Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/13804?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/13804?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5", "type": "maven", "namespace": "com.fasterxml.jackson.core", "name": "jackson-databind", "version": "2.6.7.5", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.12.7.1", "latest_non_vulnerable_version": "2.16.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30432?format=api", "vulnerability_id": "VCID-176g-xhm6-37cm", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0782", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0877", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0877" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1106", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1107", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1108", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1140", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1822", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1823", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1823" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2804", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2804" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3002" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3140", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4037", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4037" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12022.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12022.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12022", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03035", "scoring_system": "epss", "scoring_elements": "0.87012", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.03035", "scoring_system": "epss", "scoring_elements": "0.8696", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.03035", "scoring_system": "epss", "scoring_elements": "0.87006", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.03035", "scoring_system": "epss", "scoring_elements": "0.87016", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12022" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671098", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671098" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/7487cf7eb14be2f65a1eb108e8629c07ef45e0a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/7487cf7eb14be2f65a1eb108e8629c07ef45e0a" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/bf261d404c2f79fd3406237710d40ebb03c99d84", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/bf261d404c2f79fd3406237710d40ebb03c99d84" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/2052", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/2052" }, { "reference_url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC" }, { "reference_url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "reference_url": "https://seclists.org/bugtraq/2019/May/68", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/May/68" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190530-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190530-0003" }, { "reference_url": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4452", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4452" }, { "reference_url": "http://www.securityfocus.com/bid/107585", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/107585" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671097", "reference_id": "1671097", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671097" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12022", "reference_id": "CVE-2018-12022", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12022" }, { "reference_url": "https://github.com/advisories/GHSA-cjjf-94ff-43w7", "reference_id": "GHSA-cjjf-94ff-43w7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cjjf-94ff-43w7" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1782", "reference_id": "RHSA-2019:1782", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1797", "reference_id": "RHSA-2019:1797", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1797" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2858", "reference_id": "RHSA-2019:2858", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3149", "reference_id": "RHSA-2019:3149", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3149" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3892", "reference_id": "RHSA-2019:3892", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3892" }, { "reference_url": "https://usn.ubuntu.com/USN-4813-1/", "reference_id": "USN-USN-4813-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4813-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/14700?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-83rf-bazr-nyfm" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-9xet-5e66-1yeb" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-cdde-bu2g-33hc" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-dcvw-72d9-kuda" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-kens-84bv-f3g9" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-punf-m42j-27g8" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/14702?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-83rf-bazr-nyfm" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-9xet-5e66-1yeb" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-cdde-bu2g-33hc" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-dcvw-72d9-kuda" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-punf-m42j-27g8" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/15097?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-7zr2-u3f1-jqd1" }, { "vulnerability": "VCID-83rf-bazr-nyfm" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9wy4-n4u7-pycp" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-9xet-5e66-1yeb" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-cdde-bu2g-33hc" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-dcvw-72d9-kuda" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-gkxx-gcqv-1kfa" }, { "vulnerability": "VCID-gu8e-dgse-2be4" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j5vg-pbkx-3ya4" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-jftj-9w4n-w3dn" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-nasd-q68s-nqcu" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-pbp8-csc6-57bs" }, { "vulnerability": "VCID-punf-m42j-27g8" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-s846-v89n-pfb4" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-v2ad-amun-wqaq" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-yk4b-82wg-auf5" }, { "vulnerability": "VCID-ykb2-yqj3-vfgw" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-yn5b-b6qq-xffs" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" }, { "vulnerability": "VCID-yv39-gzve-yke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6" } ], "aliases": [ "CVE-2018-12022", "GHSA-cjjf-94ff-43w7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-176g-xhm6-37cm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7480?format=api", "vulnerability_id": "VCID-1rbn-tr82-nfhs", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10650", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08792", "scoring_system": "epss", "scoring_elements": "0.92706", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.08792", "scoring_system": "epss", "scoring_elements": "0.92733", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.08792", "scoring_system": "epss", "scoring_elements": "0.92734", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.08792", "scoring_system": "epss", "scoring_elements": "0.92731", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10650" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10650", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10650" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/pull/2864", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/pull/2864" }, { "reference_url": "https://github.com/luisgarciacheckmarx/LGV_onefile/issues/19", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/luisgarciacheckmarx/LGV_onefile/issues/19" }, { "reference_url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230818-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20230818-0007" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/2658", "reference_id": "2658", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-14T16:21:17Z/" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/2658" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/a424c038ba0c0d65e579e22001dec925902ac0ef", "reference_id": "a424c038ba0c0d65e579e22001dec925902ac0ef", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-14T16:21:17Z/" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/a424c038ba0c0d65e579e22001dec925902ac0ef" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "cpujan2021.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-14T16:21:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2022.html", "reference_id": "cpuoct2022.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-14T16:21:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2022.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10650", "reference_id": "CVE-2020-10650", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10650" }, { "reference_url": "https://github.com/advisories/GHSA-rpr3-cw39-3pxh", "reference_id": "GHSA-rpr3-cw39-3pxh", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-14T16:21:17Z/" } ], "url": "https://github.com/advisories/GHSA-rpr3-cw39-3pxh" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00032.html", "reference_id": "msg00032.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-14T16:21:17Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00032.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230818-0007/", "reference_id": "ntap-20230818-0007", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-14T16:21:17Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230818-0007/" }, { "reference_url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_id": "on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-14T16:21:17Z/" } ], "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16392?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-gu8e-dgse-2be4" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-jftj-9w4n-w3dn" }, { "vulnerability": "VCID-pbp8-csc6-57bs" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-v2ad-amun-wqaq" }, { "vulnerability": "VCID-ykb2-yqj3-vfgw" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4" } ], "aliases": [ "CVE-2020-10650", "GHSA-rpr3-cw39-3pxh", "GMS-2022-2955" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1rbn-tr82-nfhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8623?format=api", "vulnerability_id": "VCID-1zgj-pwjz-tkf9", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36518.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36518.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36518", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.65315", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.65317", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.65306", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.65206", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/0a8157c6ca478b1bc7be4ba7dccdb3863275f0de", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/0a8157c6ca478b1bc7be4ba7dccdb3863275f0de" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/3cc52f82ecf943e06c1d7c3b078e405fb3923d2b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/3cc52f82ecf943e06c1d7c3b078e405fb3923d2b" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/8238ab41d0350fb915797c89d46777b4496b74fd", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/8238ab41d0350fb915797c89d46777b4496b74fd" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/b3587924ee5d8695942f364d0d404d48d0ea6126", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/b3587924ee5d8695942f364d0d404d48d0ea6126" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b" }, { "reference_url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12" }, { "reference_url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220506-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220506-0004" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007109", "reference_id": "1007109", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007109" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698", "reference_id": "2064698", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/2816", "reference_id": "2816", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/2816" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "cpuapr2022.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "cpujul2022.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "reference_id": "CVE-2020-36518", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5283", "reference_id": "dsa-5283", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5283" }, { "reference_url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "reference_id": "GHSA-57j2-w4cx-62h2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html", "reference_id": "msg00001.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html", "reference_id": "msg00035.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220506-0004/", "reference_id": "ntap-20220506-0004", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220506-0004/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2232", "reference_id": "RHSA-2022:2232", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2232" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4918", "reference_id": "RHSA-2022:4918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4918" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4919", "reference_id": "RHSA-2022:4919", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4919" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4922", "reference_id": "RHSA-2022:4922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5029", "reference_id": "RHSA-2022:5029", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5029" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5101", "reference_id": "RHSA-2022:5101", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5101" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5532", "reference_id": "RHSA-2022:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5532" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5596", "reference_id": "RHSA-2022:5596", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5596" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6407", "reference_id": "RHSA-2022:6407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6782", "reference_id": "RHSA-2022:6782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6783", "reference_id": "RHSA-2022:6783", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6783" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6787", "reference_id": "RHSA-2022:6787", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6787" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6813", "reference_id": "RHSA-2022:6813", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6813" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6819", "reference_id": "RHSA-2022:6819", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6819" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7409", "reference_id": "RHSA-2022:7409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7410", "reference_id": "RHSA-2022:7410", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7410" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7411", "reference_id": "RHSA-2022:7411", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7411" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7417", "reference_id": "RHSA-2022:7417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7417" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7435", "reference_id": "RHSA-2022:7435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8781", "reference_id": "RHSA-2022:8781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8889", "reference_id": "RHSA-2022:8889", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8889" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0264", "reference_id": "RHSA-2023:0264", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0264" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2312", "reference_id": "RHSA-2023:2312", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2312" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3223", "reference_id": "RHSA-2023:3223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3061", "reference_id": "RHSA-2024:3061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3061" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9582", "reference_id": "RHSA-2025:9582", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9582" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9583", "reference_id": "RHSA-2025:9583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9583" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19677?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-rg6h-uhep-kyce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/19680?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-rg6h-uhep-kyce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2.1" } ], "aliases": [ "CVE-2020-36518", "GHSA-57j2-w4cx-62h2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1zgj-pwjz-tkf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/202705?format=api", "vulnerability_id": "VCID-3e79-1pn2-hqbr", "summary": "Moderate severity vulnerability that affects com.fasterxml.jackson.datatype:jackson-datatype-jsr353", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000873.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000873.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000873", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02189", "scoring_system": "epss", "scoring_elements": "0.848", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.02189", "scoring_system": "epss", "scoring_elements": "0.84807", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02189", "scoring_system": "epss", "scoring_elements": "0.84746", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02189", "scoring_system": "epss", "scoring_elements": "0.84798", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000873" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665601", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665601" }, { "reference_url": "https://github.com/FasterXML/jackson-modules-java8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-modules-java8" }, { "reference_url": "https://github.com/FasterXML/jackson-modules-java8/issues/90", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-modules-java8/issues/90" }, { "reference_url": "https://github.com/FasterXML/jackson-modules-java8/pull/87", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-modules-java8/pull/87" }, { "reference_url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200904-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200904-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200904-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200904-0004/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000873", "reference_id": "CVE-2018-1000873", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000873" }, { "reference_url": "https://github.com/advisories/GHSA-h4x4-5qp2-wp46", "reference_id": "GHSA-h4x4-5qp2-wp46", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h4x4-5qp2-wp46" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5568", "reference_id": "RHSA-2020:5568", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5568" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/14705?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-7zr2-u3f1-jqd1" }, { "vulnerability": "VCID-83rf-bazr-nyfm" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9wy4-n4u7-pycp" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-9xet-5e66-1yeb" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-gkxx-gcqv-1kfa" }, { "vulnerability": "VCID-gu8e-dgse-2be4" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j5vg-pbkx-3ya4" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-jftj-9w4n-w3dn" }, { "vulnerability": "VCID-nasd-q68s-nqcu" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-pbp8-csc6-57bs" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-s846-v89n-pfb4" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-v2ad-amun-wqaq" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-yk4b-82wg-auf5" }, { "vulnerability": "VCID-ykb2-yqj3-vfgw" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-yn5b-b6qq-xffs" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" }, { "vulnerability": "VCID-yv39-gzve-yke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8" } ], "aliases": [ "CVE-2018-1000873", "GHSA-h4x4-5qp2-wp46" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3e79-1pn2-hqbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6550?format=api", "vulnerability_id": "VCID-5qe3-9uq1-w3fa", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0159", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0159" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0160", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0160" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0161", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0161" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0164", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0445", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0445" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16943.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16943.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16943", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01841", "scoring_system": "epss", "scoring_elements": "0.8337", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01841", "scoring_system": "epss", "scoring_elements": "0.83431", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01841", "scoring_system": "epss", "scoring_elements": "0.8344", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01841", "scoring_system": "epss", "scoring_elements": "0.83436", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16943" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/328a0f833daf6baa443ac3b37c818a0204714b0b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/328a0f833daf6baa443ac3b37c818a0204714b0b" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/bc67eb11a7cf57561f861ff16f879f1fceb5779f", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/bc67eb11a7cf57561f861ff16f879f1fceb5779f" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/2478", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/2478" }, { "reference_url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/" }, { "reference_url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "reference_url": "https://seclists.org/bugtraq/2019/Oct/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Oct/6" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20191017-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20191017-0006" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20191017-0006/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20191017-0006/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4542", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4542" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758191", "reference_id": "1758191", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758191" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941530", "reference_id": "941530", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941530" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16943", "reference_id": "CVE-2019-16943", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16943" }, { "reference_url": "https://github.com/advisories/GHSA-fmmc-742q-jg75", "reference_id": "GHSA-fmmc-742q-jg75", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fmmc-742q-jg75" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0895", "reference_id": "RHSA-2020:0895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0895" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0899", "reference_id": "RHSA-2020:0899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0899" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0939", "reference_id": "RHSA-2020:0939", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1644", "reference_id": "RHSA-2020:1644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2067", "reference_id": "RHSA-2020:2067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2321", "reference_id": "RHSA-2020:2321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2333", "reference_id": "RHSA-2020:2333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3192", "reference_id": "RHSA-2020:3192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "reference_url": "https://usn.ubuntu.com/USN-4813-1/", "reference_id": "USN-USN-4813-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4813-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15621?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/15689?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-7zr2-u3f1-jqd1" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9wy4-n4u7-pycp" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-gkxx-gcqv-1kfa" }, { "vulnerability": "VCID-gu8e-dgse-2be4" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j5vg-pbkx-3ya4" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-jftj-9w4n-w3dn" }, { "vulnerability": "VCID-nasd-q68s-nqcu" }, { "vulnerability": "VCID-pbp8-csc6-57bs" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-s846-v89n-pfb4" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-v2ad-amun-wqaq" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-yk4b-82wg-auf5" }, { "vulnerability": "VCID-ykb2-yqj3-vfgw" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-yn5b-b6qq-xffs" }, { "vulnerability": "VCID-yv39-gzve-yke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1" } ], "aliases": [ "CVE-2019-16943", "GHSA-fmmc-742q-jg75" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5qe3-9uq1-w3fa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6349?format=api", "vulnerability_id": "VCID-6mm1-mbhs-23bw", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0159", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0159" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0160", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0160" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0161", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0161" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0164", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0445", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0445" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14540.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14540.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14540", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06292", "scoring_system": "epss", "scoring_elements": "0.91179", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.06292", "scoring_system": "epss", "scoring_elements": "0.91178", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.06292", "scoring_system": "epss", "scoring_elements": "0.91141", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.06292", "scoring_system": "epss", "scoring_elements": "0.91173", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14540" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/73c1c2cc76e6cdd7f3a5615cbe3207fe96e4d3db", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/73c1c2cc76e6cdd7f3a5615cbe3207fe96e4d3db" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/d4983c740fec7d5576b207a8c30a63d3ea7443de", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/d4983c740fec7d5576b207a8c30a63d3ea7443de" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/2410", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/2410" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/2449", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/2449" }, { "reference_url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6@%3Cnotifications.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6@%3Cnotifications.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540@%3Ccommits.nifi.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540@%3Ccommits.nifi.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT" }, { "reference_url": "https://seclists.org/bugtraq/2019/Oct/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Oct/6" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20191004-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20191004-0002" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4542", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4542" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755849", "reference_id": "1755849", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755849" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940498", "reference_id": "940498", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940498" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14540", "reference_id": "CVE-2019-14540", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14540" }, { "reference_url": "https://github.com/advisories/GHSA-h822-r4r5-v8jg", "reference_id": "GHSA-h822-r4r5-v8jg", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h822-r4r5-v8jg" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3200", "reference_id": "RHSA-2019:3200", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3200" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0895", "reference_id": "RHSA-2020:0895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0895" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0899", "reference_id": "RHSA-2020:0899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0899" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1644", "reference_id": "RHSA-2020:1644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2067", "reference_id": "RHSA-2020:2067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2321", "reference_id": "RHSA-2020:2321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2333", "reference_id": "RHSA-2020:2333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3192", "reference_id": "RHSA-2020:3192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "reference_url": "https://usn.ubuntu.com/USN-4813-1/", "reference_id": "USN-USN-4813-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4813-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15621?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/15620?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-7zr2-u3f1-jqd1" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9wy4-n4u7-pycp" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-gkxx-gcqv-1kfa" }, { "vulnerability": "VCID-gu8e-dgse-2be4" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j5vg-pbkx-3ya4" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-jftj-9w4n-w3dn" }, { "vulnerability": "VCID-nasd-q68s-nqcu" }, { "vulnerability": "VCID-pbp8-csc6-57bs" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-s846-v89n-pfb4" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-v2ad-amun-wqaq" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-yk4b-82wg-auf5" }, { "vulnerability": "VCID-ykb2-yqj3-vfgw" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-yn5b-b6qq-xffs" }, { "vulnerability": "VCID-yv39-gzve-yke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10" } ], "aliases": [ "CVE-2019-14540", "GHSA-h822-r4r5-v8jg" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6mm1-mbhs-23bw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12457?format=api", "vulnerability_id": "VCID-9gek-hwbv-87hc", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42004.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42004.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42004", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.46023", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.46037", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.4603", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45885", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42004" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/35de19e7144c4df8ab178b800ba86e80c3d84252", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/35de19e7144c4df8ab178b800ba86e80c3d84252" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/3582", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/3582" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221118-0008", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20221118-0008" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247", "reference_id": "2135247", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", "reference_id": "CVE-2022-42004", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004" }, { "reference_url": "https://github.com/advisories/GHSA-rgv9-q543-rqg4", "reference_id": "GHSA-rgv9-q543-rqg4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rgv9-q543-rqg4" }, { "reference_url": "https://security.gentoo.org/glsa/202210-21", "reference_id": "GLSA-202210-21", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202210-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7435", "reference_id": "RHSA-2022:7435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8781", "reference_id": "RHSA-2022:8781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8876", "reference_id": "RHSA-2022:8876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8876" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8889", "reference_id": "RHSA-2022:8889", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8889" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:9023", "reference_id": "RHSA-2022:9023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:9023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:9032", "reference_id": "RHSA-2022:9032", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:9032" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0189", "reference_id": "RHSA-2023:0189", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0189" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0264", "reference_id": "RHSA-2023:0264", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0264" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0469", "reference_id": "RHSA-2023:0469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0471", "reference_id": "RHSA-2023:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0552", "reference_id": "RHSA-2023:0552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0553", "reference_id": "RHSA-2023:0553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0554", "reference_id": "RHSA-2023:0554", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0554" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0556", "reference_id": "RHSA-2023:0556", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0556" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0713", "reference_id": "RHSA-2023:0713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0713" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1006", "reference_id": "RHSA-2023:1006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1043", "reference_id": "RHSA-2023:1043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1044", "reference_id": "RHSA-2023:1044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1045", "reference_id": "RHSA-2023:1045", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1047", "reference_id": "RHSA-2023:1047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1049", "reference_id": "RHSA-2023:1049", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1049" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1064", "reference_id": "RHSA-2023:1064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1064" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2097", "reference_id": "RHSA-2023:2097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2097" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2100", "reference_id": "RHSA-2023:2100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2100" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2135", "reference_id": "RHSA-2023:2135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3223", "reference_id": "RHSA-2023:3223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3641", "reference_id": "RHSA-2023:3641", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3641" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3663", "reference_id": "RHSA-2023:3663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1746", "reference_id": "RHSA-2025:1746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1747", "reference_id": "RHSA-2025:1747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1747" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27212?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/27210?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-rg6h-uhep-kyce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4" } ], "aliases": [ "CVE-2022-42004", "GHSA-rgv9-q543-rqg4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9gek-hwbv-87hc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206833?format=api", "vulnerability_id": "VCID-9wva-fncp-5khs", "summary": "Code Injection in jackson-databind", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24616.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24616.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24616", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02676", "scoring_system": "epss", "scoring_elements": "0.86217", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.02676", "scoring_system": "epss", "scoring_elements": "0.86219", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02676", "scoring_system": "epss", "scoring_elements": "0.86208", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02676", "scoring_system": "epss", "scoring_elements": "0.86158", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24616" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24616", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24616" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/3d97153944f7de9c19c1b3637b33d3cf1fbbe4d7", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/3d97153944f7de9c19c1b3637b33d3cf1fbbe4d7" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/2814", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/2814" }, { "reference_url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200904-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200904-0006" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200904-0006/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200904-0006/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1872707", "reference_id": "1872707", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1872707" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24616", "reference_id": "CVE-2020-24616", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24616" }, { "reference_url": "https://github.com/advisories/GHSA-h3cw-g4mq-c5x2", "reference_id": "GHSA-h3cw-g4mq-c5x2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h3cw-g4mq-c5x2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18246?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-pbp8-csc6-57bs" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6" } ], "aliases": [ "CVE-2020-24616", "GHSA-h3cw-g4mq-c5x2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9wva-fncp-5khs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/177596?format=api", "vulnerability_id": "VCID-9x2p-xss7-yyae", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0159", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0159" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0160", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0160" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0161", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0161" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0164", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0445", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0729", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0729" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16335.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16335.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16335", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00651", "scoring_system": "epss", "scoring_elements": "0.71448", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00651", "scoring_system": "epss", "scoring_elements": "0.71447", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00651", "scoring_system": "epss", "scoring_elements": "0.71436", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00651", "scoring_system": "epss", "scoring_elements": "0.71348", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16335" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/73c1c2cc76e6cdd7f3a5615cbe3207fe96e4d3db", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/73c1c2cc76e6cdd7f3a5615cbe3207fe96e4d3db" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/2449", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/2449" }, { "reference_url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/" }, { "reference_url": "https://seclists.org/bugtraq/2019/Oct/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Oct/6" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20191004-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20191004-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20191004-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20191004-0002/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4542", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4542" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831", "reference_id": "1755831", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1755831" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940498", "reference_id": "940498", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940498" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335", "reference_id": "CVE-2019-16335", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16335" }, { "reference_url": "https://github.com/advisories/GHSA-85cw-hj65-qqv9", "reference_id": "GHSA-85cw-hj65-qqv9", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-85cw-hj65-qqv9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3200", "reference_id": "RHSA-2019:3200", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3200" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0895", "reference_id": "RHSA-2020:0895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0895" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0899", "reference_id": "RHSA-2020:0899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0899" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1644", "reference_id": "RHSA-2020:1644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2067", "reference_id": "RHSA-2020:2067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2333", "reference_id": "RHSA-2020:2333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3192", "reference_id": "RHSA-2020:3192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "reference_url": "https://usn.ubuntu.com/USN-4813-1/", "reference_id": "USN-USN-4813-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4813-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15621?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/15620?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-7zr2-u3f1-jqd1" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9wy4-n4u7-pycp" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-gkxx-gcqv-1kfa" }, { "vulnerability": "VCID-gu8e-dgse-2be4" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j5vg-pbkx-3ya4" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-jftj-9w4n-w3dn" }, { "vulnerability": "VCID-nasd-q68s-nqcu" }, { "vulnerability": "VCID-pbp8-csc6-57bs" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-s846-v89n-pfb4" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-v2ad-amun-wqaq" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-yk4b-82wg-auf5" }, { "vulnerability": "VCID-ykb2-yqj3-vfgw" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-yn5b-b6qq-xffs" }, { "vulnerability": "VCID-yv39-gzve-yke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10" } ], "aliases": [ "CVE-2019-16335", "GHSA-85cw-hj65-qqv9" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9x2p-xss7-yyae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206835?format=api", "vulnerability_id": "VCID-a4ns-753v-f3a4", "summary": "Serialization gadgets exploit in jackson-databind", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35491.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35491.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35491", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05713", "scoring_system": "epss", "scoring_elements": "0.90627", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.05713", "scoring_system": "epss", "scoring_elements": "0.90663", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.05713", "scoring_system": "epss", "scoring_elements": "0.90664", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.05713", "scoring_system": "epss", "scoring_elements": "0.90657", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35491" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35491", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35491" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/2986", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/2986" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210122-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210122-0005" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909269", "reference_id": "1909269", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909269" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35491", "reference_id": "CVE-2020-35491", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35491" }, { "reference_url": "https://github.com/advisories/GHSA-r3gr-cxrf-hg25", "reference_id": "GHSA-r3gr-cxrf-hg25", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r3gr-cxrf-hg25" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1230", "reference_id": "RHSA-2021:1230", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1230" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1515", "reference_id": "RHSA-2021:1515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1515" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18066?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-rg6h-uhep-kyce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8" } ], "aliases": [ "CVE-2020-35491", "GHSA-r3gr-cxrf-hg25" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a4ns-753v-f3a4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8569?format=api", "vulnerability_id": "VCID-beub-gxyy-ckaq", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35728.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35728.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35728", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.42315", "scoring_system": "epss", "scoring_elements": "0.97538", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.42315", "scoring_system": "epss", "scoring_elements": "0.97548", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.42315", "scoring_system": "epss", "scoring_elements": "0.97547", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35728" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35728", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35728" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/1ca0388c2fb37ac6a06f1c188ae89c41e3e15e84", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/1ca0388c2fb37ac6a06f1c188ae89c41e3e15e84" }, { "reference_url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210129-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210129-0007" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911502", "reference_id": "1911502", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911502" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/2999", "reference_id": "2999", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/2999" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "cpuApr2021.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "cpuapr2022.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "cpujan2022.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "cpujul2021.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "cpujul2022.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "cpuoct2021.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35728", "reference_id": "CVE-2020-35728", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35728" }, { "reference_url": "https://github.com/advisories/GHSA-5r5r-6hpj-8gg9", "reference_id": "GHSA-5r5r-6hpj-8gg9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5r5r-6hpj-8gg9" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html", "reference_id": "msg00025.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210129-0007/", "reference_id": "ntap-20210129-0007", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20210129-0007/" }, { "reference_url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_id": "on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/" } ], "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1230", "reference_id": "RHSA-2021:1230", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1230" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1515", "reference_id": "RHSA-2021:1515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1515" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18066?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-rg6h-uhep-kyce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8" } ], "aliases": [ "CVE-2020-35728", "GHSA-5r5r-6hpj-8gg9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-beub-gxyy-ckaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206625?format=api", "vulnerability_id": "VCID-bwma-hhuz-8kes", "summary": "Unsafe Deserialization in jackson-databind", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36186.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36186.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36186", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02413", "scoring_system": "epss", "scoring_elements": "0.85434", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02413", "scoring_system": "epss", "scoring_elements": "0.85486", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.02413", "scoring_system": "epss", "scoring_elements": "0.85494", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02413", "scoring_system": "epss", "scoring_elements": "0.85485", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36186" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36186", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36186" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/2997", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/2997" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210205-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210205-0005" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913931", "reference_id": "1913931", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913931" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36186", "reference_id": "CVE-2020-36186", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36186" }, { "reference_url": "https://github.com/advisories/GHSA-v585-23hc-c647", "reference_id": "GHSA-v585-23hc-c647", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v585-23hc-c647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1230", "reference_id": "RHSA-2021:1230", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1230" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1515", "reference_id": "RHSA-2021:1515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1515" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18066?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-rg6h-uhep-kyce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8" } ], "aliases": [ "CVE-2020-36186", "GHSA-v585-23hc-c647" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bwma-hhuz-8kes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204250?format=api", "vulnerability_id": "VCID-c6yp-rbn5-ybft", "summary": "jackson-databind polymorphic typing issue", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4192", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4192" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0159", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0159" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0160", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0160" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0161", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0161" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0164", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0445", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0445" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17531.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17531.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17531", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0119", "scoring_system": "epss", "scoring_elements": "0.79236", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0119", "scoring_system": "epss", "scoring_elements": "0.79301", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0119", "scoring_system": "epss", "scoring_elements": "0.79315", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0119", "scoring_system": "epss", "scoring_elements": "0.7931", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17531" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/b5a304a98590b6bb766134f9261e6566dcbbb6d0", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/b5a304a98590b6bb766134f9261e6566dcbbb6d0" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/2498", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/2498" }, { "reference_url": "https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5@%3Ccommits.pulsar.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5@%3Ccommits.pulsar.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html" }, { "reference_url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20191024-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20191024-0005" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20191024-0005/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20191024-0005/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775293", "reference_id": "1775293", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775293" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17531", "reference_id": "CVE-2019-17531", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17531" }, { "reference_url": "https://github.com/advisories/GHSA-gjmw-vf9h-g25v", "reference_id": "GHSA-gjmw-vf9h-g25v", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gjmw-vf9h-g25v" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0895", "reference_id": "RHSA-2020:0895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0895" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0899", "reference_id": "RHSA-2020:0899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0899" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0939", "reference_id": "RHSA-2020:0939", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1644", "reference_id": "RHSA-2020:1644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2067", "reference_id": "RHSA-2020:2067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2333", "reference_id": "RHSA-2020:2333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3192", "reference_id": "RHSA-2020:3192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5856", "reference_id": "RHSA-2024:5856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "reference_url": "https://usn.ubuntu.com/USN-4813-1/", "reference_id": "USN-USN-4813-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4813-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15621?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/15689?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-7zr2-u3f1-jqd1" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9wy4-n4u7-pycp" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-gkxx-gcqv-1kfa" }, { "vulnerability": "VCID-gu8e-dgse-2be4" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j5vg-pbkx-3ya4" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-jftj-9w4n-w3dn" }, { "vulnerability": "VCID-nasd-q68s-nqcu" }, { "vulnerability": "VCID-pbp8-csc6-57bs" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-s846-v89n-pfb4" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-v2ad-amun-wqaq" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-yk4b-82wg-auf5" }, { "vulnerability": "VCID-ykb2-yqj3-vfgw" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-yn5b-b6qq-xffs" }, { "vulnerability": "VCID-yv39-gzve-yke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1" } ], "aliases": [ "CVE-2019-17531", "GHSA-gjmw-vf9h-g25v" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c6yp-rbn5-ybft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/177597?format=api", "vulnerability_id": "VCID-d7fc-apg8-tyh5", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3901", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3901" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0159", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0159" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0160", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0160" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0161", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0161" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0164", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0445", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0445" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16942.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16942.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16942", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.62189", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.62079", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.6218", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00415", "scoring_system": "epss", "scoring_elements": "0.62192", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/328a0f833daf6baa443ac3b37c818a0204714b0b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/328a0f833daf6baa443ac3b37c818a0204714b0b" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/54aa38d87dcffa5ccc23e64922e9536c82c1b9c8", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/54aa38d87dcffa5ccc23e64922e9536c82c1b9c8" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/9593e16cf5a3d289a9c584f7123639655de9ddac", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/9593e16cf5a3d289a9c584f7123639655de9ddac" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/bc67eb11a7cf57561f861ff16f879f1fceb5779f", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/bc67eb11a7cf57561f861ff16f879f1fceb5779f" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/2478", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/2478" }, { "reference_url": "https://issues.apache.org/jira/browse/GEODE-7255", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/GEODE-7255" }, { "reference_url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/7782a937c9259a58337ee36b2961f00e2d744feafc13084e176d0df5@%3Cissues.geode.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/7782a937c9259a58337ee36b2961f00e2d744feafc13084e176d0df5@%3Cissues.geode.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954@%3Cissues.geode.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954@%3Cissues.geode.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b2e23c94f9dfef53e04c492e5d02e5c75201734be7adc73a49ef2370@%3Cissues.geode.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b2e23c94f9dfef53e04c492e5d02e5c75201734be7adc73a49ef2370@%3Cissues.geode.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT" }, { "reference_url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "reference_url": "https://seclists.org/bugtraq/2019/Oct/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Oct/6" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20191017-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20191017-0006" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4542", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4542" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758187", "reference_id": "1758187", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758187" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941530", "reference_id": "941530", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941530" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16942", "reference_id": "CVE-2019-16942", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16942" }, { "reference_url": "https://github.com/advisories/GHSA-mx7p-6679-8g3q", "reference_id": "GHSA-mx7p-6679-8g3q", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mx7p-6679-8g3q" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0895", "reference_id": "RHSA-2020:0895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0895" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0899", "reference_id": "RHSA-2020:0899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0899" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0939", "reference_id": "RHSA-2020:0939", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1644", "reference_id": "RHSA-2020:1644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2067", "reference_id": "RHSA-2020:2067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2321", "reference_id": "RHSA-2020:2321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2333", "reference_id": "RHSA-2020:2333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3192", "reference_id": "RHSA-2020:3192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "reference_url": "https://usn.ubuntu.com/USN-4813-1/", "reference_id": "USN-USN-4813-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4813-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15621?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/15689?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-7zr2-u3f1-jqd1" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9wy4-n4u7-pycp" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-gkxx-gcqv-1kfa" }, { "vulnerability": "VCID-gu8e-dgse-2be4" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j5vg-pbkx-3ya4" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-jftj-9w4n-w3dn" }, { "vulnerability": "VCID-nasd-q68s-nqcu" }, { "vulnerability": "VCID-pbp8-csc6-57bs" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-s846-v89n-pfb4" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-v2ad-amun-wqaq" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-yk4b-82wg-auf5" }, { "vulnerability": "VCID-ykb2-yqj3-vfgw" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-yn5b-b6qq-xffs" }, { "vulnerability": "VCID-yv39-gzve-yke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1" } ], "aliases": [ "CVE-2019-16942", "GHSA-mx7p-6679-8g3q" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d7fc-apg8-tyh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/152616?format=api", "vulnerability_id": "VCID-ebf2-rfym-xuck", "summary": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36184.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36184.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36184", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0691", "scoring_system": "epss", "scoring_elements": "0.9163", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0691", "scoring_system": "epss", "scoring_elements": "0.91633", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0691", "scoring_system": "epss", "scoring_elements": "0.91597", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0691", "scoring_system": "epss", "scoring_elements": "0.91626", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36184" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36184", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36184" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210205-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210205-0005" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913928", "reference_id": "1913928", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913928" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/2998", "reference_id": "2998", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/2998" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "cpuApr2021.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "cpuapr2022.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "cpujan2022.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "cpujul2021.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "cpujul2022.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "cpuoct2021.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36184", "reference_id": "CVE-2020-36184", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36184" }, { "reference_url": "https://github.com/advisories/GHSA-m6x4-97wx-4q27", "reference_id": "GHSA-m6x4-97wx-4q27", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m6x4-97wx-4q27" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html", "reference_id": "msg00025.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210205-0005/", "reference_id": "ntap-20210205-0005", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { "reference_url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_id": "on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/" } ], "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1230", "reference_id": "RHSA-2021:1230", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1230" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1515", "reference_id": "RHSA-2021:1515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1515" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18066?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-rg6h-uhep-kyce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8" } ], "aliases": [ "CVE-2020-36184", "GHSA-m6x4-97wx-4q27" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ebf2-rfym-xuck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/165146?format=api", "vulnerability_id": "VCID-epj9-sgcj-2ygr", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3189", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:3189" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3190", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:3190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0576", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0576" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0577", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2927", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2927" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15095.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15095.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15095", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07697", "scoring_system": "epss", "scoring_elements": "0.92132", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.07697", "scoring_system": "epss", "scoring_elements": "0.92102", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.07697", "scoring_system": "epss", "scoring_elements": "0.92129", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.07697", "scoring_system": "epss", "scoring_elements": "0.92135", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15095" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15095", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15095" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/a054585e2175ad0882f07bcafedecfac86230f1b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/a054585e2175ad0882f07bcafedecfac86230f1b" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/a3939d36edcc755c8af55bdc1969e0fa8438f9db", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/a3939d36edcc755c8af55bdc1969e0fa8438f9db" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/ddfddfba6414adbecaff99684ef66eebd3a92e92", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/ddfddfba6414adbecaff99684ef66eebd3a92e92" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/e865a7a4464da63ded9f4b1a2328ad85c9ded78b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/e865a7a4464da63ded9f4b1a2328ad85c9ded78b" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/e8f043d1aac9b82eee907e0f0c3abbdea723a935", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/e8f043d1aac9b82eee907e0f0c3abbdea723a935" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/1680", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/1680" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/1737", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/1737" }, { "reference_url": "https://github.com/tolbertam/jackson-databind/commit/80566a0f96b2003863f9d8f9ccc3b562001e147b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tolbertam/jackson-databind/commit/80566a0f96b2003863f9d8f9ccc3b562001e147b" }, { "reference_url": "https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20171214-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20171214-0003" }, { "reference_url": "https://web.archive.org/web/20200401000000*/http://www.securityfocus.com/bid/103880", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200401000000*/http://www.securityfocus.com/bid/103880" }, { "reference_url": "https://web.archive.org/web/20201221192044/http://www.securitytracker.com/id/1039769", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201221192044/http://www.securitytracker.com/id/1039769" }, { "reference_url": "https://www.debian.org/security/2017/dsa-4037", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2017/dsa-4037" }, { "reference_url": "http://www.securityfocus.com/bid/103880", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/103880" }, { "reference_url": "http://www.securitytracker.com/id/1039769", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039769" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506612", "reference_id": "1506612", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506612" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15095", "reference_id": "CVE-2017-15095", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15095" }, { "reference_url": "https://github.com/advisories/GHSA-h592-38cm-4ggp", "reference_id": "GHSA-h592-38cm-4ggp", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h592-38cm-4ggp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0342", "reference_id": "RHSA-2018:0342", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0478", "reference_id": "RHSA-2018:0478", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0479", "reference_id": "RHSA-2018:0479", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0480", "reference_id": "RHSA-2018:0480", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0481", "reference_id": "RHSA-2018:0481", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1447", "reference_id": "RHSA-2018:1447", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1448", "reference_id": "RHSA-2018:1448", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1449", "reference_id": "RHSA-2018:1449", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1450", "reference_id": "RHSA-2018:1450", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1451", "reference_id": "RHSA-2018:1451", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2858", "reference_id": "RHSA-2019:2858", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3149", "reference_id": "RHSA-2019:3149", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3149" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3892", "reference_id": "RHSA-2019:3892", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3892" }, { "reference_url": "https://usn.ubuntu.com/4741-1/", "reference_id": "USN-4741-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4741-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/14267?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-176g-xhm6-37cm" }, { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-83rf-bazr-nyfm" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-9xet-5e66-1yeb" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-aswz-ykun-tuhz" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-cdde-bu2g-33hc" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-dcvw-72d9-kuda" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-f9uf-9x2e-dkb5" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-kens-84bv-f3g9" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-nd7y-81kk-cbhw" }, { "vulnerability": "VCID-punf-m42j-27g8" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/389970?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-176g-xhm6-37cm" }, { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-83rf-bazr-nyfm" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-9xet-5e66-1yeb" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-aswz-ykun-tuhz" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-cdde-bu2g-33hc" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-dcvw-72d9-kuda" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-f9uf-9x2e-dkb5" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-kens-84bv-f3g9" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-nd7y-81kk-cbhw" }, { "vulnerability": "VCID-punf-m42j-27g8" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/14270?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-176g-xhm6-37cm" }, { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-83rf-bazr-nyfm" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-9xet-5e66-1yeb" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-aswz-ykun-tuhz" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-cdde-bu2g-33hc" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-dcvw-72d9-kuda" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-f9uf-9x2e-dkb5" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-kens-84bv-f3g9" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-nd7y-81kk-cbhw" }, { "vulnerability": "VCID-punf-m42j-27g8" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/420445?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.0.pr1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-176g-xhm6-37cm" }, { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-7zr2-u3f1-jqd1" }, { "vulnerability": "VCID-83rf-bazr-nyfm" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9wy4-n4u7-pycp" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-9xet-5e66-1yeb" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-aswz-ykun-tuhz" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-cdde-bu2g-33hc" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-dcvw-72d9-kuda" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-f9uf-9x2e-dkb5" }, { "vulnerability": "VCID-gkxx-gcqv-1kfa" }, { "vulnerability": "VCID-gu8e-dgse-2be4" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j5vg-pbkx-3ya4" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-jftj-9w4n-w3dn" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-kens-84bv-f3g9" }, { "vulnerability": "VCID-nasd-q68s-nqcu" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-nd7y-81kk-cbhw" }, { "vulnerability": "VCID-pbp8-csc6-57bs" }, { "vulnerability": "VCID-punf-m42j-27g8" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-s846-v89n-pfb4" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-v2ad-amun-wqaq" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-yk4b-82wg-auf5" }, { "vulnerability": "VCID-ykb2-yqj3-vfgw" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-yn5b-b6qq-xffs" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" }, { "vulnerability": "VCID-yv39-gzve-yke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.0.pr1" }, { "url": "http://public2.vulnerablecode.io/api/packages/389971?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-176g-xhm6-37cm" }, { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-7zr2-u3f1-jqd1" }, { "vulnerability": "VCID-83rf-bazr-nyfm" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9wy4-n4u7-pycp" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-9xet-5e66-1yeb" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-aswz-ykun-tuhz" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-cdde-bu2g-33hc" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-dcvw-72d9-kuda" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-f9uf-9x2e-dkb5" }, { "vulnerability": "VCID-gkxx-gcqv-1kfa" }, { "vulnerability": "VCID-gu8e-dgse-2be4" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j5vg-pbkx-3ya4" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-jftj-9w4n-w3dn" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-kens-84bv-f3g9" }, { "vulnerability": "VCID-nasd-q68s-nqcu" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-nd7y-81kk-cbhw" }, { "vulnerability": "VCID-pbp8-csc6-57bs" }, { "vulnerability": "VCID-punf-m42j-27g8" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-s846-v89n-pfb4" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-v2ad-amun-wqaq" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-yk4b-82wg-auf5" }, { "vulnerability": "VCID-ykb2-yqj3-vfgw" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-yn5b-b6qq-xffs" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" }, { "vulnerability": "VCID-yv39-gzve-yke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/14266?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-176g-xhm6-37cm" }, { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-7zr2-u3f1-jqd1" }, { "vulnerability": "VCID-83rf-bazr-nyfm" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9wy4-n4u7-pycp" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-9xet-5e66-1yeb" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-aswz-ykun-tuhz" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-cdde-bu2g-33hc" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-dcvw-72d9-kuda" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-f9uf-9x2e-dkb5" }, { "vulnerability": "VCID-gkxx-gcqv-1kfa" }, { "vulnerability": "VCID-gu8e-dgse-2be4" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j5vg-pbkx-3ya4" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-jftj-9w4n-w3dn" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-nasd-q68s-nqcu" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-nd7y-81kk-cbhw" }, { "vulnerability": "VCID-pbp8-csc6-57bs" }, { "vulnerability": "VCID-punf-m42j-27g8" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-s846-v89n-pfb4" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-v2ad-amun-wqaq" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-yk4b-82wg-auf5" }, { "vulnerability": "VCID-ykb2-yqj3-vfgw" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-yn5b-b6qq-xffs" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" }, { "vulnerability": "VCID-yv39-gzve-yke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" } ], "aliases": [ "CVE-2017-15095", "GHSA-h592-38cm-4ggp" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-epj9-sgcj-2ygr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30219?format=api", "vulnerability_id": "VCID-f9uf-9x2e-dkb5", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1786", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1786" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2088", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2089", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2089" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2090", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2090" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2938", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2938" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7489.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7489.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7489", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.36207", "scoring_system": "epss", "scoring_elements": "0.97218", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.36207", "scoring_system": "epss", "scoring_elements": "0.97209", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.36207", "scoring_system": "epss", "scoring_elements": "0.97219", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.36207", "scoring_system": "epss", "scoring_elements": "0.97216", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7489" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7489", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7489" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/60d459cedcf079c6106ae7da2ac562bc32dcabe1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/commit/60d459cedcf079c6106ae7da2ac562bc32dcabe1" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/bc22f90eb7f896ace9567598a99cb1ff6e0f9d9d", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/bc22f90eb7f896ace9567598a99cb1ff6e0f9d9d" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/c921f0935d5e41bf206e702d8077a275ba1a6efc", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/c921f0935d5e41bf206e702d8077a275ba1a6efc" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/ca2bfc86af82a1479112004b663ba74c760752e6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/ca2bfc86af82a1479112004b663ba74c760752e6" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/ddfddfba6414adbecaff99684ef66eebd3a92e92", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/commit/ddfddfba6414adbecaff99684ef66eebd3a92e92" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/e66c0a9d3c926ff1b63bf586c824ead1d02f2a3d", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/e66c0a9d3c926ff1b63bf586c824ead1d02f2a3d" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/e8f043d1aac9b82eee907e0f0c3abbdea723a935", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/commit/e8f043d1aac9b82eee907e0f0c3abbdea723a935" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/1931", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/1931" }, { "reference_url": "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180328-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180328-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180328-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180328-0001/" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4190", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4190" }, { "reference_url": "http://www.securityfocus.com/bid/103203", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/103203" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549276", "reference_id": "1549276", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549276" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891614", "reference_id": "891614", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891614" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7489", "reference_id": "CVE-2018-7489", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7489" }, { "reference_url": "https://github.com/advisories/GHSA-cggj-fvv3-cqwv", "reference_id": "GHSA-cggj-fvv3-cqwv", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cggj-fvv3-cqwv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1447", "reference_id": "RHSA-2018:1447", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1448", "reference_id": "RHSA-2018:1448", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1449", "reference_id": "RHSA-2018:1449", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1450", "reference_id": "RHSA-2018:1450", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1451", "reference_id": "RHSA-2018:1451", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2939", "reference_id": "RHSA-2018:2939", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2858", "reference_id": "RHSA-2019:2858", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3149", "reference_id": "RHSA-2019:3149", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3149" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2562", "reference_id": "RHSA-2020:2562", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2562" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13799?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-176g-xhm6-37cm" }, { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-83rf-bazr-nyfm" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-9xet-5e66-1yeb" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-aswz-ykun-tuhz" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-cdde-bu2g-33hc" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-dcvw-72d9-kuda" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-kens-84bv-f3g9" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-nd7y-81kk-cbhw" }, { "vulnerability": "VCID-punf-m42j-27g8" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-skpt-rvj3-2yev" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/13803?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-176g-xhm6-37cm" }, { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-83rf-bazr-nyfm" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-9xet-5e66-1yeb" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-aswz-ykun-tuhz" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-cdde-bu2g-33hc" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-dcvw-72d9-kuda" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-nd7y-81kk-cbhw" }, { "vulnerability": "VCID-punf-m42j-27g8" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-skpt-rvj3-2yev" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/13801?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-176g-xhm6-37cm" }, { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-7zr2-u3f1-jqd1" }, { "vulnerability": "VCID-83rf-bazr-nyfm" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9wy4-n4u7-pycp" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-9xet-5e66-1yeb" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-aswz-ykun-tuhz" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-cdde-bu2g-33hc" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-dcvw-72d9-kuda" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-gkxx-gcqv-1kfa" }, { "vulnerability": "VCID-gu8e-dgse-2be4" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j5vg-pbkx-3ya4" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-jftj-9w4n-w3dn" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-nasd-q68s-nqcu" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-nd7y-81kk-cbhw" }, { "vulnerability": "VCID-pbp8-csc6-57bs" }, { "vulnerability": "VCID-punf-m42j-27g8" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-s846-v89n-pfb4" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-v2ad-amun-wqaq" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-yk4b-82wg-auf5" }, { "vulnerability": "VCID-ykb2-yqj3-vfgw" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-yn5b-b6qq-xffs" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" }, { "vulnerability": "VCID-yv39-gzve-yke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5" } ], "aliases": [ "CVE-2018-7489", "GHSA-cggj-fvv3-cqwv" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f9uf-9x2e-dkb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206836?format=api", "vulnerability_id": "VCID-h5z6-4yu2-27dn", "summary": "Unsafe Deserialization in jackson-databind", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36185.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36185.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36185", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02715", "scoring_system": "epss", "scoring_elements": "0.86247", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02715", "scoring_system": "epss", "scoring_elements": "0.86305", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.02715", "scoring_system": "epss", "scoring_elements": "0.86307", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02715", "scoring_system": "epss", "scoring_elements": "0.86297", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36185" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36185", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36185" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210205-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210205-0005" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913929", "reference_id": "1913929", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913929" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36185", "reference_id": "CVE-2020-36185", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36185" }, { "reference_url": "https://github.com/advisories/GHSA-8w26-6f25-cm9x", "reference_id": "GHSA-8w26-6f25-cm9x", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8w26-6f25-cm9x" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1230", "reference_id": "RHSA-2021:1230", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1230" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1515", "reference_id": "RHSA-2021:1515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1515" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18066?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-rg6h-uhep-kyce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8" } ], "aliases": [ "CVE-2020-36185", "GHSA-8w26-6f25-cm9x" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h5z6-4yu2-27dn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206834?format=api", "vulnerability_id": "VCID-j54g-s28q-cuhs", "summary": "Serialization gadgets exploit in jackson-databind", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35490.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35490.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35490", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03916", "scoring_system": "epss", "scoring_elements": "0.88569", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.03916", "scoring_system": "epss", "scoring_elements": "0.88612", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.03916", "scoring_system": "epss", "scoring_elements": "0.88614", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.03916", "scoring_system": "epss", "scoring_elements": "0.88607", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35490" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35490", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35490" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/2986", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/2986" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210122-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210122-0005" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909266", "reference_id": "1909266", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909266" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35490", "reference_id": "CVE-2020-35490", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35490" }, { "reference_url": "https://github.com/advisories/GHSA-wh8g-3j2c-rqj5", "reference_id": "GHSA-wh8g-3j2c-rqj5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wh8g-3j2c-rqj5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1230", "reference_id": "RHSA-2021:1230", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1230" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1515", "reference_id": "RHSA-2021:1515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1515" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18066?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-rg6h-uhep-kyce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8" } ], "aliases": [ "CVE-2020-35490", "GHSA-wh8g-3j2c-rqj5" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j54g-s28q-cuhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5657?format=api", "vulnerability_id": "VCID-kens-84bv-f3g9", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1525", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1525" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5968.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5968.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5968", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01965", "scoring_system": "epss", "scoring_elements": "0.83905", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01965", "scoring_system": "epss", "scoring_elements": "0.83962", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01965", "scoring_system": "epss", "scoring_elements": "0.8397", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01965", "scoring_system": "epss", "scoring_elements": "0.83966", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5968" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17485", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17485" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5968", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5968" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/038b471e2efde2e8f96b4e0be958d3e5a1ff1d0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/038b471e2efde2e8f96b4e0be958d3e5a1ff1d0" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/03ea0bec6293d4330b5ad19d1d62aca0e3cb6381", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/03ea0bec6293d4330b5ad19d1d62aca0e3cb6381" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/454be8bb8c913be18298327a84ca45a280b61605", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/454be8bb8c913be18298327a84ca45a280b61605" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/1899", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/1899" }, { "reference_url": "https://github.com/GulajavaMinistudio/jackson-databind/pull/92/commits/038b471e2efde2e8f96b4e0be958d3e5a1ff1d05", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/GulajavaMinistudio/jackson-databind/pull/92/commits/038b471e2efde2e8f96b4e0be958d3e5a1ff1d05" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180423-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180423-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180423-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180423-0002/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538332", "reference_id": "1538332", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538332" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888316", "reference_id": "888316", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888316" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5968", "reference_id": "CVE-2018-5968", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5968" }, { "reference_url": "https://github.com/advisories/GHSA-w3f4-3q6j-rh82", "reference_id": "GHSA-w3f4-3q6j-rh82", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w3f4-3q6j-rh82" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0478", "reference_id": "RHSA-2018:0478", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0479", "reference_id": "RHSA-2018:0479", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0480", "reference_id": "RHSA-2018:0480", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0481", "reference_id": "RHSA-2018:0481", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2858", "reference_id": "RHSA-2019:2858", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3149", "reference_id": "RHSA-2019:3149", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3149" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/14701?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-83rf-bazr-nyfm" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-9xet-5e66-1yeb" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/13803?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-176g-xhm6-37cm" }, { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-83rf-bazr-nyfm" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-9xet-5e66-1yeb" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-aswz-ykun-tuhz" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-cdde-bu2g-33hc" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-dcvw-72d9-kuda" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-nd7y-81kk-cbhw" }, { "vulnerability": "VCID-punf-m42j-27g8" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-skpt-rvj3-2yev" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/14266?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-176g-xhm6-37cm" }, { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-7zr2-u3f1-jqd1" }, { "vulnerability": "VCID-83rf-bazr-nyfm" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9wy4-n4u7-pycp" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-9xet-5e66-1yeb" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-aswz-ykun-tuhz" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-cdde-bu2g-33hc" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-dcvw-72d9-kuda" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-f9uf-9x2e-dkb5" }, { "vulnerability": "VCID-gkxx-gcqv-1kfa" }, { "vulnerability": "VCID-gu8e-dgse-2be4" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j5vg-pbkx-3ya4" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-jftj-9w4n-w3dn" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-nasd-q68s-nqcu" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-nd7y-81kk-cbhw" }, { "vulnerability": "VCID-pbp8-csc6-57bs" }, { "vulnerability": "VCID-punf-m42j-27g8" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-s846-v89n-pfb4" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-v2ad-amun-wqaq" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-yk4b-82wg-auf5" }, { "vulnerability": "VCID-ykb2-yqj3-vfgw" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-yn5b-b6qq-xffs" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" }, { "vulnerability": "VCID-yv39-gzve-yke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4" } ], "aliases": [ "CVE-2018-5968", "GHSA-w3f4-3q6j-rh82" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kens-84bv-f3g9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6577?format=api", "vulnerability_id": "VCID-ncr4-82xp-eqh5", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0159", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0159" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0160", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0160" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0161", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0161" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0164", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0445", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0445" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17267.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17267.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17267", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01195", "scoring_system": "epss", "scoring_elements": "0.79278", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01195", "scoring_system": "epss", "scoring_elements": "0.79343", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01195", "scoring_system": "epss", "scoring_elements": "0.79356", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01195", "scoring_system": "epss", "scoring_elements": "0.79352", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17267" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17267", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17267" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/191a4cdf87b56d2ddddb77edd895ee756b7f75eb", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/191a4cdf87b56d2ddddb77edd895ee756b7f75eb" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/2460", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/2460" }, { "reference_url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9d727fc681fb3828794acbefcaee31393742b4d73a29461ccd9597a8@%3Cdev.skywalking.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9d727fc681fb3828794acbefcaee31393742b4d73a29461ccd9597a8@%3Cdev.skywalking.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20191017-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20191017-0006" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20191017-0006/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20191017-0006/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758167", "reference_id": "1758167", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758167" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17267", "reference_id": "CVE-2019-17267", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17267" }, { "reference_url": "https://github.com/advisories/GHSA-f3j5-rmmp-3fc5", "reference_id": "GHSA-f3j5-rmmp-3fc5", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f3j5-rmmp-3fc5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3200", "reference_id": "RHSA-2019:3200", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3200" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0895", "reference_id": "RHSA-2020:0895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0895" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0899", "reference_id": "RHSA-2020:0899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0899" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2067", "reference_id": "RHSA-2020:2067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2321", "reference_id": "RHSA-2020:2321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2333", "reference_id": "RHSA-2020:2333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3192", "reference_id": "RHSA-2020:3192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "reference_url": "https://usn.ubuntu.com/USN-4813-1/", "reference_id": "USN-USN-4813-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4813-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15621?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/15620?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-7zr2-u3f1-jqd1" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9wy4-n4u7-pycp" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-gkxx-gcqv-1kfa" }, { "vulnerability": "VCID-gu8e-dgse-2be4" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j5vg-pbkx-3ya4" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-jftj-9w4n-w3dn" }, { "vulnerability": "VCID-nasd-q68s-nqcu" }, { "vulnerability": "VCID-pbp8-csc6-57bs" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-s846-v89n-pfb4" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-v2ad-amun-wqaq" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-yk4b-82wg-auf5" }, { "vulnerability": "VCID-ykb2-yqj3-vfgw" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-yn5b-b6qq-xffs" }, { "vulnerability": "VCID-yv39-gzve-yke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10" } ], "aliases": [ "CVE-2019-17267", "GHSA-f3j5-rmmp-3fc5" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ncr4-82xp-eqh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30506?format=api", "vulnerability_id": "VCID-nd7y-81kk-cbhw", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0782", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1822", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1823", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1823" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2804", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2804" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3002", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3002" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3140", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4037", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4037" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11307.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11307.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11307", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1243", "scoring_system": "epss", "scoring_elements": "0.94089", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.1243", "scoring_system": "epss", "scoring_elements": "0.94063", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.1243", "scoring_system": "epss", "scoring_elements": "0.94091", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.1243", "scoring_system": "epss", "scoring_elements": "0.94084", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11307" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/051bd5e447fbc9539e12a4fe90eb989dba0c656", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/051bd5e447fbc9539e12a4fe90eb989dba0c656" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/27b4defc270454dea6842bd9279f17387eceb73", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/27b4defc270454dea6842bd9279f17387eceb73" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/78e78738d69adcb59fdac9fc12d9053ce8809f3d", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/78e78738d69adcb59fdac9fc12d9053ce8809f3d" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/2032", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/2032" }, { "reference_url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { "reference_url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677341", "reference_id": "1677341", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677341" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525", "reference_id": "CVE-2017-7525", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11307", "reference_id": "CVE-2018-11307", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11307" }, { "reference_url": "https://github.com/advisories/GHSA-qr7j-h6gg-jmgc", "reference_id": "GHSA-qr7j-h6gg-jmgc", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qr7j-h6gg-jmgc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2858", "reference_id": "RHSA-2019:2858", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3149", "reference_id": "RHSA-2019:3149", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3149" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3892", "reference_id": "RHSA-2019:3892", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3892" }, { "reference_url": "https://usn.ubuntu.com/USN-4813-1/", "reference_id": "USN-USN-4813-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4813-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/14700?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-83rf-bazr-nyfm" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-9xet-5e66-1yeb" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-cdde-bu2g-33hc" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-dcvw-72d9-kuda" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-kens-84bv-f3g9" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-punf-m42j-27g8" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/14702?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-83rf-bazr-nyfm" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-9xet-5e66-1yeb" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-cdde-bu2g-33hc" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-dcvw-72d9-kuda" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-punf-m42j-27g8" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/15097?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-7zr2-u3f1-jqd1" }, { "vulnerability": "VCID-83rf-bazr-nyfm" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9wy4-n4u7-pycp" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-9xet-5e66-1yeb" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-cdde-bu2g-33hc" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-dcvw-72d9-kuda" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-gkxx-gcqv-1kfa" }, { "vulnerability": "VCID-gu8e-dgse-2be4" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j5vg-pbkx-3ya4" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-jftj-9w4n-w3dn" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-nasd-q68s-nqcu" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-pbp8-csc6-57bs" }, { "vulnerability": "VCID-punf-m42j-27g8" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-s846-v89n-pfb4" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-v2ad-amun-wqaq" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-yk4b-82wg-auf5" }, { "vulnerability": "VCID-ykb2-yqj3-vfgw" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-yn5b-b6qq-xffs" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" }, { "vulnerability": "VCID-yv39-gzve-yke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6" } ], "aliases": [ "CVE-2018-11307", "GHSA-qr7j-h6gg-jmgc" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nd7y-81kk-cbhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12456?format=api", "vulnerability_id": "VCID-rg6h-uhep-kyce", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42003.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42003.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42003", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52995", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.53013", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52869", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52997", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42003" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/blob/2.13/release-notes/VERSION-2.x", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/blob/2.13/release-notes/VERSION-2.x" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/2c4a601c626f7790cad9d3c322d244e182838288", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/2c4a601c626f7790cad9d3c322d244e182838288" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commits/jackson-databind-2.4.0-rc1?after=75b97b8519f0d50c62523ad85170d80a197a2c86+174&branch=jackson-databind-2.4.0-rc1&qualified_name=refs%2Ftags%2Fjackson-databind-2.4.0-rc1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commits/jackson-databind-2.4.0-rc1?after=75b97b8519f0d50c62523ad85170d80a197a2c86+174&branch=jackson-databind-2.4.0-rc1&qualified_name=refs%2Ftags%2Fjackson-databind-2.4.0-rc1" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.13.4.1...jackson-databind-2.13.4.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.13.4.1...jackson-databind-2.13.4.2" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/3590", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/3590" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/3627", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/3627" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221124-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20221124-0004" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244", "reference_id": "2135244", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", "reference_id": "CVE-2022-42003", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003" }, { "reference_url": "https://github.com/advisories/GHSA-jjjh-jjxp-wpff", "reference_id": "GHSA-jjjh-jjxp-wpff", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jjjh-jjxp-wpff" }, { "reference_url": "https://security.gentoo.org/glsa/202210-21", "reference_id": "GLSA-202210-21", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202210-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7435", "reference_id": "RHSA-2022:7435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8781", "reference_id": "RHSA-2022:8781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8876", "reference_id": "RHSA-2022:8876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8876" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8889", "reference_id": "RHSA-2022:8889", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8889" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:9023", "reference_id": "RHSA-2022:9023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:9023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:9032", "reference_id": "RHSA-2022:9032", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:9032" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0189", "reference_id": "RHSA-2023:0189", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0189" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0261", "reference_id": "RHSA-2023:0261", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0261" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0264", "reference_id": "RHSA-2023:0264", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0264" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0469", "reference_id": "RHSA-2023:0469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0471", "reference_id": "RHSA-2023:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0552", "reference_id": "RHSA-2023:0552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0553", "reference_id": "RHSA-2023:0553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0554", "reference_id": "RHSA-2023:0554", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0554" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0556", "reference_id": "RHSA-2023:0556", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0556" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0713", "reference_id": "RHSA-2023:0713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0713" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1006", "reference_id": "RHSA-2023:1006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1043", "reference_id": "RHSA-2023:1043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1044", "reference_id": "RHSA-2023:1044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1045", "reference_id": "RHSA-2023:1045", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1047", "reference_id": "RHSA-2023:1047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1049", "reference_id": "RHSA-2023:1049", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1049" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1064", "reference_id": "RHSA-2023:1064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1064" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1151", "reference_id": "RHSA-2023:1151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2097", "reference_id": "RHSA-2023:2097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2097" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2100", "reference_id": "RHSA-2023:2100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2100" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2135", "reference_id": "RHSA-2023:2135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3223", "reference_id": "RHSA-2023:3223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3641", "reference_id": "RHSA-2023:3641", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3641" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3663", "reference_id": "RHSA-2023:3663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1746", "reference_id": "RHSA-2025:1746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1747", "reference_id": "RHSA-2025:1747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1747" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27212?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/27213?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4.2" } ], "aliases": [ "CVE-2022-42003", "GHSA-jjjh-jjxp-wpff" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rg6h-uhep-kyce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6826?format=api", "vulnerability_id": "VCID-rwt6-z926-bfht", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20330.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20330.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20330", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01863", "scoring_system": "epss", "scoring_elements": "0.83543", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01863", "scoring_system": "epss", "scoring_elements": "0.83546", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01863", "scoring_system": "epss", "scoring_elements": "0.83538", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01863", "scoring_system": "epss", "scoring_elements": "0.83478", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20330" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/eb254813cc822d0af015ce8fe05febf50721dc53", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/eb254813cc822d0af015ce8fe05febf50721dc53" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/fc4214a883dc087070f25da738ef0d49c2f3387e", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/fc4214a883dc087070f25da738ef0d49c2f3387e" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/2526", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/2526" }, { "reference_url": "https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d@%3Cdev.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d@%3Cdev.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2c77dd6ab8344285bd8e481b57cf3029965a4b0036eefccef74cdd44@%3Cnotifications.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2c77dd6ab8344285bd8e481b57cf3029965a4b0036eefccef74cdd44@%3Cnotifications.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3f8180d0d25a7c6473ebb9714b0c1d19a73f455ae70d0c5fefc17e6c@%3Cissues.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3f8180d0d25a7c6473ebb9714b0c1d19a73f455ae70d0c5fefc17e6c@%3Cissues.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r428735963bee7cb99877b88d3228e28ec28af64646455c4f3e7a3c94@%3Cissues.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r428735963bee7cb99877b88d3228e28ec28af64646455c4f3e7a3c94@%3Cissues.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r50f513772f12e1babf65c7c2b9c16425bac2d945351879e2e267517f@%3Cissues.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r50f513772f12e1babf65c7c2b9c16425bac2d945351879e2e267517f@%3Cissues.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5c14fdcabdeaba258857bcb67198652e4dce1d33ddc590cd81d82393@%3Cdev.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r5c14fdcabdeaba258857bcb67198652e4dce1d33ddc590cd81d82393@%3Cdev.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7efbe7d04625425b3@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7efbe7d04625425b3@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5d3d10fdf28110da3f9ac1b7d08d7e252f98d7d37ce0a6bd139a2e4f@%3Cissues.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r5d3d10fdf28110da3f9ac1b7d08d7e252f98d7d37ce0a6bd139a2e4f@%3Cissues.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r67f4d4c48197454b83d62afbed8bebbda3764e6e3a6e26a848961764@%3Ccommits.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r67f4d4c48197454b83d62afbed8bebbda3764e6e3a6e26a848961764@%3Ccommits.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r707d23bb9ee245f50aa909add0da6e8d8f24719b1278ddd99d2428b2@%3Cissues.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r707d23bb9ee245f50aa909add0da6e8d8f24719b1278ddd99d2428b2@%3Cissues.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7a0821b44247a1e6c6fe5f2943b90ebc4f80a8d1fb0aa9a8b29a59a2@%3Ccommits.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r7a0821b44247a1e6c6fe5f2943b90ebc4f80a8d1fb0aa9a8b29a59a2@%3Ccommits.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7fb123e7dad49af5886cfec7135c0fd5b74e4c67af029e1dc91ba744@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r7fb123e7dad49af5886cfec7135c0fd5b74e4c67af029e1dc91ba744@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r8831b7fa5ca87a1cf23ee08d6dedb7877a964c1d2bd869af24056a63@%3Ccommits.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8831b7fa5ca87a1cf23ee08d6dedb7877a964c1d2bd869af24056a63@%3Ccommits.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r909c822409a276ba04dc2ae31179b16f6864ba02c4f9911bdffebf95@%3Cissues.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r909c822409a276ba04dc2ae31179b16f6864ba02c4f9911bdffebf95@%3Cissues.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra2e572f568de8df5ba151e6aebb225a0629faaf0476bf7c7ed877af8@%3Cnotifications.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra2e572f568de8df5ba151e6aebb225a0629faaf0476bf7c7ed877af8@%3Cnotifications.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra5ce96faec37c26b0aa15b4b6a8b1cbb145a748653e56ae83e9685d0@%3Cnotifications.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra5ce96faec37c26b0aa15b4b6a8b1cbb145a748653e56ae83e9685d0@%3Cnotifications.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra8a80dbc7319916946397823aec0d893d24713cbf7b5aee0e957298c@%3Cdev.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra8a80dbc7319916946397823aec0d893d24713cbf7b5aee0e957298c@%3Cdev.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb532fed78d031fff477fd840b81946f6d1200f93a63698dae65aa528@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb532fed78d031fff477fd840b81946f6d1200f93a63698dae65aa528@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd1f346227e11fc515914f3a7b20d81543e51e5822ba71baa0452634a@%3Cissues.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rd1f346227e11fc515914f3a7b20d81543e51e5822ba71baa0452634a@%3Cissues.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd49cfa41bbb71ef33b53736a6af2aa8ba88c2106e30f2a34902a87d2@%3Cnotifications.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rd49cfa41bbb71ef33b53736a6af2aa8ba88c2106e30f2a34902a87d2@%3Cnotifications.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd6c6fef14944f3dcfb58d35f9317eb1c32a700e86c1b5231e45d3d0b@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rd6c6fef14944f3dcfb58d35f9317eb1c32a700e86c1b5231e45d3d0b@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfa57d9c2a27d3af14c69607fb1a3da00e758b2092aa88eb6a51b6e99@%3Cissues.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfa57d9c2a27d3af14c69607fb1a3da00e758b2092aa88eb6a51b6e99@%3Cissues.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200127-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200127-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200127-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200127-0004/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793154", "reference_id": "1793154", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793154" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20330", "reference_id": "CVE-2019-20330", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20330" }, { "reference_url": "https://github.com/advisories/GHSA-gww7-p5w4-wrfv", "reference_id": "GHSA-gww7-p5w4-wrfv", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gww7-p5w4-wrfv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0939", "reference_id": "RHSA-2020:0939", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0951", "reference_id": "RHSA-2020:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1644", "reference_id": "RHSA-2020:1644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2067", "reference_id": "RHSA-2020:2067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2333", "reference_id": "RHSA-2020:2333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3192", "reference_id": "RHSA-2020:3192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3196", "reference_id": "RHSA-2020:3196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3197", "reference_id": "RHSA-2020:3197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3197" }, { "reference_url": "https://usn.ubuntu.com/USN-4813-1/", "reference_id": "USN-USN-4813-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4813-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16217?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-83rf-bazr-nyfm" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/15621?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/16215?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-7zr2-u3f1-jqd1" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9wy4-n4u7-pycp" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-gkxx-gcqv-1kfa" }, { "vulnerability": "VCID-gu8e-dgse-2be4" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j5vg-pbkx-3ya4" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-jftj-9w4n-w3dn" }, { "vulnerability": "VCID-nasd-q68s-nqcu" }, { "vulnerability": "VCID-pbp8-csc6-57bs" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-s846-v89n-pfb4" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-v2ad-amun-wqaq" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-yk4b-82wg-auf5" }, { "vulnerability": "VCID-ykb2-yqj3-vfgw" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-yn5b-b6qq-xffs" }, { "vulnerability": "VCID-yv39-gzve-yke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.2" } ], "aliases": [ "CVE-2019-20330", "GHSA-gww7-p5w4-wrfv" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rwt6-z926-bfht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204809?format=api", "vulnerability_id": "VCID-ysq3-uksg-8uhe", "summary": "Polymorphic deserialization of malicious object in jackson-databind", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0729", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0729" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14893.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14893.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14893", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00956", "scoring_system": "epss", "scoring_elements": "0.76956", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00956", "scoring_system": "epss", "scoring_elements": "0.76941", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00956", "scoring_system": "epss", "scoring_elements": "0.76949", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00956", "scoring_system": "epss", "scoring_elements": "0.76871", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14893" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14893", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14893" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/998efd708284778f29d83d7962a9bd935c228317", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/998efd708284778f29d83d7962a9bd935c228317" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/2469", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/2469" }, { "reference_url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200327-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200327-0006" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200327-0006/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200327-0006/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758182", "reference_id": "1758182", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758182" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14893", "reference_id": "CVE-2019-14893", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14893" }, { "reference_url": "https://github.com/advisories/GHSA-qmqc-x3r4-6v39", "reference_id": "GHSA-qmqc-x3r4-6v39", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qmqc-x3r4-6v39" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0895", "reference_id": "RHSA-2020:0895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0895" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0899", "reference_id": "RHSA-2020:0899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0899" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2067", "reference_id": "RHSA-2020:2067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2333", "reference_id": "RHSA-2020:2333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3192", "reference_id": "RHSA-2020:3192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3192" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15621?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/15620?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-7zr2-u3f1-jqd1" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9wy4-n4u7-pycp" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-gkxx-gcqv-1kfa" }, { "vulnerability": "VCID-gu8e-dgse-2be4" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j5vg-pbkx-3ya4" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-jftj-9w4n-w3dn" }, { "vulnerability": "VCID-nasd-q68s-nqcu" }, { "vulnerability": "VCID-pbp8-csc6-57bs" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-s846-v89n-pfb4" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-v2ad-amun-wqaq" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-yk4b-82wg-auf5" }, { "vulnerability": "VCID-ykb2-yqj3-vfgw" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-yn5b-b6qq-xffs" }, { "vulnerability": "VCID-yv39-gzve-yke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10" } ], "aliases": [ "CVE-2019-14893", "GHSA-qmqc-x3r4-6v39" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ysq3-uksg-8uhe" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206841?format=api", "vulnerability_id": "VCID-1ra8-71p6-hfhx", "summary": "Unsafe Deserialization in jackson-databind", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36189.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36189.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36189", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03941", "scoring_system": "epss", "scoring_elements": "0.88606", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.03941", "scoring_system": "epss", "scoring_elements": "0.8865", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.03941", "scoring_system": "epss", "scoring_elements": "0.88652", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.03941", "scoring_system": "epss", "scoring_elements": "0.88645", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36189" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/2996", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/2996" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210205-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210205-0005" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913937", "reference_id": "1913937", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913937" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36189", "reference_id": "CVE-2020-36189", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36189" }, { "reference_url": "https://github.com/advisories/GHSA-vfqx-33qm-g869", "reference_id": "GHSA-vfqx-33qm-g869", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vfqx-33qm-g869" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1230", "reference_id": "RHSA-2021:1230", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1230" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1515", "reference_id": "RHSA-2021:1515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1515" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13804?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-176g-xhm6-37cm" }, { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-epj9-sgcj-2ygr" }, { "vulnerability": "VCID-f9uf-9x2e-dkb5" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-kens-84bv-f3g9" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-nd7y-81kk-cbhw" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18066?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-rg6h-uhep-kyce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8" } ], "aliases": [ "CVE-2020-36189", "GHSA-vfqx-33qm-g869" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ra8-71p6-hfhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/152865?format=api", "vulnerability_id": "VCID-5agh-kwt7-hqfg", "summary": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36182.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36182.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36182", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02715", "scoring_system": "epss", "scoring_elements": "0.86305", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.02715", "scoring_system": "epss", "scoring_elements": "0.86307", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02715", "scoring_system": "epss", "scoring_elements": "0.86247", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02715", "scoring_system": "epss", "scoring_elements": "0.86297", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36182" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36182", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36182" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210205-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210205-0005" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913926", "reference_id": "1913926", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913926" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/3004", "reference_id": "3004", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/3004" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "cpuApr2021.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "cpuapr2022.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "cpujan2022.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "cpujul2021.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "cpujul2022.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "cpuoct2021.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36182", "reference_id": "CVE-2020-36182", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36182" }, { "reference_url": "https://github.com/advisories/GHSA-89qr-369f-5m5x", "reference_id": "GHSA-89qr-369f-5m5x", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-89qr-369f-5m5x" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html", "reference_id": "msg00025.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210205-0005/", "reference_id": "ntap-20210205-0005", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { "reference_url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_id": "on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/" } ], "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1230", "reference_id": "RHSA-2021:1230", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1230" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1515", "reference_id": "RHSA-2021:1515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1515" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13804?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-176g-xhm6-37cm" }, { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-epj9-sgcj-2ygr" }, { "vulnerability": "VCID-f9uf-9x2e-dkb5" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-kens-84bv-f3g9" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-nd7y-81kk-cbhw" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18066?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-rg6h-uhep-kyce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8" } ], "aliases": [ "CVE-2020-36182", "GHSA-89qr-369f-5m5x" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5agh-kwt7-hqfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/152596?format=api", "vulnerability_id": "VCID-adym-dppz-vfa2", "summary": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36180.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36180.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36180", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02941", "scoring_system": "epss", "scoring_elements": "0.86799", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.02941", "scoring_system": "epss", "scoring_elements": "0.86802", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02941", "scoring_system": "epss", "scoring_elements": "0.86791", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02941", "scoring_system": "epss", "scoring_elements": "0.86743", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36180" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36180", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36180" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210205-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210205-0005" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913872", "reference_id": "1913872", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913872" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/3004", "reference_id": "3004", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/3004" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "cpuApr2021.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "cpuapr2022.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "cpujan2022.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "cpujul2021.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "cpujul2022.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "cpuoct2021.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36180", "reference_id": "CVE-2020-36180", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36180" }, { "reference_url": "https://github.com/advisories/GHSA-8c4j-34r4-xr8g", "reference_id": "GHSA-8c4j-34r4-xr8g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8c4j-34r4-xr8g" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html", "reference_id": "msg00025.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210205-0005/", "reference_id": "ntap-20210205-0005", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { "reference_url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_id": "on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/" } ], "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1230", "reference_id": "RHSA-2021:1230", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1230" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1515", "reference_id": "RHSA-2021:1515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1515" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13804?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-176g-xhm6-37cm" }, { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-epj9-sgcj-2ygr" }, { "vulnerability": "VCID-f9uf-9x2e-dkb5" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-kens-84bv-f3g9" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-nd7y-81kk-cbhw" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18066?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-rg6h-uhep-kyce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8" } ], "aliases": [ "CVE-2020-36180", "GHSA-8c4j-34r4-xr8g" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-adym-dppz-vfa2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206838?format=api", "vulnerability_id": "VCID-cncf-xv4s-cbb2", "summary": "Unsafe Deserialization in jackson-databind", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36188.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36188.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36188", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0944", "scoring_system": "epss", "scoring_elements": "0.92987", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0944", "scoring_system": "epss", "scoring_elements": "0.93011", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0944", "scoring_system": "epss", "scoring_elements": "0.93012", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0944", "scoring_system": "epss", "scoring_elements": "0.9301", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36188" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36188", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36188" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/2996", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/2996" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210205-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210205-0005" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913934", "reference_id": "1913934", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913934" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36188", "reference_id": "CVE-2020-36188", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36188" }, { "reference_url": "https://github.com/advisories/GHSA-f9xh-2qgp-cq57", "reference_id": "GHSA-f9xh-2qgp-cq57", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f9xh-2qgp-cq57" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1230", "reference_id": "RHSA-2021:1230", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1230" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1515", "reference_id": "RHSA-2021:1515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1515" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13804?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-176g-xhm6-37cm" }, { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-epj9-sgcj-2ygr" }, { "vulnerability": "VCID-f9uf-9x2e-dkb5" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-kens-84bv-f3g9" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-nd7y-81kk-cbhw" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18066?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-rg6h-uhep-kyce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8" } ], "aliases": [ "CVE-2020-36188", "GHSA-f9xh-2qgp-cq57" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cncf-xv4s-cbb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30219?format=api", "vulnerability_id": "VCID-f9uf-9x2e-dkb5", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1786", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1786" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2088", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2089", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2089" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2090", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2090" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2938", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2938" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7489.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7489.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7489", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.36207", "scoring_system": "epss", "scoring_elements": "0.97218", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.36207", "scoring_system": "epss", "scoring_elements": "0.97209", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.36207", "scoring_system": "epss", "scoring_elements": "0.97219", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.36207", "scoring_system": "epss", "scoring_elements": "0.97216", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7489" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7489", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7489" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/60d459cedcf079c6106ae7da2ac562bc32dcabe1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/commit/60d459cedcf079c6106ae7da2ac562bc32dcabe1" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/bc22f90eb7f896ace9567598a99cb1ff6e0f9d9d", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/bc22f90eb7f896ace9567598a99cb1ff6e0f9d9d" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/c921f0935d5e41bf206e702d8077a275ba1a6efc", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/c921f0935d5e41bf206e702d8077a275ba1a6efc" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/ca2bfc86af82a1479112004b663ba74c760752e6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/ca2bfc86af82a1479112004b663ba74c760752e6" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/ddfddfba6414adbecaff99684ef66eebd3a92e92", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/commit/ddfddfba6414adbecaff99684ef66eebd3a92e92" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/e66c0a9d3c926ff1b63bf586c824ead1d02f2a3d", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/e66c0a9d3c926ff1b63bf586c824ead1d02f2a3d" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/e8f043d1aac9b82eee907e0f0c3abbdea723a935", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/commit/e8f043d1aac9b82eee907e0f0c3abbdea723a935" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/1931", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/1931" }, { "reference_url": "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180328-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180328-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180328-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180328-0001/" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4190", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4190" }, { "reference_url": "http://www.securityfocus.com/bid/103203", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/103203" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549276", "reference_id": "1549276", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549276" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891614", "reference_id": "891614", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891614" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7489", "reference_id": "CVE-2018-7489", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7489" }, { "reference_url": "https://github.com/advisories/GHSA-cggj-fvv3-cqwv", "reference_id": "GHSA-cggj-fvv3-cqwv", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cggj-fvv3-cqwv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1447", "reference_id": "RHSA-2018:1447", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1448", "reference_id": "RHSA-2018:1448", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1449", "reference_id": "RHSA-2018:1449", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1450", "reference_id": "RHSA-2018:1450", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1451", "reference_id": "RHSA-2018:1451", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1451" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2939", "reference_id": "RHSA-2018:2939", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2858", "reference_id": "RHSA-2019:2858", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3149", "reference_id": "RHSA-2019:3149", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3149" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2562", "reference_id": "RHSA-2020:2562", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2562" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13804?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-176g-xhm6-37cm" }, { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-epj9-sgcj-2ygr" }, { "vulnerability": "VCID-f9uf-9x2e-dkb5" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-kens-84bv-f3g9" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-nd7y-81kk-cbhw" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/13799?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-176g-xhm6-37cm" }, { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-83rf-bazr-nyfm" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-9xet-5e66-1yeb" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-aswz-ykun-tuhz" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-cdde-bu2g-33hc" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-dcvw-72d9-kuda" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-kens-84bv-f3g9" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-nd7y-81kk-cbhw" }, { "vulnerability": "VCID-punf-m42j-27g8" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-skpt-rvj3-2yev" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/13803?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-176g-xhm6-37cm" }, { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-83rf-bazr-nyfm" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-9xet-5e66-1yeb" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-aswz-ykun-tuhz" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-cdde-bu2g-33hc" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-dcvw-72d9-kuda" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-nd7y-81kk-cbhw" }, { "vulnerability": "VCID-punf-m42j-27g8" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-skpt-rvj3-2yev" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/13801?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-176g-xhm6-37cm" }, { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5j5q-hb8b-7ybh" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-7zr2-u3f1-jqd1" }, { "vulnerability": "VCID-83rf-bazr-nyfm" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9wy4-n4u7-pycp" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-9xet-5e66-1yeb" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-aswz-ykun-tuhz" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-cdde-bu2g-33hc" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-dcvw-72d9-kuda" }, { "vulnerability": "VCID-e865-k4uj-u7dc" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-gkxx-gcqv-1kfa" }, { "vulnerability": "VCID-gu8e-dgse-2be4" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-j5vg-pbkx-3ya4" }, { "vulnerability": "VCID-j7qz-xhu9-aydr" }, { "vulnerability": "VCID-jftj-9w4n-w3dn" }, { "vulnerability": "VCID-kecy-wbgw-x7fu" }, { "vulnerability": "VCID-nasd-q68s-nqcu" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-nd7y-81kk-cbhw" }, { "vulnerability": "VCID-pbp8-csc6-57bs" }, { "vulnerability": "VCID-punf-m42j-27g8" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-s846-v89n-pfb4" }, { "vulnerability": "VCID-skzq-uaju-hqa7" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-v2ad-amun-wqaq" }, { "vulnerability": "VCID-wcx6-jegk-mqg5" }, { "vulnerability": "VCID-y8zh-9nz1-6bh4" }, { "vulnerability": "VCID-yk4b-82wg-auf5" }, { "vulnerability": "VCID-ykb2-yqj3-vfgw" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" }, { "vulnerability": "VCID-yn5b-b6qq-xffs" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" }, { "vulnerability": "VCID-yv39-gzve-yke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5" } ], "aliases": [ "CVE-2018-7489", "GHSA-cggj-fvv3-cqwv" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f9uf-9x2e-dkb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8169?format=api", "vulnerability_id": "VCID-j7qz-xhu9-aydr", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24750.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24750.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24750", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01997", "scoring_system": "epss", "scoring_elements": "0.84026", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01997", "scoring_system": "epss", "scoring_elements": "0.84086", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01997", "scoring_system": "epss", "scoring_elements": "0.8409", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01997", "scoring_system": "epss", "scoring_elements": "0.84083", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24750" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/2118e71325486c68f089a9761c9d8a11b4ddd1cb", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/2118e71325486c68f089a9761c9d8a11b4ddd1cb" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/6cc9f1a1af323cd156f5668a47e43bab324ae16f", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/6cc9f1a1af323cd156f5668a47e43bab324ae16f" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/2798", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/2798" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20201009-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20201009-0003" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20201009-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20201009-0003/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882310", "reference_id": "1882310", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882310" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24750", "reference_id": "CVE-2020-24750", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24750" }, { "reference_url": "https://github.com/advisories/GHSA-qjw2-hr98-qgfh", "reference_id": "GHSA-qjw2-hr98-qgfh", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qjw2-hr98-qgfh" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4173", "reference_id": "RHSA-2020:4173", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4173" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5635", "reference_id": "RHSA-2020:5635", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5635" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1230", "reference_id": "RHSA-2021:1230", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1230" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1515", "reference_id": "RHSA-2021:1515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1515" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13804?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-176g-xhm6-37cm" }, { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-epj9-sgcj-2ygr" }, { "vulnerability": "VCID-f9uf-9x2e-dkb5" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-kens-84bv-f3g9" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-nd7y-81kk-cbhw" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18246?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-pbp8-csc6-57bs" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6" } ], "aliases": [ "CVE-2020-24750", "GHSA-qjw2-hr98-qgfh" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j7qz-xhu9-aydr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/152692?format=api", "vulnerability_id": "VCID-kan7-fez2-e7hw", "summary": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36179.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36179.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36179", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.56454", "scoring_system": "epss", "scoring_elements": "0.98166", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.56454", "scoring_system": "epss", "scoring_elements": "0.98159", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36179" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36179", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36179" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b" }, { "reference_url": "https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436@%3Cissues.spark.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436@%3Cissues.spark.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210205-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210205-0005" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913871", "reference_id": "1913871", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913871" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/3004", "reference_id": "3004", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/3004" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "cpuApr2021.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "cpuapr2022.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "cpujan2022.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "cpujul2021.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "cpujul2022.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "cpuoct2021.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36179", "reference_id": "CVE-2020-36179", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36179" }, { "reference_url": "https://github.com/advisories/GHSA-9gph-22xh-8x98", "reference_id": "GHSA-9gph-22xh-8x98", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9gph-22xh-8x98" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html", "reference_id": "msg00025.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210205-0005/", "reference_id": "ntap-20210205-0005", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { "reference_url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_id": "on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/" } ], "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "reference_url": "https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436%40%3Cissues.spark.apache.org%3E", "reference_id": "rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436%40%3Cissues.spark.apache.org%3E", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/" } ], "url": "https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436%40%3Cissues.spark.apache.org%3E" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1230", "reference_id": "RHSA-2021:1230", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1230" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1515", "reference_id": "RHSA-2021:1515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1515" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13804?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-176g-xhm6-37cm" }, { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-epj9-sgcj-2ygr" }, { "vulnerability": "VCID-f9uf-9x2e-dkb5" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-kens-84bv-f3g9" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-nd7y-81kk-cbhw" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18066?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-rg6h-uhep-kyce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8" } ], "aliases": [ "CVE-2020-36179", "GHSA-9gph-22xh-8x98" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kan7-fez2-e7hw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206840?format=api", "vulnerability_id": "VCID-tgta-jaet-vfd3", "summary": "Unsafe Deserialization in jackson-databind", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36187.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36187.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36187", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02147", "scoring_system": "epss", "scoring_elements": "0.84605", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02147", "scoring_system": "epss", "scoring_elements": "0.84661", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.02147", "scoring_system": "epss", "scoring_elements": "0.84668", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02147", "scoring_system": "epss", "scoring_elements": "0.84658", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36187" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36187", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36187" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/2997", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/2997" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210205-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210205-0005" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913933", "reference_id": "1913933", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913933" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36187", "reference_id": "CVE-2020-36187", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36187" }, { "reference_url": "https://github.com/advisories/GHSA-r695-7vr9-jgc2", "reference_id": "GHSA-r695-7vr9-jgc2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r695-7vr9-jgc2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1230", "reference_id": "RHSA-2021:1230", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1230" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1515", "reference_id": "RHSA-2021:1515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1515" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13804?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-176g-xhm6-37cm" }, { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-epj9-sgcj-2ygr" }, { "vulnerability": "VCID-f9uf-9x2e-dkb5" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-kens-84bv-f3g9" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-nd7y-81kk-cbhw" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18066?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-rg6h-uhep-kyce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8" } ], "aliases": [ "CVE-2020-36187", "GHSA-r695-7vr9-jgc2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tgta-jaet-vfd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8926?format=api", "vulnerability_id": "VCID-v42h-2qqy-nye9", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20190.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20190.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20190", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66607", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66609", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66594", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66501", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20190" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20190", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20190" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a" }, { "reference_url": "https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a@%3Ccommits.nifi.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a@%3Ccommits.nifi.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20190", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20190" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210219-0008", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210219-0008" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/2854", "reference_id": "2854", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:35:59Z/" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/2854" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "cpujul2021.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:35:59Z/" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://github.com/advisories/GHSA-5949-rw7g-wx7w", "reference_id": "GHSA-5949-rw7g-wx7w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5949-rw7g-wx7w" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html", "reference_id": "msg00025.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:35:59Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210219-0008/", "reference_id": "ntap-20210219-0008", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:35:59Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20210219-0008/" }, { "reference_url": "https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a%40%3Ccommits.nifi.apache.org%3E", "reference_id": "r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a%40%3Ccommits.nifi.apache.org%3E", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:35:59Z/" } ], "url": "https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a%40%3Ccommits.nifi.apache.org%3E" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1230", "reference_id": "RHSA-2021:1230", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1230" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1515", "reference_id": "RHSA-2021:1515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1515" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916633", "reference_id": "show_bug.cgi?id=1916633", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:35:59Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916633" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13804?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-176g-xhm6-37cm" }, { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-epj9-sgcj-2ygr" }, { "vulnerability": "VCID-f9uf-9x2e-dkb5" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-kens-84bv-f3g9" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-nd7y-81kk-cbhw" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18247?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-tgta-jaet-vfd3" }, { "vulnerability": "VCID-ymmu-u1mr-v7ae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.7" } ], "aliases": [ "CVE-2021-20190", "GHSA-5949-rw7g-wx7w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v42h-2qqy-nye9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/152857?format=api", "vulnerability_id": "VCID-xvd9-dwsf-4qd7", "summary": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36181.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36181.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36181", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05412", "scoring_system": "epss", "scoring_elements": "0.90351", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.05412", "scoring_system": "epss", "scoring_elements": "0.90389", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.05412", "scoring_system": "epss", "scoring_elements": "0.90381", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36181" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36181", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36181" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210205-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210205-0005" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913874", "reference_id": "1913874", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913874" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/3004", "reference_id": "3004", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/3004" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "cpuApr2021.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "cpuapr2022.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "cpujan2022.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "cpujul2021.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "cpujul2022.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "cpuoct2021.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36181", "reference_id": "CVE-2020-36181", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36181" }, { "reference_url": "https://github.com/advisories/GHSA-cvm9-fjm9-3572", "reference_id": "GHSA-cvm9-fjm9-3572", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cvm9-fjm9-3572" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html", "reference_id": "msg00025.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210205-0005/", "reference_id": "ntap-20210205-0005", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { "reference_url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_id": "on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/" } ], "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1230", "reference_id": "RHSA-2021:1230", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1230" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1515", "reference_id": "RHSA-2021:1515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1515" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13804?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-176g-xhm6-37cm" }, { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-epj9-sgcj-2ygr" }, { "vulnerability": "VCID-f9uf-9x2e-dkb5" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-kens-84bv-f3g9" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-nd7y-81kk-cbhw" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18066?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-rg6h-uhep-kyce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8" } ], "aliases": [ "CVE-2020-36181", "GHSA-cvm9-fjm9-3572" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xvd9-dwsf-4qd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206837?format=api", "vulnerability_id": "VCID-ymmu-u1mr-v7ae", "summary": "Unsafe Deserialization in jackson-databind", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36183.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36183.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36183", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02061", "scoring_system": "epss", "scoring_elements": "0.8428", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02061", "scoring_system": "epss", "scoring_elements": "0.84338", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.02061", "scoring_system": "epss", "scoring_elements": "0.84344", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02061", "scoring_system": "epss", "scoring_elements": "0.84335", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36183" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36183", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36183" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/12e23c962ffb4cf1857c5461d72ae54cc8008f29", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/commit/12e23c962ffb4cf1857c5461d72ae54cc8008f29" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/3003", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FasterXML/jackson-databind/issues/3003" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210205-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210205-0005" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913927", "reference_id": "1913927", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913927" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36183", "reference_id": "CVE-2020-36183", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36183" }, { "reference_url": "https://github.com/advisories/GHSA-9m6f-7xcq-8vf8", "reference_id": "GHSA-9m6f-7xcq-8vf8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9m6f-7xcq-8vf8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1230", "reference_id": "RHSA-2021:1230", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1230" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1515", "reference_id": "RHSA-2021:1515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1515" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13804?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-176g-xhm6-37cm" }, { "vulnerability": "VCID-1rbn-tr82-nfhs" }, { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-3e79-1pn2-hqbr" }, { "vulnerability": "VCID-5qe3-9uq1-w3fa" }, { "vulnerability": "VCID-6mm1-mbhs-23bw" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-9wva-fncp-5khs" }, { "vulnerability": "VCID-9x2p-xss7-yyae" }, { "vulnerability": "VCID-a4ns-753v-f3a4" }, { "vulnerability": "VCID-beub-gxyy-ckaq" }, { "vulnerability": "VCID-bwma-hhuz-8kes" }, { "vulnerability": "VCID-c6yp-rbn5-ybft" }, { "vulnerability": "VCID-d7fc-apg8-tyh5" }, { "vulnerability": "VCID-ebf2-rfym-xuck" }, { "vulnerability": "VCID-epj9-sgcj-2ygr" }, { "vulnerability": "VCID-f9uf-9x2e-dkb5" }, { "vulnerability": "VCID-h5z6-4yu2-27dn" }, { "vulnerability": "VCID-j54g-s28q-cuhs" }, { "vulnerability": "VCID-kens-84bv-f3g9" }, { "vulnerability": "VCID-ncr4-82xp-eqh5" }, { "vulnerability": "VCID-nd7y-81kk-cbhw" }, { "vulnerability": "VCID-rg6h-uhep-kyce" }, { "vulnerability": "VCID-rwt6-z926-bfht" }, { "vulnerability": "VCID-ysq3-uksg-8uhe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/18066?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zgj-pwjz-tkf9" }, { "vulnerability": "VCID-9gek-hwbv-87hc" }, { "vulnerability": "VCID-rg6h-uhep-kyce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8" } ], "aliases": [ "CVE-2020-36183", "GHSA-9m6f-7xcq-8vf8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ymmu-u1mr-v7ae" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5" }