diff options
author | Thomas Nelson (arthurdent3) <nelson24@att.com> | 2019-09-17 09:49:58 -0400 |
---|---|---|
committer | Thomas Nelson (arthurdent3) <nelson24@att.com> | 2019-09-17 09:52:53 -0400 |
commit | 5a742d9e9dce7c3da9ba193d61f0505e7cc57ec5 (patch) | |
tree | 46f8f560821c1de4082740cdb4bf05b54f0d8a2b /src/test/java/org/onap | |
parent | f96ce582847ffde86516d131fd3857023b8ae66a (diff) |
Jackson Faster-xml vulnerability.
CVE-2019-14439 Information Disclosure Vulnerability
FasterXML Jackson-databind is prone to an information-disclosure
vulnerability that occurs due to a polymorphic typing issue.
Specifically, this issue occurs when an externally exposed JSON endpoint
has default typing enabled and has logback jar in the classpath.
An attacker can exploit this issue to obtain sensitive information that
may aid in further attacks.
Issue-ID: MUSIC-504
Signed-off-by: Thomas Nelson (arthurdent3) <nelson24@att.com>
Signed-off-by: Thomas Nelson (arthurdent3) <nelson24@att.com>
Change-Id: I2c31986ff2d792d482f84406e96c47dbf652f32f
Diffstat (limited to 'src/test/java/org/onap')
0 files changed, 0 insertions, 0 deletions