公告ID: KYLIN-2019-12384
安全等级: 重要
产品: Kylin V3
发布日期: 2019年6月21日
CVE: CVE-2019-12384
CVSS3评分: 8.1
概述:
Kylin OpenStack's OpenDaylight does not use logback in any supported configuration. Therefore, the prerequisites for this vulnerability are not present and OpenDaylight is not affected. 描述:
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible. 系统版本:
KYLIN 3.4.x
受影响包列表:
pki-deps:10.6/jackson-databind