Cloud Foundry Logo
blog single gear
Blog
Security Advisory

Various CVEs: UAA consumes vulnerable versions of FasterXML jackson-databind

by: November 13, 2019

Severity

Critical

Vendor

Cloud Foundry Foundation

Description

Cloud Foundry UAA, versions prior to 74.7.0, contain a dependency on a vulnerable version of FasterXML jackson-databind. These issues have the CVEs CVE-2019-17531, CVE-2019-14379, CVE-2019-16942, CVE-2019-14540, CVE-2019-17267, CVE-2019-16335, and CVE-2019-16943.

Affected Cloud Foundry Products and Versions

  • CF Deployment
    • All versions prior to v12.7.0
  • UAA
    • All versions prior to v74.7.0

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:

  • CF Deployment
    • Upgrade All versions to v12.6.0 or greater
  • UAA
    • Upgrade All versions to v74.6.0 or greater

History

2019-11-06: Initial vulnerability report published.

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

USN-3899-1: OpenSSL vulnerability
Security Advisory

USN-3899-1: OpenSSL vulnerability

by Cloud Foundry Foundation Security Team March 21, 2019
USN-6664-1: less vulnerability
Security Advisory

USN-6664-1: less vulnerability

by Cloud Foundry Foundation Security Team April 4, 2024
CVE-2016-0800 & CVE-2016-0703 OpenSSL vulnerabilities
Security Advisory

CVE-2016-0800 & CVE-2016-0703 OpenSSL vulnerabilities

by Cloud Foundry Foundation Security Team March 2, 2016
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept