CDH6.3.1集群修复Jackson-databind远程代码执行漏洞 CVE-2019-12384

最新推荐文章于 2024-05-03 22:30:16 发布
最新推荐文章于 2024-05-03 22:30:16 发布
阅读量2k 收藏 8
点赞数 3
分类专栏: Linux系统 文章标签: 安全
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/lhmood/article/details/107528143
版权

系统环境

CentOS 7.7.1908
CDH 6.3.1
Jackson-databind 2.9.8/2.9.9/2.9.9.3

漏洞描述

【CVE】
CVE-2019-12384
【漏洞描述】
由于Jackson黑名单过滤不完整而导致,当开发人员在应用程序中通过ObjectMapper对象调用enableDefaultTyping方法时,程序就会受到此漏洞的影响,攻击者就可利用构造的包含有恶意代码的json数据包对应用进行攻击,直接获取服务器控制权限。
【受影响版本】
Jackson-databind < 2.6.7.3 ,2.7.0 - 2.7.9.5 , 2.8.0 - 2.8.11.3 , 2.9.0 - 2.9.9.3
【升级建议】
1.该漏洞,漏洞修复后需要服务重启,建议业务不繁忙时修复。
下载更新:https://github.com/FasterXML/jackson-databind/releases
2.请参考Maven中的升级方法升级到 2.6.7.3、2.7.9.6、2.8.11.4、2.9.10及以上最新版本修复该漏洞。

修复过程

  1. 使用find命令查找系统Jackson-databind包
    find / -name “jackson-databind*”
  2. 编写修复脚本,由于jackson-databind关联的包比较多,为防止依赖风险,需要将其他jackson包都升级至2.9.10,jackson-databind升级至2.9.10.3, 具体脚本如下所示:
#!/bin/bash
########################################
#    upgrade jackson-databind version  #
#    write by BertramLAU               #
#    v1.0                              #
########################################

#define package versions
OLD_VERSION="2.9.8"
NEW_MAIN_VERSION="2.9.10"
NEW_MINUS_VERSION="2.9.10.3"
MAIN_PACKAGE="jackson"


CDH_COMMON_JARS_PATH="/opt/cloudera/cm/common_jars"
CLOUDERA_NAVIGATOR_SERVER_CDH5_JARS_PATH="/opt/cloudera/cm/cloudera-navigator-server/libs/cdh5"
CLOUDERA_NAVIGATOR_SERVER_CDH6_JARS_PATH="/opt/cloudera/cm/cloudera-navigator-server/libs/cdh6"
CLOUDERA_NAVIGATOR_SERVER_JARS_PATH="/opt/cloudera/cm/cloudera-navigator-server/jars"
CLOUDERA_SCM_TELEPUB_JARS_PATH="/opt/cloudera/cm/cloudera-scm-telepub/jars"
CLOUDERA_NAVIGATOR_AUDIT_SERVER_JARS_PATH="/opt/cloudera/cm/cloudera-navigator-audit-server"
CDH_LIB_PATH="/opt/cloudera/cm/lib"
CDH_JARS_PATH="/opt/cloudera/parcels/CDH-6.3.1-1.cdh6.3.1.p0.1470567/jars"

CDH_ROOT_LIB_PATH="/opt/cloudera/parcels/CDH-6.3.1-1.cdh6.3.1.p0.1470567/lib"
CDH_FLINK_ROOT_LIB_PATH="/opt/cloudera/parcels/FLINK-1.9.0-csa1.0.0.0-cdh6.3.0/lib"
FLINK_LIB_PATH="flink/lib"


HBASE_SOLR_PATH="hbase-solr/lib"
KITE_LIB_PATH="kite/lib"
SENTRY_LIB_PATH="sentry/lib"
OOZIE_LIBTOOLS_PATH="oozie/libtools"
OOZIE_EMBEDDED_OOZIE_SERVER_PATH="oozie/embedded-oozie-server/webapp/WEB-INF/lib"
OOZIE_SHARELIB_YARN_HIVE_PATH="oozie/oozie-sharelib-yarn/lib/hive"
OOZIE_SHARELIB_YARN_SPARK_PATH="oozie/oozie-sharelib-yarn/lib/spark"
OOZIE_SHARELIB_YARN_SQOOP_PATH="oozie/oozie-sharelib-yarn/lib/sqoop"
OOZIE_SHARELIB_YARN_PIG_PATH="oozie/oozie-sharelib-yarn/lib/pig"
OOZIE_SHARELIB_YARN_HIVE2_PATH="oozie/oozie-sharelib-yarn/lib/hive2"
OOZIE_SHARELIB_YARN_HCATALOG_PATH="oozie/oozie-sharelib-yarn/lib/hcatalog"
OOZIE_SHARELIB_YARN_GIT_PATH="oozie/oozie-sharelib-yarn/lib/git"

OOZIE_LIB_PATH="oozie/lib"
SEARCH_LIB_SEARCH_CRUNCH_PATH="search/lib/search-crunch"
SEARCH_LIB_PATH="search/lib"

HIVE_LIB_PATH="hive/lib"
SOLR_SERVER_LIB_EXT_PATH="solr/server/lib/ext"
SOLR_SERVER_WEBAPP_PATH="solr/server/solr-webapp/webapp/WEB-INF/lib"
FLUME_NG_LIB_PATH="flume-ng/lib"
KAFKA_LIBS_PATH="kafka/libs"
SPARK_JARS_PATH="spark/jars"
SQOOP_LIB_PATH="sqoop/lib"
PIG_LIB_PATH="pig/lib"
PIG_LIB_SPARK_PATH="pig/lib/spark"
IMPALA_LIB_PATH="impala/lib"
HBASE_LIB_PATH="hbase/lib"
HADOOP_YARN_LIB_PATH="hadoop-yarn/lib"
HADOOP_HDFS_LIB_PATH="hadoop-hdfs/lib"
HADOOP_CLIENT_PATH="hadoop/client"
HADOOP_LIB_PATH="hadoop/lib"
PARQUET_LIB_PATH="parquet/lib"

#define the old version paths 
#for 2.9.8
TARGET_PATHS=(
    $CLOUDERA_NAVIGATOR_SERVER_CDH5_JARS_PATH
    $CLOUDERA_NAVIGATOR_SERVER_CDH6_JARS_PATH
    $CLOUDERA_NAVIGATOR_SERVER_JARS_PATH
    $CLOUDERA_SCM_TELEPUB_JARS_PATH
    $CLOUDERA_NAVIGATOR_AUDIT_SERVER_JARS_PATH
    $CDH_LIB_PATH
)

#for 2.9.9
NEW_TARGET_PATHS=(
    "$CDH_ROOT_LIB_PATH/$HBASE_SOLR_PATH"
    "$CDH_ROOT_LIB_PATH/$KITE_LIB_PATH"
    "$CDH_ROOT_LIB_PATH/$SENTRY_LIB_PATH"
    "$CDH_ROOT_LIB_PATH/$HADOOP_YARN_LIB_PATH"
    "$CDH_ROOT_LIB_PATH/$HADOOP_HDFS_LIB_PATH"
    "$CDH_ROOT_LIB_PATH/$HADOOP_LIB_PATH"
    "$CDH_ROOT_LIB_PATH/$HADOOP_CLIENT_PATH"
    "$CDH_ROOT_LIB_PATH/$PARQUET_LIB_PATH"
    "$CDH_ROOT_LIB_PATH/$OOZIE_LIBTOOLS_PATH" 
    "$CDH_ROOT_LIB_PATH/$OOZIE_EMBEDDED_OOZIE_SERVER_PATH"
    "$CDH_ROOT_LIB_PATH/$OOZIE_SHARELIB_YARN_HIVE_PATH"
    "$CDH_ROOT_LIB_PATH/$OOZIE_SHARELIB_YARN_SPARK_PATH"
    "$CDH_ROOT_LIB_PATH/$OOZIE_SHARELIB_YARN_SQOOP_PATH"
    "$CDH_ROOT_LIB_PATH/$OOZIE_SHARELIB_YARN_PIG_PATH"
    "$CDH_ROOT_LIB_PATH/$OOZIE_SHARELIB_YARN_HIVE2_PATH"
    "$CDH_ROOT_LIB_PATH/$OOZIE_SHARELIB_YARN_HCATALOG_PATH"
    "$CDH_ROOT_LIB_PATH/$OOZIE_SHARELIB_YARN_GIT_PATH"
    "$CDH_ROOT_LIB_PATH/$OOZIE_LIB_PATH"
    "$CDH_ROOT_LIB_PATH/$SEARCH_LIB_SEARCH_CRUNCH_PATH"
    "$CDH_ROOT_LIB_PATH/$SEARCH_LIB_PATH"
    "$CDH_ROOT_LIB_PATH/$HIVE_LIB_PATH"
    "$CDH_ROOT_LIB_PATH/$IMPALA_LIB_PATH"
    "$CDH_ROOT_LIB_PATH/$SOLR_SERVER_LIB_EXT_PATH"
    "$CDH_ROOT_LIB_PATH/$SOLR_SERVER_WEBAPP_PATH"
    "$CDH_ROOT_LIB_PATH/$FLUME_NG_LIB_PATH"
    "$CDH_ROOT_LIB_PATH/$KAFKA_LIBS_PATH"
    "$CDH_ROOT_LIB_PATH/$SPARK_JARS_PATH"
    "$CDH_ROOT_LIB_PATH/$PIG_LIB_PATH"
    "$CDH_ROOT_LIB_PATH/$PIG_LIB_SPARK_PATH"
    "$CDH_ROOT_LIB_PATH/$SQOOP_LIB_PATH"
    "$CDH_ROOT_LIB_PATH/$HBASE_LIB_PATH"
    "$CDH_FLINK_ROOT_LIB_PATH/$FLINK_LIB_PATH"
)

declare -A PACKAGE_SUBPATH_DICT
declare -A PACKAGE_VERSION_DICT
PACKAGE_SUBPATH_DICT=([jackson-dataformat-csv]="dataformat" [jackson-dataformat-xml]="dataformat" [jackson-dataformat-yaml]="dataformat" [jackson-module-jsonSchema]="module" [jackson-dataformat-cbor]="dataformat" [jackson-dataformat-smile]="dataformat" [jackson-datatype-joda]="datatype" [jackson-datatype-jdk8]="datatype" [jackson-jaxrs-base]="jaxrs" [jackson-annotations]="core" [jackson-jaxrs-json-provider]="jaxrs" [jackson-core]="core" [jackson-module-jaxb-annotations]="module" [jackson-module-mrbean]="module" [jackson-module-paranamer]="module" [jackson-module-scala_2.11]="module" [jackson-databind]="core")

PACKAGE_VERSION_DICT=([jackson-dataformat-csv]=$NEW_MAIN_VERSION [jackson-dataformat-xml]=$NEW_MAIN_VERSION [jackson-dataformat-smile]=$NEW_MAIN_VERSION [jackson-dataformat-yaml]=$NEW_MAIN_VERSION [jackson-module-paranamer]=$NEW_MAIN_VERSION [jackson-module-scala_2.11]=$NEW_MAIN_VERSION [jackson-datatype-jdk8]=$NEW_MAIN_VERSION [jackson-datatype-joda]=$NEW_MAIN_VERSION [jackson-jaxrs-base]=$NEW_MAIN_VERSION [jackson-module-jsonSchema]=$NEW_MAIN_VERSION [jackson-dataformat-cbor]=$NEW_MAIN_VERSION [jackson-annotations]=$NEW_MAIN_VERSION [jackson-jaxrs-json-provider]=$NEW_MAIN_VERSION [jackson-core]=$NEW_MAIN_VERSION [jackson-module-jaxb-annotations]=$NEW_MAIN_VERSION [jackson-module-mrbean]=$NEW_MAIN_VERSION [jackson-databind]=$NEW_MINUS_VERSION)


PACKAGE_NAMES=(
    jackson-dataformat-csv
    jackson-dataformat-cbor
    jackson-dataformat-yaml
    jackson-dataformat-xml
    jackson-dataformat-smile
    jackson-datatype-joda
    jackson-datatype-jdk8
    jackson-module-jsonSchema
    jackson-jaxrs-base
    jackson-jaxrs-json-provider
    jackson-annotations
    jackson-core
    jackson-module-jaxb-annotations
    jackson-module-mrbean
    jackson-module-paranamer
    jackson-module-scala_2.11
    jackson-databind
)

#1. download jackson jars from maven source
Download(){
    echo "Begin download packages from maven repo"
    for PACKAGE in "${PACKAGE_NAMES[@]}"; do
        SUBPATH=${PACKAGE_SUBPATH_DICT[$PACKAGE]}
        PACKAGE_VERSION=${PACKAGE_VERSION_DICT[$PACKAGE]}
        DOWNLOAD_URL="https://repo1.maven.org/maven2/com/fasterxml/$MAIN_PACKAGE/$SUBPATH/$PACKAGE/$PACKAGE_VERSION/$PACKAGE-$PACKAGE_VERSION.jar"
        #for 2.9.8
        #FILE_FULLPATH="$CDH_COMMON_JARS_PATH/$PACKAGE-$PACKAGE_VERSION.jar"
        #for 2.9.9
        FILE_FULLPATH="$CDH_JARS_PATH/$PACKAGE-$PACKAGE_VERSION.jar"
        if [ -f "$FILE_FULLPATH" ]; then
    	    echo "$FILE_FULLPATH exists, no need download"
        else 
            echo "begin donwload $PACKAGE from URL: $DOWNLOAD_URL"
            wget $DOWNLOAD_URL -O $FILE_FULLPATH
            chmod 755 $FILE_FULLPATH
        fi
    done
    echo "Finished download packages from maven repo"
}
#2. create links to new version jars
CreateLink2NewVersion(){
    #echo "Begin create the new links to CDH_COMMON_JARS_PATH"
    echo "Begin create the new links to CDH_JARS_PATH"
    for PACKAGE in "${PACKAGE_NAMES[@]}"; do
        #for 2.9.8
        #for TGT_PATH in "${TARGET_PATHS[@]}"; do
        for TGT_PATH in "${NEW_TARGET_PATHS[@]}"; do
            PACKAGE_VERSION=${PACKAGE_VERSION_DICT[$PACKAGE]}
            NEW_LINK_FILE="$TGT_PATH/$PACKAGE-$PACKAGE_VERSION.jar"
            NEW_SRC_FILE="$CDH_JARS_PATH/$PACKAGE-$PACKAGE_VERSION.jar"
            if [ -h "$NEW_LINK_FILE" ]; then
                echo "link file:$NEW_LINK_FILE has created!"
            else
                echo "create soft link from $NEW_LINK_FILE to $NEW_SRC_FILE"
	        if [ -f "$NEW_SRC_FILE" ];then
                    ln -s $NEW_SRC_FILE $NEW_LINK_FILE
                else
                    echo "src file:$NEW_SRC_FILE not exist! cannot create soft link"
                fi
                if [ -h "$NEW_LINK_FILE" ]; then
                    echo "create soft link successed!"
                else
                    echo "create soft link failed!"
                fi
            
            fi 
        done      
    done
    echo "Finished create the new links to CDH_COMMON_JARS_PATH"
}


#3. remove links to old version jars
Unlink2OldVersion(){
    echo "Begin remove the old version links"
    for PACKAGE in "${PACKAGE_NAMES[@]}"; do
        declare -a TARGET_DIRS
        TARGET_DIRS=("${NEW_TARGET_PATHS[@]}")
        if [ $OLD_VERSION == "2.9.8" ];then
            TARGET_DIRS=(${TARGET_PATHS[@]})
        fi
        for TGT_PATH in "${TARGET_DIRS[@]}"; do
            OLD_LINK_FILE="$TGT_PATH/$PACKAGE-$OLD_VERSION.jar"
            if [ -h "$OLD_LINK_FILE" ]; then
    	        unlink "$OLD_LINK_FILE"
            else
                echo "unlink failed!link file:$OLD_LINK_FILE not exists!"
            fi
        done 
    done
    echo "Finished remove the old version links"
}

Unlink2NewVersion(){
    echo "Begin remove the new version links"
    for PACKAGE in "${SHIRO_PACKAGE_NAMES[@]}"; do
        NEW_LINK_FILE="$IMPALA_JARS_PATH/$PACKAGE-$NEW_VERSION.jar"
        if [ -h "$NEW_LINK_FILE" ]; then
            unlink "$IMPALA_JARS_PATH/$PACKAGE-$NEW_VERSION.jar"
        else
            echo "unlink failed!link file:$NEW_LINK_FILE not exists!"
        fi
    done
    echo "Finished remove the new version links"
}

#4. delete the old version files
RemoveOLDVersionFILE(){
    echo "Begin clean up the old version files from $CDH_COMMON_JARS_PATH"
    for PACKAGE in "${PACKAGE_NAMES[@]}"; do
         #/opt/cloudera/cm/common_jars/jackson-core-2.9.8.e41844989cf7a437a2fa521f7b3c8328.jar
         if [ $OLD_VERSION == "2.9.8" ];then
             # for 2.9.8
             OLD_VERSION_FILE_PATTERN="$CDH_COMMON_JARS_PATH/$PACKAGE-$OLD_VERSION.*[!.]"
         else
             #for 2.9.9 /2.9.9.3
             OLD_VERSION_FILE_PATTERN="$CDH_JARS_PATH/$PACKAGE-$OLD_VERSION.*[!.]"
         fi
         FLINK_OLD_VERSION_FILE="$CDH_FLINK_ROOT_LIB_PATH/$FLINK_LIB_PATH/$PACKAGE-$OLD_VERSION.jar"
         #get the specific file name
         OLD_VERSION_FILE=`printf "%s" $OLD_VERSION_FILE_PATTERN`
         if [ -f "$OLD_VERSION_FILE" ];then
             rm -vf $OLD_VERSION_FILE
         else
             echo "remove file failed: $OLD_VERSION_FILE not exists!"
         fi
         if [ -f "$FLINK_OLD_VERSION_FILE" ];then
             rm -vf $FLINK_OLD_VERSION_FILE
         else
             echo "remove file failed: $FLINK_OLD_VERSION_FILE not exists!"
         fi
    done   

    echo "Finished lean up the old version files from $CDH_COMMON_JARS_PATH"
}

#Unlink2NewVersion
Download
CreateLink2NewVersion
Unlink2OldVersion
RemoveOLDVersionFILE
  1. 修复效果复测,使用find命令
find / -name "jackson-databind*"|grep -v 2.9.10.3

总结

参考资料

  1. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384
  2. https://blog.csdn.net/XuanAlex/article/details/104749788
bertramlau
关注
  • 3
    点赞
  • 8
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
使用RequestBody注解传递POJO对象时返回HTTP状态码415 - 不支持的媒体类型
奔跑的蜗牛
01-01 1738
org.springframework.web.servlet.mvc.method.annotation.AbstractMessageConverterMethodArgumentResolver#readWithMessageConverters(org.springframework.http.HttpInputMessage, org.springframework.core.MethodParameter, java.lang.reflect.Type) HttpMessage...
CDH6.3.1配套CDH-6.3.1-1.cdh6.3.1.p0.1470567-el7.parcel.sha1
06-01
博主CDH6.3.1配套CDH-6.3.1-1.cdh6.3.1.p0.1470567-el7.parcel.sha1,仅仅限制安装博主文章中CDH-6.3.1-中使用
jackson-dataformat-cbor-2.9.6-API文档-中英对照版.zip
06-12
赠送jar包:jackson-dataformat-cbor-2.9.6.jar; 赠送原API文档:jackson-dataformat-cbor-2.9.6-javadoc.jar; 赠送源代码:jackson-dataformat-cbor-2.9.6-sources.jar; 赠送Maven依赖信息文件:jackson-dataformat-cbor-2.9.6.pom; 包含翻译后的API文档:jackson-dataformat-cbor-2.9.6-javadoc-API文档-中文(简体)-英语-对照版.zip; Maven坐标:com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.9.6; 标签:fasterxml、jackson、dataformat、cbor、中英对照文档、jar包、java; 使用方法:解压翻译后的API文档,用浏览器打开“index.html”文件,即可纵览文档内容。 人性化翻译,文档中的代码和结构保持不变,注释和说明精准翻译,请放心使用。 双语对照,边学技术、边学英语。
2024年网络安全最新再爆安全漏洞,这次轮到Jackson了,竟由阿里云上报
最新发布
2401_84297455的博客
05-03 1127
熟悉A哥的小伙伴知道,自从Fastjson上次爆出重大安全漏洞之后,我彻底的投入到了Jackson的阵营,工作中也慢慢去Fastjson化。
(环境搭建+复现)CVE-2019-12384 Jackson 远程代码执行漏洞
daxi0ng的博客
03-30 4232
1、【CVE编号】 CVE-2019-12384 2、【漏洞名称】 Jackson 远程命令执行漏洞 3、【靶标分类】 Web类型类靶标 4、【影响版本】 Jackson-databind 2.X < 2.9.9.1 5、【漏洞分类】 代码执行 6、【漏洞等级】 高 7、【漏洞简介】 由于Jackson黑名单过滤不完整而导致,当开发人员在应用程序中通过ObjectMapper对象调用enab...
初识Jackson——世界上最好的JSON库
chijiansong的博客
12-03 994
初识Jackson——世界上最好的JSON库 一个工程仅需一个JSON库 Java的JSON库,你至少应该用过/听过这三种:Jackson、Gson、Fastjson。一个独立的工程,按照依赖最少原则,本应该only one JSON库是足矣的。但现状是:各位同仁可观察观察各自的项目,大都同时存在2种JSON库,亦或者3种甚至更多... 说明:在同一个工程内,同一功能若有多种实现,实属不好的现象。这会让管理起来显得混乱(譬如对日期的格式化就不方便做到统一),出口若有多个,想收口时就是个大难题了.
jackson-dataformat-cbor-2.9.6-API文档-中文版.zip
06-26
赠送jar包:jackson-dataformat-cbor-2.9.6.jar; 赠送原API文档:jackson-dataformat-cbor-2.9.6-javadoc.jar; 赠送源代码:jackson-dataformat-cbor-2.9.6-sources.jar; 赠送Maven依赖信息文件:jackson-dataformat-cbor-2.9.6.pom; 包含翻译后的API文档:jackson-dataformat-cbor-2.9.6-javadoc-API文档-中文(简体)版.zip; Maven坐标:com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.9.6; 标签:fasterxml、jackson、dataformat、cbor、中文文档、jar包、java; 使用方法:解压翻译后的API文档,用浏览器打开“index.html”文件,即可纵览文档内容。 人性化翻译,文档中的代码和结构保持不变,注释和说明精准翻译,请放心使用。
CDH 6.3.1 ranger ranger-2.1.0-admin.tar.gz
11-04
《CDH 6.3.1与Ranger 2.1.0-Admin模块详解》 在大数据领域,Cloudera Data Hub (CDH) 是一个广泛应用的企业级Hadoop发行版,它提供了一整套开源大数据工具和服务。CDH 6.3.1 版本是其中的一个重要迭代,它包含了...
cdh6.3.1+cm6.3.1安装包-cdh安装包大全
09-05
而CM(Cloudera Manager)6.3.1则是用于管理和监控CDH集群的工具,提供了一个直观的Web界面,方便用户进行配置、监控和管理。 在安装CDH6.3.1 + CM6.3.1时,首先你需要确保你的操作系统是Redhat7或CentOS7及其以上...
CDH6.3.1-demans-server-agent.rpm合集云资源.txt
09-17
支持CentOS7的CDH6.3.1CDH6.3.2通用的cloudera-manager-server-6.3.1-1466458.el7.x86_64、cloudera-manager-agent-6.3.1-1466458.el7.x86_64、cloudera-manager-daemons-6.3.1-1466458.el7.x86_64
编译好的基于CDH6.3.1的flink1.12.0包-具体看博客.zip
05-27
基于CDH6.3.1编译好的flink1.12.0包,具体部署事宜加我微信cxk0106
jackson-dataformat-cbor-2.8.6-API文档-中英对照版.zip
04-22
赠送jar包:jackson-dataformat-cbor-2.8.6.jar; 赠送原API文档:jackson-dataformat-cbor-2.8.6-javadoc.jar; 赠送源代码:jackson-dataformat-cbor-2.8.6-sources.jar; 赠送Maven依赖信息文件:jackson-dataformat-cbor-2.8.6.pom; 包含翻译后的API文档:jackson-dataformat-cbor-2.8.6-javadoc-API文档-中文(简体)-英语-对照版.zip; Maven坐标:com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.8.6; 标签:dataformat、jackson、fasterxml、cbor、jar包、java、API文档、中英对照版; 使用方法:解压翻译后的API文档,用浏览器打开“index.html”文件,即可纵览文档内容。 人性化翻译,文档中的代码和结构保持不变,注释和说明精准翻译,请放心使用。 双语对照,边学技术、边学英语。
jackson-dataformat-cbor-2.10.0-API文档-中英对照版.zip
07-13
赠送jar包:jackson-dataformat-cbor-2.10.0.jar; 赠送原API文档:jackson-dataformat-cbor-2.10.0-javadoc.jar; 赠送源代码:jackson-dataformat-cbor-2.10.0-sources.jar; 赠送Maven依赖信息文件:jackson-dataformat-cbor-2.10.0.pom; 包含翻译后的API文档:jackson-dataformat-cbor-2.10.0-javadoc-API文档-中文(简体)-英语-对照版.zip; Maven坐标:com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.10.0; 标签:fasterxml、jackson、dataformat、cbor、中英对照文档、jar包、java; 使用方法:解压翻译后的API文档,用浏览器打开“index.html”文件,即可纵览文档内容。 人性化翻译,文档中的代码和结构保持不变,注释和说明精准翻译,请放心使用。 双语对照,边学技术、边学英语。
Jackson_RCE-CVE-2019-12384:CVE-2019-12384 漏洞测试环境
05-26
环境搭建 将项目导入到idea,再配置好maven之后设置自动导入依赖库,然后在本地的web空目录写入如下文件,保存为exec.sql。并启动一个http server: CREATE ALIAS SHELLEXEC AS $$ String shellexec(String cmd) throws java.io.IOException { String[] command = {"/bin/bash", "-c", cmd}; java.util.Scanner s = new java.util.Scanner(Runtime.getRuntime().exec(command).getInputStream()).useDelimiter("\0A"); return s.hasNext() ? s.next() : ""; } $$; CALL SHEL
jackson-dataformat-cbor-2.13.1-API文档-中文版.zip
03-30
赠送jar包:jackson-dataformat-cbor-2.13.1.jar 赠送原API文档:jackson-dataformat-cbor-2.13.1-javadoc.jar 赠送源代码:jackson-dataformat-cbor-2.13.1-sources.jar 包含翻译后的API文档:jackson-dataformat-cbor-2.13.1-javadoc-API文档-中文(简体)版.zip 对应Maven信息:groupId:com.fasterxml.jackson.dataformat,artifactId:jackson-dataformat-cbor,version:2.13.1 使用方法:解压翻译后的API文档,用浏览器打开“index.html”文件,即可纵览文档内容。 人性化翻译,文档中的代码和结构保持不变,注释和说明精准翻译,请放心使用。
jackson框架java反序列化漏洞_预警Jackson < 2.9.9.1 反序列化远程代码执行漏洞(CVE-2019-12384)...
weixin_42540248的博客
03-06 567
2019年7月23日,本站安全专题监测到有安全研究人员披露Jackson < 2.9.9.1 存在反序列化远程代码执行漏洞(CVE-2019-12384),利用可导致远程执行服务器命令,官方git已发布公告说明,请使用到Jackson的用户尽快升级至安全版本。漏洞描述Jackson是一套开源java高性能JSON处理器,其在反序列化处理JSON格式时存在缺陷,当用户提交一个精心构造的恶意JS...
SpringBoot学习--使用jackson返回json数据
热门推荐
阿甘的博客
08-17 1万+
目前java json解析工具有阿里的fastjson,google的GSON,以及SpringMVC 默认的解析工具Jackson。SpringBoot默认自带是jackson,很多json转换速率的比对,如jackson,阿里的fastjson等,jackson足够使用了. 使用jackson 1.pom.xml文件中引用依赖包. &lt;dependency&gt; &l...
logstash的jackson-databind漏洞修复
洁哥哥的博客
06-06 1410
代码jackson-databind漏洞修复
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值