Code Review / music.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: f96ce58) | patch
Jackson Faster-xml vulnerability. 22/95822/1
authorThomas Nelson (arthurdent3) <nelson24@att.com>
Tue, 17 Sep 2019 13:49:58 +0000 (09:49 -0400)
committerThomas Nelson (arthurdent3) <nelson24@att.com>
Tue, 17 Sep 2019 13:52:53 +0000 (09:52 -0400)
commit5a742d9e9dce7c3da9ba193d61f0505e7cc57ec5
tree46f8f560821c1de4082740cdb4bf05b54f0d8a2btree | snapshot
parentf96ce582847ffde86516d131fd3857023b8ae66acommit | diff
Jackson Faster-xml vulnerability.

CVE-2019-14439 Information Disclosure Vulnerability

FasterXML Jackson-databind is prone to an information-disclosure
vulnerability that occurs due to a polymorphic typing issue.
Specifically, this issue occurs when an externally exposed JSON endpoint
has default typing enabled and has logback jar in the classpath.

An attacker can exploit this issue to obtain sensitive information that
may aid in further attacks.

Issue-ID: MUSIC-504
Signed-off-by: Thomas Nelson (arthurdent3) <nelson24@att.com>
Signed-off-by: Thomas Nelson (arthurdent3) <nelson24@att.com>
Change-Id: I2c31986ff2d792d482f84406e96c47dbf652f32f
pom.xml diff | blob | history
version.properties diff | blob | history
This repo contains the code for a multi-site coordination service (MUSIC) and associated recipes that enables efficient, highly available state-management across geo-redundant sites.