Package impact

Maven / com.fasterxml.jackson.core:jackson-databind

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2020-9546	critical	9.8	9.8	6y ago	Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
CVE-2020-11113	high	8.8	8.8	6y ago	FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
CVE-2020-11112	high	8.8	8.8	6y ago	FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commo…
CVE-2020-36183	high	8.1	8.1	6y ago	Unsafe Deserialization in jackson-databind
CVE-2020-35728	high	8.1	8.1	6y ago	FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka e…
CVE-2020-14060	high	8.1	8.1	6y ago	Deserialization of untrusted data in Jackson Databind
CVE-2020-14062	high	8.1	8.1	6y ago	Deserialization of untrusted data in Jackson Databind
CVE-2020-11619	high	8.1	8.1	6y ago	jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2022-42004	high	—	8.0	4y ago	Uncontrolled Resource Consumption in FasterXML jackson-databind
CVE-2022-42003	high	—	8.0	4y ago	In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, …
CVE-2019-12384	high	—	8.0	7y ago	Important: pki-deps:10.6 security update
CVE-2020-25649	unknown	—	—	5y ago	XML External Entity (XXE) Injection in Jackson Databind