Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Jboss EAP Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability - CVE-2019-14379 - Vulnerability Database
Jboss EAP

Jboss EAP Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability - CVE-2019-14379

Critical
Reference: CVE-2019-14379
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-14379
Title: Jboss EAP Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability
Overview:

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup) leading to remote code execution.