packages/jackson-databind
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
jackson-databind/CVE-2019-16942-CVE-2019-16943-1.patch
wangxiao65 76636253c8 fix cves
2020-09-20 00:02:00 +08:00

28 lines
1.1 KiB
Diff
Raw Blame History

From 9593e16cf5a3d289a9c584f7123639655de9ddac Mon Sep 17 00:00:00 2001
From: Tatu Saloranta <tatu.saloranta@iki.fi>
Date: Sat, 28 Sep 2019 18:39:17 -0700
Subject: [PATCH] Fix #2478 (cve)
---
.../jackson/databind/jsontype/impl/SubTypeValidator.java | 4 ++++
1 files changed, 4 insertions(+)
diff --git a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
index 4fad2d012..4e7f162f4 100644
--- a/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
+++ b/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java
@@ -114,6 +114,10 @@ public class SubTypeValidator
// [databind#2469]: xalan2
s.add("org.apache.xalan.lib.sql.JNDIConnectionPool");
+ // [databind#2478]: comons-dbcp, p6spy
+ s.add("org.apache.commons.dbcp.datasources.SharedPoolDataSource");
+ s.add("com.p6spy.engine.spy.P6DataSource");
+
DEFAULT_NO_DESER_CLASS_NAMES = Collections.unmodifiableSet(s);
}
--
2.23.0
Reference in New Issue View Git Blame Copy Permalink