rpms / rh-maven35-jackson-databind

Clone
Source Code
GIT

Files

  1.   6a8cc2a428154e9870ab9b8af584ee6ec3ea9cff
  2.   SOURCES
  3.   CVE-2018-19362.patch
Blob Blame History Raw 
From db7d2b4818b67564cf20b0478d1416655d255528 Mon Sep 17 00:00:00 2001
From: Mikolaj Izdebski <mizdebsk@redhat.com>
Date: Tue, 2 Apr 2019 14:00:12 +0200
Subject: [PATCH 14/14] CVE-2018-19362

---
 .../jackson/databind/jsontype/impl/SubTypeValidator.java        | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
index 8b3319b54..3c288e605 100644
--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
@@ -70,6 +70,8 @@ public class SubTypeValidator
         // CVE-2018-19361
         s.add("org.apache.openjpa.ee.RegistryManagedRuntime");
         s.add("org.apache.openjpa.ee.JNDIManagedRuntime");
+        // CVE-2018-19362
+        s.add("org.jboss.util.propertyeditor.DocumentEditor");
         DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
     }
 
-- 
2.20.1

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation