VIR Vulnerability Intelligence Relay

Package impact

java Maven / com.fasterxml.jackson.core:jackson-databind

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2020-9546 critical 9.8 9.8 6y ago Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update debianrockylinuxjava
CVE-2020-11113 high 8.8 8.8 6y ago FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). debianjava
CVE-2020-11112 high 8.8 8.8 6y ago FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commo… debianjava
CVE-2020-36183 high 8.1 8.1 6y ago Unsafe Deserialization in jackson-databind debianjava
CVE-2020-35728 high 8.1 8.1 6y ago FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka e… susedebianjava
CVE-2020-14060 high 8.1 8.1 6y ago Deserialization of untrusted data in Jackson Databind debianjava
CVE-2020-14062 high 8.1 8.1 6y ago Deserialization of untrusted data in Jackson Databind debianjava
CVE-2020-11619 high 8.1 8.1 6y ago jackson-databind mishandles the interaction between serialization gadgets and typing debianjava
CVE-2022-42003 high 8.0 4y ago In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, … rockylinuxsusedebianjava
CVE-2022-42004 high 8.0 4y ago Uncontrolled Resource Consumption in FasterXML jackson-databind rockylinuxsusedebianjava
CVE-2019-12384 high 8.0 7y ago Important: pki-deps:10.6 security update debianrockylinuxjava
CVE-2020-36518 medium 5.5 3y ago Moderate: jackson security update redhatsusedebianjava
CVE-2020-9547 medium 5.5 6y ago Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update debianrockylinuxjava
CVE-2020-10673 medium 5.5 6y ago Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update debianrockylinuxjava
CVE-2020-9548 medium 5.5 6y ago Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update debianrockylinuxjava
CVE-2020-10672 medium 5.5 6y ago Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update debianrockylinuxjava
CVE-2020-8840 medium 5.5 6y ago Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update debianrockylinuxjava
CVE-2019-20330 medium 5.5 6y ago Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update susedebianrockylinuxjava
CVE-2019-17531 medium 5.5 7y ago Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update debianrockylinuxjava
CVE-2019-16943 medium 5.5 7y ago Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update susedebianrockylinuxjava
CVE-2019-16942 medium 5.5 7y ago Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update debianrockylinuxjava
CVE-2019-16335 medium 5.5 7y ago Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update debianrockylinuxjava
CVE-2019-14540 medium 5.5 7y ago Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update susedebianrockylinuxjava
CVE-2021-46877 unknown 3y ago jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonN… susedebianjava
CVE-2020-10650 unknown 4y ago jackson-databind vulnerable to unsafe deserialization susedebianjava
CVE-2020-36189 unknown 5y ago Unsafe Deserialization in jackson-databind debianjava
CVE-2020-36187 unknown 5y ago Unsafe Deserialization in jackson-databind debianjava
CVE-2020-36188 unknown 5y ago FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource. debianjava
CVE-2020-36184 unknown 5y ago FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. debianjava
CVE-2020-36180 unknown 5y ago FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS. debianjava
CVE-2020-36181 unknown 5y ago FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS. debianjava
CVE-2020-36185 unknown 5y ago FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource. debianjava
CVE-2020-36179 unknown 5y ago FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS. debianjava
CVE-2020-36182 unknown 5y ago FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. debianjava
CVE-2020-24750 unknown 5y ago Unsafe Deserialization in jackson-databind susedebianjava
CVE-2020-35491 unknown 5y ago Serialization gadgets exploit in jackson-databind debianjava
CVE-2020-35490 unknown 5y ago Serialization gadgets exploit in jackson-databind debianjava
CVE-2020-24616 unknown 5y ago FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). debianjava
CVE-2020-36186 unknown 5y ago Unsafe Deserialization in jackson-databind debianjava
CVE-2020-25649 unknown 5y ago A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from t… susedebianjava
CVE-2021-20190 unknown 5y ago A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidential… susedebianjava
CVE-2018-5968 unknown 6y ago Deserialization of Untrusted Data in jackson-databind susedebianjava
CVE-2020-14061 unknown 6y ago FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectio… debianjava
CVE-2020-14195 unknown 6y ago FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). debianjava
CVE-2018-12023 unknown 6y ago An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JD… debianjava
CVE-2019-17267 unknown 6y ago A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. susedebianjava
CVE-2019-14893 unknown 6y ago Polymorphic deserialization of malicious object in jackson-databind debianjava
CVE-2019-14892 unknown 6y ago A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 … debianjava
CVE-2020-10968 unknown 6y ago jackson-databind mishandles the interaction between serialization gadgets and typing debianjava
CVE-2020-11111 unknown 6y ago jackson-databind mishandles the interaction between serialization gadgets and typing debianjava
CVE-2020-10969 unknown 6y ago FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. debianjava
CVE-2020-11620 unknown 6y ago FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). debianjava
CVE-2019-14439 unknown 7y ago A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally e… debianjava
CVE-2019-14379 unknown 7y ago SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), lead… susedebianjava
CVE-2019-12814 unknown 7y ago pki-core:10.6 and pki-deps:10:6 bug fix and enhancement update debianrockylinuxjava
CVE-2018-11307 unknown 7y ago Deserialization of Untrusted Data in jackson-databind debianjava
CVE-2019-12086 unknown 7y ago pki-core:10.6 and pki-deps:10:6 bug fix and enhancement update debianrockylinuxjava
CVE-2018-12022 unknown 7y ago An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db j… debianjava
CVE-2018-14719 unknown 8y ago FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deseriali… debianjava
CVE-2018-14720 unknown 8y ago XML External Entity Reference (XXE) in jackson-databind debianjava
CVE-2018-14721 unknown 8y ago FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic de… debianjava
CVE-2018-19362 unknown 8y ago FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. debianjava
CVE-2018-19361 unknown 8y ago FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. debianjava
CVE-2018-19360 unknown 8y ago FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. debianjava
CVE-2018-14718 unknown 8y ago FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. debianjava
CVE-2017-17485 unknown 8y ago jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass debianjava
CVE-2017-15095 unknown 8y ago A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously craft… debianjava
CVE-2018-7489 unknown 8y ago FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization… debianjava
CVE-2017-7525 unknown 8y ago A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the malicious… debianjava