https://bugzilla.redhat.com/show_bug.cgi?id=1775293
Tomas Hoger thoger@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|CVE-2019-17531 |CVE-2019-17531 |jackson-databind: |jackson-databind: |polymorphic typing issue |Serialization gadgets in |when enabling default |org.apache.log4j.receivers. |typing for an externally |db.* |exposed JSON endpoint and | |having apache-log4j-extra | |in the classpath leads to | |code execution |