (com.typesafe.play:play_2.11): 2.5.0
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.6.7.3
Direct dependency fix Resolution (com.amazonaws:aws-java-sdk-kinesis): 1.11.660
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.9.6
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-webflux): 2.0.3.RELEASE
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.6.7.3
Direct dependency fix Resolution (org.springframework.data:spring-data-elasticsearch): 2.1.0.RELEASE
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.2
Direct dependency fix Resolution (com.lightbend.lagom:lagom-javadsl-testkit_2.11): 1.5.0
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.7.9.4
Direct dependency fix Resolution (com.netflix.zuul:zuul-core): 2.1.1
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.2
Direct dependency fix Resolution (com.twilio.sdk:twilio): 7.0.0
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.7.9.4
Direct dependency fix Resolution (com.typesafe.play:play-java_2.11): 2.6.0
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.6.7.3
Direct dependency fix Resolution (io.dropwizard:dropwizard-testing): 1.3.0
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.6.7.3
Direct dependency fix Resolution (org.springframework.data:spring-data-couchbase): 2.2.0.RELEASE
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.6.7.3
Direct dependency fix Resolution (com.typesafe.play:play-java-ws_2.11): 2.5.0
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.7.9.4
Direct dependency fix Resolution (io.vertx:vertx-web): 3.5.0
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.2
Direct dependency fix Resolution (com.typesafe.play:play_2.11): 2.7.0
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.2
Direct dependency fix Resolution (org.apache.kafka:kafka-streams): 0.11.0.3
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.7.9.4
Direct dependency fix Resolution (com.datastax.cassandra:cassandra-driver-core): 3.11.2
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.9.6
Direct dependency fix Resolution (org.springframework.data:spring-data-elasticsearch): 3.0.8.RELEASE
⛑️ Automatic Remediation is available for this issue