VIR Vulnerability Intelligence Relay

CVE-2019-12384

high
Published 2019-07-05 · Modified 2019-09-10
CVSS v3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS v2
VIR risk
8.0

Description

Important: pki-deps:10.6 security update

Predictions

Exploit likelihood
30%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2019-2720.html

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2019:2720

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2019-12384

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed2.9.8-3
debian debianbullseyefixed2.9.8-3
debian debianforkyfixed2.9.8-3
debian debiansidfixed2.9.8-3
debian debiantrixiefixed2.9.8-3
rockylinux rocky8fixed

Package impact
EcosystemPackageVulnerableFixed
java Mavencom.fasterxml.jackson.core:jackson-databind>=2.9.0,<2.9.9.12.9.9.1
java Mavencom.fasterxml.jackson.core:jackson-databind>=2.8.0,<2.8.11.42.8.11.4
java Mavencom.fasterxml.jackson.core:jackson-databind>=2.7.0,<2.7.9.62.7.9.6
java Mavencom.fasterxml.jackson.core:jackson-databind>=2.0.0,<2.6.7.32.6.7.3

References

Verify integrity in audit chain (admin only). AS-IS.