CVE-2018-19361 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-19361 Interim 1 19 2023-06-13T00:40:17Z current 2021-05-30T14:18:41Z 2023-06-13T00:40:17Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-19361 FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP4 openSUSE Tumbleweed jackson-databind-2.10.2-1.74 jackson-databind-2.10.5.1-2.2 jackson-databind-2.10.5.1-3.3.2 jackson-databind-2.10.5.1-3.5.1 jackson-databind-2.13.4.2-150200.3.12.1 jackson-databind-javadoc-2.10.5.1-2.2 jackson-databind-2.10.5.1-3.5.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP4 jackson-databind-2.13.4.2-150200.3.12.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 jackson-databind-2.10.2-1.74 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP2 jackson-databind-2.10.5.1-3.3.2 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP3 jackson-databind-2.10.5.1-2.2 as a component of openSUSE Tumbleweed jackson-databind-javadoc-2.10.5.1-2.2 as a component of openSUSE Tumbleweed FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. CVE-2018-19361 SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.10.5.1-3.5.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:jackson-databind-2.13.4.2-150200.3.12.1 SUSE Linux Enterprise Module for Development Tools 15 SP2:jackson-databind-2.10.2-1.74 SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.10.5.1-3.3.2 openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2 openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H