vulnerability

Red Hat OpenShift: CVE-2018-19360: jackson-databind: improper polymorphic deserialization in axis2-transport-jms class

Name: Red Hat OpenShift: CVE-2018-19360: jackson-databind: improper polymorphic deserialization in axis2-transport-jms class
Creator: Red Hat
Published: 2019-01-02T00:00:00.000Z
Keywords: CVE, CWE-502, Red Hat OpenShift, 2018, 19360, jackson, linuxrpm-upgrade-logging, Severity 8

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Jan 2, 2019

Added

Oct 8, 2019

Modified

Mar 30, 2026

Description

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.

Solution

linuxrpm-upgrade-logging

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report