Oracle Database 19c Client (19.3) has jackson-databind vulnerabilities
Hey
Im using Oracle Database 19c Client (19.3) (which is the latest from the website) on windows and on linux, but seems to contain jackson-databind vulnerabilties
Ie this download
Specifically this file:
/oracle/product/19.0.0/client_1/OPatch/auto/core/modules/legacyoui/jackson-databind-2.9.5.jar -> META-INF/maven/com.fasterxml.jackson.core/jackson-databind
CVES:
- CVE-2018-11307 - Deserialization vulnerability in jackson-databind 2.7.0 to 2.9.5
- CVE-2018-14718 - Polymorphic deserialization vulnerability in jackson-databind before 2.9.7
- CVE-2018-14719 - Polymorphic deserialization vulnerability in jackson-databind before 2.9.7
- CVE-2018-14720 - Polymorphic deserialization vulnerability in jackson-databind before 2.9.7
- CVE-2018-19360 - Deserialization vulnerability in jackson-databind before 2.9.8
- CVE-2018-19362 - Deserialization vulnerability in jackson-databind before 2.9.8
0