CDH6.3.1集群修复Jackson-databind远程代码执行漏洞 CVE-2019-12384

最新推荐文章于 2024-05-03 22:30:16 发布
最新推荐文章于 2024-05-03 22:30:16 发布
阅读量1.9k 收藏 8
点赞数 3
分类专栏: Linux系统 文章标签: 安全
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/lhmood/article/details/107528143
版权

系统环境

CentOS 7.7.1908
CDH 6.3.1
Jackson-databind 2.9.8/2.9.9/2.9.9.3

漏洞描述

【CVE】
CVE-2019-12384
【漏洞描述】
由于Jackson黑名单过滤不完整而导致,当开发人员在应用程序中通过ObjectMapper对象调用enableDefaultTyping方法时,程序就会受到此漏洞的影响,攻击者就可利用构造的包含有恶意代码的json数据包对应用进行攻击,直接获取服务器控制权限。
【受影响版本】
Jackson-databind < 2.6.7.3 ,2.7.0 - 2.7.9.5 , 2.8.0 - 2.8.11.3 , 2.9.0 - 2.9.9.3
【升级建议】
1.该漏洞,漏洞修复后需要服务重启,建议业务不繁忙时修复。
下载更新:https://github.com/FasterXML/jackson-databind/releases
2.请参考Maven中的升级方法升级到 2.6.7.3、2.7.9.6、2.8.11.4、2.9.10及以上最新版本修复该漏洞。

修复过程

  1. 使用find命令查找系统Jackson-databind包
    find / -name “jackson-databind*”
  2. 编写修复脚本,由于jackson-databind关联的包比较多,为防止依赖风险,需要将其他jackson包都升级至2.9.10,jackson-databind升级至2.9.10.3, 具体脚本如下所示:
#!/bin/bash
########################################
#    upgrade jackson-databind version  #
#    write by BertramLAU               #
#    v1.0                              #
########################################

#define package versions
OLD_VERSION="2.9.8"
NEW_MAIN_VERSION="2.9.10"
NEW_MINUS_VERSION="2.9.10.3"
MAIN_PACKAGE="jackson"


CDH_COMMON_JARS_PATH="/opt/cloudera/cm/common_jars"
CLOUDERA_NAVIGATOR_SERVER_CDH5_JARS_PATH="/opt/cloudera/cm/cloudera-navigator-server/libs/cdh5"
CLOUDERA_NAVIGATOR_SERVER_CDH6_JARS_PATH="/opt/cloudera/cm/cloudera-navigator-server/libs/cdh6"
CLOUDERA_NAVIGATOR_SERVER_JARS_PATH="/opt/cloudera/cm/cloudera-navigator-server/jars"
CLOUDERA_SCM_TELEPUB_JARS_PATH="/opt/cloudera/cm/cloudera-scm-telepub/jars"
CLOUDERA_NAVIGATOR_AUDIT_SERVER_JARS_PATH="/opt/cloudera/cm/cloudera-navigator-audit-server"
CDH_LIB_PATH="/opt/cloudera/cm/lib"
CDH_JARS_PATH="/opt/cloudera/parcels/CDH-6.3.1-1.cdh6.3.1.p0.1470567/jars"

CDH_ROOT_LIB_PATH="/opt/cloudera/parcels/CDH-6.3.1-1.cdh6.3.1.p0.1470567/lib"
CDH_FLINK_ROOT_LIB_PATH="/opt/cloudera/parcels/FLINK-1.9.0-csa1.0.0.0-cdh6.3.0/lib"
FLINK_LIB_PATH="flink/lib"


HBASE_SOLR_PATH="hbase-solr/lib"
KITE_LIB_PATH="kite/lib"
SENTRY_LIB_PATH="sentry/lib"
OOZIE_LIBTOOLS_PATH="oozie/libtools"
OOZIE_EMBEDDED_OOZIE_SERVER_PATH="oozie/embedded-oozie-server/webapp/WEB-INF/lib"
OOZIE_SHARELIB_YARN_HIVE_PATH="oozie/oozie-sharelib-yarn/lib/hive"
OOZIE_SHARELIB_YARN_SPARK_PATH="oozie/oozie-sharelib-yarn/lib/spark"
OOZIE_SHARELIB_YARN_SQOOP_PATH="oozie/oozie-sharelib-yarn/lib/sqoop"
OOZIE_SHARELIB_YARN_PIG_PATH="oozie/oozie-sharelib-yarn/lib/pig"
OOZIE_SHARELIB_YARN_HIVE2_PATH="oozie/oozie-sharelib-yarn/lib/hive2"
OOZIE_SHARELIB_YARN_HCATALOG_PATH="oozie/oozie-sharelib-yarn/lib/hcatalog"
OOZIE_SHARELIB_YARN_GIT_PATH="oozie/oozie-sharelib-yarn/lib/git"

OOZIE_LIB_PATH="oozie/lib"
SEARCH_LIB_SEARCH_CRUNCH_PATH="search/lib/search-crunch"
SEARCH_LIB_PATH="search/lib"

HIVE_LIB_PATH="hive/lib"
SOLR_SERVER_LIB_EXT_PATH="solr/server/lib/ext"
SOLR_SERVER_WEBAPP_PATH="solr/server/solr-webapp/webapp/WEB-INF/lib"
FLUME_NG_LIB_PATH="flume-ng/lib"
KAFKA_LIBS_PATH="kafka/libs"
SPARK_JARS_PATH="spark/jars"
SQOOP_LIB_PATH="sqoop/lib"
PIG_LIB_PATH="pig/lib"
PIG_LIB_SPARK_PATH="pig/lib/spark"
IMPALA_LIB_PATH="impala/lib"
HBASE_LIB_PATH="hbase/lib"
HADOOP_YARN_LIB_PATH="hadoop-yarn/lib"
HADOOP_HDFS_LIB_PATH="hadoop-hdfs/lib"
HADOOP_CLIENT_PATH="hadoop/client"
HADOOP_LIB_PATH="hadoop/lib"
PARQUET_LIB_PATH="parquet/lib"

#define the old version paths 
#for 2.9.8
TARGET_PATHS=(
    $CLOUDERA_NAVIGATOR_SERVER_CDH5_JARS_PATH
    $CLOUDERA_NAVIGATOR_SERVER_CDH6_JARS_PATH
    $CLOUDERA_NAVIGATOR_SERVER_JARS_PATH
    $CLOUDERA_SCM_TELEPUB_JARS_PATH
    $CLOUDERA_NAVIGATOR_AUDIT_SERVER_JARS_PATH
    $CDH_LIB_PATH
)

#for 2.9.9
NEW_TARGET_PATHS=(
    "$CDH_ROOT_LIB_PATH/$HBASE_SOLR_PATH"
    "$CDH_ROOT_LIB_PATH/$KITE_LIB_PATH"
    "$CDH_ROOT_LIB_PATH/$SENTRY_LIB_PATH"
    "$CDH_ROOT_LIB_PATH/$HADOOP_YARN_LIB_PATH"
    "$CDH_ROOT_LIB_PATH/$HADOOP_HDFS_LIB_PATH"
    "$CDH_ROOT_LIB_PATH/$HADOOP_LIB_PATH"
    "$CDH_ROOT_LIB_PATH/$HADOOP_CLIENT_PATH"
    "$CDH_ROOT_LIB_PATH/$PARQUET_LIB_PATH"
    "$CDH_ROOT_LIB_PATH/$OOZIE_LIBTOOLS_PATH" 
    "$CDH_ROOT_LIB_PATH/$OOZIE_EMBEDDED_OOZIE_SERVER_PATH"
    "$CDH_ROOT_LIB_PATH/$OOZIE_SHARELIB_YARN_HIVE_PATH"
    "$CDH_ROOT_LIB_PATH/$OOZIE_SHARELIB_YARN_SPARK_PATH"
    "$CDH_ROOT_LIB_PATH/$OOZIE_SHARELIB_YARN_SQOOP_PATH"
    "$CDH_ROOT_LIB_PATH/$OOZIE_SHARELIB_YARN_PIG_PATH"
    "$CDH_ROOT_LIB_PATH/$OOZIE_SHARELIB_YARN_HIVE2_PATH"
    "$CDH_ROOT_LIB_PATH/$OOZIE_SHARELIB_YARN_HCATALOG_PATH"
    "$CDH_ROOT_LIB_PATH/$OOZIE_SHARELIB_YARN_GIT_PATH"
    "$CDH_ROOT_LIB_PATH/$OOZIE_LIB_PATH"
    "$CDH_ROOT_LIB_PATH/$SEARCH_LIB_SEARCH_CRUNCH_PATH"
    "$CDH_ROOT_LIB_PATH/$SEARCH_LIB_PATH"
    "$CDH_ROOT_LIB_PATH/$HIVE_LIB_PATH"
    "$CDH_ROOT_LIB_PATH/$IMPALA_LIB_PATH"
    "$CDH_ROOT_LIB_PATH/$SOLR_SERVER_LIB_EXT_PATH"
    "$CDH_ROOT_LIB_PATH/$SOLR_SERVER_WEBAPP_PATH"
    "$CDH_ROOT_LIB_PATH/$FLUME_NG_LIB_PATH"
    "$CDH_ROOT_LIB_PATH/$KAFKA_LIBS_PATH"
    "$CDH_ROOT_LIB_PATH/$SPARK_JARS_PATH"
    "$CDH_ROOT_LIB_PATH/$PIG_LIB_PATH"
    "$CDH_ROOT_LIB_PATH/$PIG_LIB_SPARK_PATH"
    "$CDH_ROOT_LIB_PATH/$SQOOP_LIB_PATH"
    "$CDH_ROOT_LIB_PATH/$HBASE_LIB_PATH"
    "$CDH_FLINK_ROOT_LIB_PATH/$FLINK_LIB_PATH"
)

declare -A PACKAGE_SUBPATH_DICT
declare -A PACKAGE_VERSION_DICT
PACKAGE_SUBPATH_DICT=([jackson-dataformat-csv]="dataformat" [jackson-dataformat-xml]="dataformat" [jackson-dataformat-yaml]="dataformat" [jackson-module-jsonSchema]="module" [jackson-dataformat-cbor]="dataformat" [jackson-dataformat-smile]="dataformat" [jackson-datatype-joda]="datatype" [jackson-datatype-jdk8]="datatype" [jackson-jaxrs-base]="jaxrs" [jackson-annotations]="core" [jackson-jaxrs-json-provider]="jaxrs" [jackson-core]="core" [jackson-module-jaxb-annotations]="module" [jackson-module-mrbean]="module" [jackson-module-paranamer]="module" [jackson-module-scala_2.11]="module" [jackson-databind]="core")

PACKAGE_VERSION_DICT=([jackson-dataformat-csv]=$NEW_MAIN_VERSION [jackson-dataformat-xml]=$NEW_MAIN_VERSION [jackson-dataformat-smile]=$NEW_MAIN_VERSION [jackson-dataformat-yaml]=$NEW_MAIN_VERSION [jackson-module-paranamer]=$NEW_MAIN_VERSION [jackson-module-scala_2.11]=$NEW_MAIN_VERSION [jackson-datatype-jdk8]=$NEW_MAIN_VERSION [jackson-datatype-joda]=$NEW_MAIN_VERSION [jackson-jaxrs-base]=$NEW_MAIN_VERSION [jackson-module-jsonSchema]=$NEW_MAIN_VERSION [jackson-dataformat-cbor]=$NEW_MAIN_VERSION [jackson-annotations]=$NEW_MAIN_VERSION [jackson-jaxrs-json-provider]=$NEW_MAIN_VERSION [jackson-core]=$NEW_MAIN_VERSION [jackson-module-jaxb-annotations]=$NEW_MAIN_VERSION [jackson-module-mrbean]=$NEW_MAIN_VERSION [jackson-databind]=$NEW_MINUS_VERSION)


PACKAGE_NAMES=(
    jackson-dataformat-csv
    jackson-dataformat-cbor
    jackson-dataformat-yaml
    jackson-dataformat-xml
    jackson-dataformat-smile
    jackson-datatype-joda
    jackson-datatype-jdk8
    jackson-module-jsonSchema
    jackson-jaxrs-base
    jackson-jaxrs-json-provider
    jackson-annotations
    jackson-core
    jackson-module-jaxb-annotations
    jackson-module-mrbean
    jackson-module-paranamer
    jackson-module-scala_2.11
    jackson-databind
)

#1. download jackson jars from maven source
Download(){
    echo "Begin download packages from maven repo"
    for PACKAGE in "${PACKAGE_NAMES[@]}"; do
        SUBPATH=${PACKAGE_SUBPATH_DICT[$PACKAGE]}
        PACKAGE_VERSION=${PACKAGE_VERSION_DICT[$PACKAGE]}
        DOWNLOAD_URL="https://repo1.maven.org/maven2/com/fasterxml/$MAIN_PACKAGE/$SUBPATH/$PACKAGE/$PACKAGE_VERSION/$PACKAGE-$PACKAGE_VERSION.jar"
        #for 2.9.8
        #FILE_FULLPATH="$CDH_COMMON_JARS_PATH/$PACKAGE-$PACKAGE_VERSION.jar"
        #for 2.9.9
        FILE_FULLPATH="$CDH_JARS_PATH/$PACKAGE-$PACKAGE_VERSION.jar"
        if [ -f "$FILE_FULLPATH" ]; then
    	    echo "$FILE_FULLPATH exists, no need download"
        else 
            echo "begin donwload $PACKAGE from URL: $DOWNLOAD_URL"
            wget $DOWNLOAD_URL -O $FILE_FULLPATH
            chmod 755 $FILE_FULLPATH
        fi
    done
    echo "Finished download packages from maven repo"
}
#2. create links to new version jars
CreateLink2NewVersion(){
    #echo "Begin create the new links to CDH_COMMON_JARS_PATH"
    echo "Begin create the new links to CDH_JARS_PATH"
    for PACKAGE in "${PACKAGE_NAMES[@]}"; do
        #for 2.9.8
        #for TGT_PATH in "${TARGET_PATHS[@]}"; do
        for TGT_PATH in "${NEW_TARGET_PATHS[@]}"; do
            PACKAGE_VERSION=${PACKAGE_VERSION_DICT[$PACKAGE]}
            NEW_LINK_FILE="$TGT_PATH/$PACKAGE-$PACKAGE_VERSION.jar"
            NEW_SRC_FILE="$CDH_JARS_PATH/$PACKAGE-$PACKAGE_VERSION.jar"
            if [ -h "$NEW_LINK_FILE" ]; then
                echo "link file:$NEW_LINK_FILE has created!"
            else
                echo "create soft link from $NEW_LINK_FILE to $NEW_SRC_FILE"
	        if [ -f "$NEW_SRC_FILE" ];then
                    ln -s $NEW_SRC_FILE $NEW_LINK_FILE
                else
                    echo "src file:$NEW_SRC_FILE not exist! cannot create soft link"
                fi
                if [ -h "$NEW_LINK_FILE" ]; then
                    echo "create soft link successed!"
                else
                    echo "create soft link failed!"
                fi
            
            fi 
        done      
    done
    echo "Finished create the new links to CDH_COMMON_JARS_PATH"
}


#3. remove links to old version jars
Unlink2OldVersion(){
    echo "Begin remove the old version links"
    for PACKAGE in "${PACKAGE_NAMES[@]}"; do
        declare -a TARGET_DIRS
        TARGET_DIRS=("${NEW_TARGET_PATHS[@]}")
        if [ $OLD_VERSION == "2.9.8" ];then
            TARGET_DIRS=(${TARGET_PATHS[@]})
        fi
        for TGT_PATH in "${TARGET_DIRS[@]}"; do
            OLD_LINK_FILE="$TGT_PATH/$PACKAGE-$OLD_VERSION.jar"
            if [ -h "$OLD_LINK_FILE" ]; then
    	        unlink "$OLD_LINK_FILE"
            else
                echo "unlink failed!link file:$OLD_LINK_FILE not exists!"
            fi
        done 
    done
    echo "Finished remove the old version links"
}

Unlink2NewVersion(){
    echo "Begin remove the new version links"
    for PACKAGE in "${SHIRO_PACKAGE_NAMES[@]}"; do
        NEW_LINK_FILE="$IMPALA_JARS_PATH/$PACKAGE-$NEW_VERSION.jar"
        if [ -h "$NEW_LINK_FILE" ]; then
            unlink "$IMPALA_JARS_PATH/$PACKAGE-$NEW_VERSION.jar"
        else
            echo "unlink failed!link file:$NEW_LINK_FILE not exists!"
        fi
    done
    echo "Finished remove the new version links"
}

#4. delete the old version files
RemoveOLDVersionFILE(){
    echo "Begin clean up the old version files from $CDH_COMMON_JARS_PATH"
    for PACKAGE in "${PACKAGE_NAMES[@]}"; do
         #/opt/cloudera/cm/common_jars/jackson-core-2.9.8.e41844989cf7a437a2fa521f7b3c8328.jar
         if [ $OLD_VERSION == "2.9.8" ];then
             # for 2.9.8
             OLD_VERSION_FILE_PATTERN="$CDH_COMMON_JARS_PATH/$PACKAGE-$OLD_VERSION.*[!.]"
         else
             #for 2.9.9 /2.9.9.3
             OLD_VERSION_FILE_PATTERN="$CDH_JARS_PATH/$PACKAGE-$OLD_VERSION.*[!.]"
         fi
         FLINK_OLD_VERSION_FILE="$CDH_FLINK_ROOT_LIB_PATH/$FLINK_LIB_PATH/$PACKAGE-$OLD_VERSION.jar"
         #get the specific file name
         OLD_VERSION_FILE=`printf "%s" $OLD_VERSION_FILE_PATTERN`
         if [ -f "$OLD_VERSION_FILE" ];then
             rm -vf $OLD_VERSION_FILE
         else
             echo "remove file failed: $OLD_VERSION_FILE not exists!"
         fi
         if [ -f "$FLINK_OLD_VERSION_FILE" ];then
             rm -vf $FLINK_OLD_VERSION_FILE
         else
             echo "remove file failed: $FLINK_OLD_VERSION_FILE not exists!"
         fi
    done   

    echo "Finished lean up the old version files from $CDH_COMMON_JARS_PATH"
}

#Unlink2NewVersion
Download
CreateLink2NewVersion
Unlink2OldVersion
RemoveOLDVersionFILE
  1. 修复效果复测,使用find命令
find / -name "jackson-databind*"|grep -v 2.9.10.3

总结

参考资料

  1. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384
  2. https://blog.csdn.net/XuanAlex/article/details/104749788
bertramlau
关注
  • 3
    点赞
  • 8
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Jackson 远程命令执行漏洞CVE-2019-12384
锋刃科技的博客
06-26 8164
前言 由于Jackson黑名单过滤不完整而导致,当开发人员在应用程序中通过ObjectMapper对象调用enableDefaultTyping方法时,程序就会受到此漏洞的影响,攻击者就可利用构造的包含有恶意代码的json数据包对应用进行攻击,直接获取服务器控制权限。 影响版本 Jackson-databind 2.0.0 ~2.9.9.1 环境搭建 创建一个docker-compose.yml的文件 version: '2' services: web: image: te
jackson-dataformat-cbor-2.9.6-API文档-中英对照版.zip
06-12
赠送jar包:jackson-dataformat-cbor-2.9.6.jar; 赠送原API文档:jackson-dataformat-cbor-2.9.6-javadoc.jar; 赠送源代码:jackson-dataformat-cbor-2.9.6-sources.jar; 赠送Maven依赖信息文件:jackson-dataformat-cbor-2.9.6.pom; 包含翻译后的API文档:jackson-dataformat-cbor-2.9.6-javadoc-API文档-中文(简体)-英语-对照版.zip; Maven坐标:com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.9.6; 标签:fasterxml、jackson、dataformat、cbor、中英对照文档、jar包、java; 使用方法:解压翻译后的API文档,用浏览器打开“index.html”文件,即可纵览文档内容。 人性化翻译,文档中的代码和结构保持不变,注释和说明精准翻译,请放心使用。 双语对照,边学技术、边学英语。
jackson-dataformat-cbor-2.9.6-API文档-中文版.zip
06-26
赠送jar包:jackson-dataformat-cbor-2.9.6.jar; 赠送原API文档:jackson-dataformat-cbor-2.9.6-javadoc.jar; 赠送源代码:jackson-dataformat-cbor-2.9.6-sources.jar; 赠送Maven依赖信息文件:jackson-dataformat-cbor-2.9.6.pom; 包含翻译后的API文档:jackson-dataformat-cbor-2.9.6-javadoc-API文档-中文(简体)版.zip; Maven坐标:com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.9.6; 标签:fasterxml、jackson、dataformat、cbor、中文文档、jar包、java; 使用方法:解压翻译后的API文档,用浏览器打开“index.html”文件,即可纵览文档内容。 人性化翻译,文档中的代码和结构保持不变,注释和说明精准翻译,请放心使用。
2024年网络安全最新再爆安全漏洞,这次轮到Jackson了,竟由阿里云上报
最新发布
2401_84297455的博客
05-03 1117
熟悉A哥的小伙伴知道,自从Fastjson上次爆出重大安全漏洞之后,我彻底的投入到了Jackson的阵营,工作中也慢慢去Fastjson化。
logstash的jackson-databind漏洞修复
洁哥哥的博客
06-06 1401
代码jackson-databind漏洞修复
jackson-dataformat-cbor-2.10.0-API文档-中英对照版.zip
07-13
赠送jar包:jackson-dataformat-cbor-2.10.0.jar; 赠送原API文档:jackson-dataformat-cbor-2.10.0-javadoc.jar; 赠送源代码:jackson-dataformat-cbor-2.10.0-sources.jar; 赠送Maven依赖信息文件:jackson-dataformat-cbor-2.10.0.pom; 包含翻译后的API文档:jackson-dataformat-cbor-2.10.0-javadoc-API文档-中文(简体)-英语-对照版.zip; Maven坐标:com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.10.0; 标签:fasterxml、jackson、dataformat、cbor、中英对照文档、jar包、java; 使用方法:解压翻译后的API文档,用浏览器打开“index.html”文件,即可纵览文档内容。 人性化翻译,文档中的代码和结构保持不变,注释和说明精准翻译,请放心使用。 双语对照,边学技术、边学英语。
CDH 6.3.1 ranger ranger-2.1.0-admin.tar.gz
11-04
《CDH 6.3.1与Ranger 2.1.0-Admin模块详解》 在大数据领域,Cloudera Data Hub (CDH) 是一个广泛应用的企业级Hadoop发行版,它提供了一整套开源大数据工具和服务。CDH 6.3.1 版本是其中的一个重要迭代,它包含了...
cdh6.3.1+cm6.3.1安装包-cdh安装包大全
09-05
而CM(Cloudera Manager)6.3.1则是用于管理和监控CDH集群的工具,提供了一个直观的Web界面,方便用户进行配置、监控和管理。 在安装CDH6.3.1 + CM6.3.1时,首先你需要确保你的操作系统是Redhat7或CentOS7及其以上...
CDH6.3.1配套CDH-6.3.1-1.cdh6.3.1.p0.1470567-el7.parcel.sha1
06-01
博主CDH6.3.1配套CDH-6.3.1-1.cdh6.3.1.p0.1470567-el7.parcel.sha1,仅仅限制安装博主文章中CDH-6.3.1-中使用
CDH6.3.1-demans-server-agent.rpm合集云资源.txt
09-17
支持CentOS7的CDH6.3.1CDH6.3.2通用的cloudera-manager-server-6.3.1-1466458.el7.x86_64、cloudera-manager-agent-6.3.1-1466458.el7.x86_64、cloudera-manager-daemons-6.3.1-1466458.el7.x86_64
编译好的基于CDH6.3.1的flink1.12.0包-具体看博客.zip
05-27
基于CDH6.3.1编译好的flink1.12.0包,具体部署事宜加我微信cxk0106
DataFormat
06-09
DataFormat
jackson-dataformat-smile-2.8.11-sources.jar
02-25
java运行依赖jar包
jackson-databind升级2.7版本到2.10.0
热门推荐
m0_37558251的博客
05-20 1万+
1.直接修改jackson-databind的版本号为2.10.0 启动报错,找不到类。 2.升级版本号同时加上jackson-core依赖 <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> <version>2.10.0</version> &lt
一次特殊的jar包冲突
weixin_34211761的博客
08-24 336
例子1 api-1.0private void setUserId(int userId);复制代码 api-1.1private void setUserId(long userId);复制代码service-1.0 依赖 api-1.0void myService(){ api.setUserId(int a); } 复制代码war依赖service-1.0和api-1.1service...
jackson-databind 版本升级遇到的问题
1392252267@qq.com
09-15 7417
本想着此次升级会很简单,但是在操作后发现有点想的简单了。 1、spring-boot-starter-parent 导致的 jackson-databind-2.8.11.2 -> 2.9.10.6 Caused by: java.lang.NoClassDefFoundError: Could not initialize class com.fasterxml.jackson.databind.ObjectMapper 参考自 SpringBoot 因为jackson版本问题启动失败 2、e.
Jackson - 使用
sinat_34003720的博客
03-01 1759
???? Jakcson介绍 Jackson用于Json的序列化(serialization)和反序列化(deserialization)。 Jackson包含三个包jackson-core、jackson-annotation、jackson-databind,作用如下 jackson-core - 基于流解析Json,就是从流中读取,生成事件,类似xml的sax。核心类是JsonGenerator和JsonParser。 jackson-annotation - 提供了注解 jackson-datab
jackson 反序列化string_漏洞预警|Jackson远程代码执行高危漏洞分析(CVE201912384)...
weixin_35128151的博客
11-29 631
漏洞描述近日,HSCERT监测到,国外安全研究员在分析一个使用Jackson库对JSON进行反序列化的应用程序时,发现了一个反序列化漏洞,可以控制要反序列化的类。我们分析复现如何利用此反序列化漏洞来触发服务器端请求伪造(SSRF)漏洞远程代码执行漏洞(RCE)。漏洞对应的编号为CVE-2019-12384,RedHat的多个分支受该漏洞影响,如下所示:触发条件触发这个Jackson漏洞...
CDH 6.3.1版本安装指南及下载资源概览
- CDH-6.3.1-1.cdh6.3.1.p0.1470567-el7.parcel:CDH的主安装包,用于部署CDH集群。 - CDH-6.3.1-1.cdh6.3.1.p0.1470567-el7.parcel.sha1:CDH主安装包的校验和文件。 - cm6.3.1-redhat7.tar.gz:Cloudera管理工具的...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值