Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.0-rc4
Typemaven
Namespacecom.fasterxml.jackson.core
Namejackson-databind
Version2.6.0-rc4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.12.7.1
Latest_non_vulnerable_version2.16.0
Affected_by_vulnerabilities
0
url VCID-1uan-q6u8-affj
vulnerability_id VCID-1uan-q6u8-affj
summary 
Improper Input Validation
A Polymorphic Typing issue was discovered in FasterXML jackson-databind. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the `commons-dbcp` jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of `org.apache.commons.dbcp.datasources.SharedPoolDataSource` and `org.apache.commons.dbcp.datasources.PerUserPoolDataSource` mishandling.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:3901
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3901
1
reference_url https://access.redhat.com/errata/RHSA-2020:0159
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0159
2
reference_url https://access.redhat.com/errata/RHSA-2020:0160
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0160
3
reference_url https://access.redhat.com/errata/RHSA-2020:0161
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0161
4
reference_url https://access.redhat.com/errata/RHSA-2020:0164
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0164
5
reference_url https://access.redhat.com/errata/RHSA-2020:0445
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0445
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16942.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16942.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16942
reference_id
reference_type
scores
0
value 0.00426
scoring_system epss
scoring_elements 0.62654
published_at 2026-06-05T12:55:00Z
1
value 0.00426
scoring_system epss
scoring_elements 0.62609
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16942
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943
14
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
15
reference_url https://github.com/FasterXML/jackson-databind/commit/328a0f833daf6baa443ac3b37c818a0204714b0b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/328a0f833daf6baa443ac3b37c818a0204714b0b
16
reference_url https://github.com/FasterXML/jackson-databind/commit/54aa38d87dcffa5ccc23e64922e9536c82c1b9c8
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/54aa38d87dcffa5ccc23e64922e9536c82c1b9c8
17
reference_url https://github.com/FasterXML/jackson-databind/commit/9593e16cf5a3d289a9c584f7123639655de9ddac
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/9593e16cf5a3d289a9c584f7123639655de9ddac
18
reference_url https://github.com/FasterXML/jackson-databind/commit/bc67eb11a7cf57561f861ff16f879f1fceb5779f
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/bc67eb11a7cf57561f861ff16f879f1fceb5779f
19
reference_url https://github.com/FasterXML/jackson-databind/issues/2478
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2478
20
reference_url https://issues.apache.org/jira/browse/GEODE-7255
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/GEODE-7255
21
reference_url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/7782a937c9259a58337ee36b2961f00e2d744feafc13084e176d0df5@%3Cissues.geode.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/7782a937c9259a58337ee36b2961f00e2d744feafc13084e176d0df5@%3Cissues.geode.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954@%3Cissues.geode.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954@%3Cissues.geode.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/b2e23c94f9dfef53e04c492e5d02e5c75201734be7adc73a49ef2370@%3Cissues.geode.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b2e23c94f9dfef53e04c492e5d02e5c75201734be7adc73a49ef2370@%3Cissues.geode.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
28
reference_url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
29
reference_url https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html
30
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43
31
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT
32
reference_url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
33
reference_url https://seclists.org/bugtraq/2019/Oct/6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Oct/6
34
reference_url https://security.netapp.com/advisory/ntap-20191017-0006
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20191017-0006
35
reference_url https://www.debian.org/security/2019/dsa-4542
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4542
36
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
37
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
38
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
39
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
40
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
41
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
42
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1758187
reference_id 1758187
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1758187
43
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941530
reference_id 941530
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941530
44
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16942
reference_id CVE-2019-16942
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16942
45
reference_url https://github.com/advisories/GHSA-mx7p-6679-8g3q
reference_id GHSA-mx7p-6679-8g3q
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mx7p-6679-8g3q
46
reference_url https://access.redhat.com/errata/RHSA-2020:0895
reference_id RHSA-2020:0895
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0895
47
reference_url https://access.redhat.com/errata/RHSA-2020:0899
reference_id RHSA-2020:0899
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0899
48
reference_url https://access.redhat.com/errata/RHSA-2020:0939
reference_id RHSA-2020:0939
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0939
49
reference_url https://access.redhat.com/errata/RHSA-2020:1644
reference_id RHSA-2020:1644
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1644
50
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
51
reference_url https://access.redhat.com/errata/RHSA-2020:2321
reference_id RHSA-2020:2321
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2321
52
reference_url https://access.redhat.com/errata/RHSA-2020:2333
reference_id RHSA-2020:2333
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2333
53
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
54
reference_url https://usn.ubuntu.com/USN-4813-1/
reference_id USN-USN-4813-1
reference_type
scores
url https://usn.ubuntu.com/USN-4813-1/
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-1z31-s1cu-bbh4
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-7svn-u8ub-4faw
4
vulnerability VCID-88hx-kauy-4fcy
5
vulnerability VCID-8ec9-5qt4-duat
6
vulnerability VCID-8fr2-v728-cfcc
7
vulnerability VCID-8htk-33f4-4ufg
8
vulnerability VCID-8kwc-sxvr-skgp
9
vulnerability VCID-auzw-j1fc-jff8
10
vulnerability VCID-cnns-pjex-4ybt
11
vulnerability VCID-ez2q-xgz1-rkab
12
vulnerability VCID-fkct-tzwg-mkh8
13
vulnerability VCID-kdkp-1ucy-w3g1
14
vulnerability VCID-m3y5-xa6w-83b6
15
vulnerability VCID-nz1v-4hgs-6yge
16
vulnerability VCID-qx3m-tcqj-ukc2
17
vulnerability VCID-r92s-4m4x-dqc7
18
vulnerability VCID-r94a-3fq2-efdg
19
vulnerability VCID-rfqz-nf3z-v3a3
20
vulnerability VCID-s61k-e43h-13b5
21
vulnerability VCID-skd6-gqh8-sbba
22
vulnerability VCID-tfky-edec-13gw
23
vulnerability VCID-ujnp-2f3v-s3h3
24
vulnerability VCID-uzry-ts4t-fbc8
25
vulnerability VCID-vnh3-bvyq-13d6
26
vulnerability VCID-vqke-p81x-sffn
27
vulnerability VCID-w1c4-c4xs-yba4
28
vulnerability VCID-w7nq-y9sx-nfcc
29
vulnerability VCID-xqz3-k7ts-juck
30
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-39mg-y1k8-xbf9
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-88hx-kauy-4fcy
4
vulnerability VCID-8fr2-v728-cfcc
5
vulnerability VCID-8htk-33f4-4ufg
6
vulnerability VCID-8kwc-sxvr-skgp
7
vulnerability VCID-auzw-j1fc-jff8
8
vulnerability VCID-cnns-pjex-4ybt
9
vulnerability VCID-fkct-tzwg-mkh8
10
vulnerability VCID-nz1v-4hgs-6yge
11
vulnerability VCID-qx3m-tcqj-ukc2
12
vulnerability VCID-r92s-4m4x-dqc7
13
vulnerability VCID-r94a-3fq2-efdg
14
vulnerability VCID-rfqz-nf3z-v3a3
15
vulnerability VCID-s61k-e43h-13b5
16
vulnerability VCID-skd6-gqh8-sbba
17
vulnerability VCID-t79w-jeyp-suaw
18
vulnerability VCID-u37s-5nn4-wqbx
19
vulnerability VCID-vnh3-bvyq-13d6
20
vulnerability VCID-vqke-p81x-sffn
21
vulnerability VCID-w1c4-c4xs-yba4
22
vulnerability VCID-w7nq-y9sx-nfcc
23
vulnerability VCID-wqg8-5kwe-vuem
24
vulnerability VCID-xqz3-k7ts-juck
25
vulnerability VCID-zbfc-s76k-gfgv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
2
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z31-s1cu-bbh4
1
vulnerability VCID-314g-t8xy-5khg
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-7svn-u8ub-4faw
4
vulnerability VCID-89dx-2s8k-mufw
5
vulnerability VCID-8fr2-v728-cfcc
6
vulnerability VCID-8kwc-sxvr-skgp
7
vulnerability VCID-c1uz-emh5-9fhe
8
vulnerability VCID-crra-28kn-mqab
9
vulnerability VCID-dd77-bpcr-zfam
10
vulnerability VCID-fkct-tzwg-mkh8
11
vulnerability VCID-gxpn-pz3c-gugf
12
vulnerability VCID-nz1v-4hgs-6yge
13
vulnerability VCID-q6zd-khan-9yhj
14
vulnerability VCID-q7ye-13eq-vuhy
15
vulnerability VCID-qx3m-tcqj-ukc2
16
vulnerability VCID-r92s-4m4x-dqc7
17
vulnerability VCID-r94a-3fq2-efdg
18
vulnerability VCID-rfqz-nf3z-v3a3
19
vulnerability VCID-rsg7-5tup-4bd1
20
vulnerability VCID-s61k-e43h-13b5
21
vulnerability VCID-skd6-gqh8-sbba
22
vulnerability VCID-ujnp-2f3v-s3h3
23
vulnerability VCID-uzry-ts4t-fbc8
24
vulnerability VCID-vnh3-bvyq-13d6
25
vulnerability VCID-w1c4-c4xs-yba4
26
vulnerability VCID-w5gg-jtut-qkcc
27
vulnerability VCID-xqz3-k7ts-juck
28
vulnerability VCID-y3uj-myy6-kbha
29
vulnerability VCID-z9uf-p9w2-57fj
30
vulnerability VCID-zbfc-s76k-gfgv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1
aliases CVE-2019-16942, GHSA-mx7p-6679-8g3q
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1uan-q6u8-affj
1
url VCID-5887-pcyq-nkht
vulnerability_id VCID-5887-pcyq-nkht
summary 
Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35728.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35728.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35728
reference_id
reference_type
scores
0
value 0.42315
scoring_system epss
scoring_elements 0.97526
published_at 2026-06-05T12:55:00Z
1
value 0.42315
scoring_system epss
scoring_elements 0.9752
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35728
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35728
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35728
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
5
reference_url https://github.com/FasterXML/jackson-databind/commit/1ca0388c2fb37ac6a06f1c188ae89c41e3e15e84
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/1ca0388c2fb37ac6a06f1c188ae89c41e3e15e84
6
reference_url https://github.com/FasterXML/jackson-databind/issues/2999
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/
url https://github.com/FasterXML/jackson-databind/issues/2999
7
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
8
reference_url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
9
reference_url https://security.netapp.com/advisory/ntap-20210129-0007
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210129-0007
10
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/
url https://www.oracle.com/security-alerts/cpuApr2021.html
11
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/
url https://www.oracle.com/security-alerts/cpuapr2022.html
12
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/
url https://www.oracle.com/security-alerts/cpujan2022.html
13
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/
url https://www.oracle.com//security-alerts/cpujul2021.html
14
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
15
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/
url https://www.oracle.com/security-alerts/cpuoct2021.html
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1911502
reference_id 1911502
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1911502
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-35728
reference_id CVE-2020-35728
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-35728
18
reference_url https://github.com/advisories/GHSA-5r5r-6hpj-8gg9
reference_id GHSA-5r5r-6hpj-8gg9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5r5r-6hpj-8gg9
19
reference_url https://security.netapp.com/advisory/ntap-20210129-0007/
reference_id ntap-20210129-0007
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/
url https://security.netapp.com/advisory/ntap-20210129-0007/
20
reference_url https://access.redhat.com/errata/RHSA-2021:1230
reference_id RHSA-2021:1230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1230
21
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8fr2-v728-cfcc
1
vulnerability VCID-r94a-3fq2-efdg
2
vulnerability VCID-w1c4-c4xs-yba4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-35728, GHSA-5r5r-6hpj-8gg9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5887-pcyq-nkht
2
url VCID-7svn-u8ub-4faw
vulnerability_id VCID-7svn-u8ub-4faw
summary 
Deserialization of Untrusted Data
FasterXML jackson-databind lacks certain `xbean-reflect/JNDI` blocking, as demonstrated by `org.apache.xbean.propertyeditor.JndiConverter`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8840.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8840.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8840
reference_id
reference_type
scores
0
value 0.08109
scoring_system epss
scoring_elements 0.92318
published_at 2026-06-05T12:55:00Z
1
value 0.08109
scoring_system epss
scoring_elements 0.92304
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8840
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840
3
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
4
reference_url https://github.com/FasterXML/jackson-databind/commit/74aba4042fce35ee0b91bd2847e788c10040d78b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/74aba4042fce35ee0b91bd2847e788c10040d78b
5
reference_url https://github.com/FasterXML/jackson-databind/commit/914e7c9f2cb8ce66724bf26a72adc7e958992497
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/914e7c9f2cb8ce66724bf26a72adc7e958992497
6
reference_url https://github.com/FasterXML/jackson-databind/commit/9bb52c7122271df75435ec7e66ecf6b02b1ee14f
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/9bb52c7122271df75435ec7e66ecf6b02b1ee14f
7
reference_url https://github.com/FasterXML/jackson-databind/issues/2620
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2620
8
reference_url https://lists.apache.org/thread.html/r078e68a926ea6be12e8404e47f45aabf04bb4668e8265c0de41db6db@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r078e68a926ea6be12e8404e47f45aabf04bb4668e8265c0de41db6db@%3Ccommits.druid.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r1c09b9551f6953dbeca190a4c4b78198cdbb9825fce36f96fe3d8218@%3Cdev.tomee.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1c09b9551f6953dbeca190a4c4b78198cdbb9825fce36f96fe3d8218@%3Cdev.tomee.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/r1efc776fc6ce3387593deaa94bbdd296733b1b01408a39c8d1ab9e0e@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1efc776fc6ce3387593deaa94bbdd296733b1b01408a39c8d1ab9e0e@%3Cdev.ranger.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/r2fa8046bd47fb407ca09b5107a80fa6147ba4ebe879caae5c98b7657@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2fa8046bd47fb407ca09b5107a80fa6147ba4ebe879caae5c98b7657@%3Cdev.ranger.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/r319f19c74e06c201b9d4e8b282a4e4b2da6dcda022fb46f007dd00d3@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r319f19c74e06c201b9d4e8b282a4e4b2da6dcda022fb46f007dd00d3@%3Ccommits.druid.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/r3539bd3a377991217d724879d239e16e86001c54160076408574e1da@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3539bd3a377991217d724879d239e16e86001c54160076408574e1da@%3Cnotifications.zookeeper.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/r3d20a2660b36551fd8257d479941782af4a7169582449fac1704bde2@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3d20a2660b36551fd8257d479941782af4a7169582449fac1704bde2@%3Ccommits.druid.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/r428d068b2a4923f1a5a4f5fc6381b95205cfe7620169d16db78e9c71@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r428d068b2a4923f1a5a4f5fc6381b95205cfe7620169d16db78e9c71@%3Cnotifications.zookeeper.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/r446646c5588b10f5e02409ad580b12f314869009cdfbf844ca395cec@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r446646c5588b10f5e02409ad580b12f314869009cdfbf844ca395cec@%3Cdev.ranger.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/r46bebdeb59b8b7212d63a010ca445a9f5c4e9d64dcf693cab6f399d3@%3Ccommits.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r46bebdeb59b8b7212d63a010ca445a9f5c4e9d64dcf693cab6f399d3@%3Ccommits.zookeeper.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/r5d8bea8e9d17b6efcf4a0e4e194e91ef46a99f505777a31a60da2b38@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5d8bea8e9d17b6efcf4a0e4e194e91ef46a99f505777a31a60da2b38@%3Cdev.ranger.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/r65ee95fa09c831843bac81eaa582fdddc2b6119912a72d1c83a9b882@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r65ee95fa09c831843bac81eaa582fdddc2b6119912a72d1c83a9b882@%3Cissues.zookeeper.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/r6fdd4c61a09a0c89f581b4ddb3dc6f154ab0c705fcfd0a7358b2e4e5@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6fdd4c61a09a0c89f581b4ddb3dc6f154ab0c705fcfd0a7358b2e4e5@%3Cissues.zookeeper.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/r7762d69e85c58d6948823424017ef4c08f47de077644277fa18cc116@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7762d69e85c58d6948823424017ef4c08f47de077644277fa18cc116@%3Cdev.ranger.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220@%3Cdev.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220@%3Cdev.kafka.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/r8170007fd9b263d65b37d92a7b5d7bc357aedbb113a32838bc4a9485@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8170007fd9b263d65b37d92a7b5d7bc357aedbb113a32838bc4a9485@%3Cissues.zookeeper.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1@%3Cjira.kafka.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/r94930e39b60fff236160c1c4110fe884dc093044b067aa5fc98d7ee1@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r94930e39b60fff236160c1c4110fe884dc093044b067aa5fc98d7ee1@%3Cdev.ranger.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/r9e59ebaf76fd00b2fa3ff5ebf18fe075ca9f4376216612c696f76718@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9e59ebaf76fd00b2fa3ff5ebf18fe075ca9f4376216612c696f76718@%3Cdev.ranger.apache.org%3E
28
reference_url https://lists.apache.org/thread.html/r9ecf211c22760b00967ebe158c6ed7dba9142078e2a630ab8904a5b7@%3Cdev.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9ecf211c22760b00967ebe158c6ed7dba9142078e2a630ab8904a5b7@%3Cdev.zookeeper.apache.org%3E
29
reference_url https://lists.apache.org/thread.html/ra275f29615f35d5b40106d1582a41e5388b2a5131564e9e01a572987@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra275f29615f35d5b40106d1582a41e5388b2a5131564e9e01a572987@%3Cdev.ranger.apache.org%3E
30
reference_url https://lists.apache.org/thread.html/rac5ee5d686818be7e7c430d35108ee01a88aae54f832d32f62431fd1@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rac5ee5d686818be7e7c430d35108ee01a88aae54f832d32f62431fd1@%3Cnotifications.zookeeper.apache.org%3E
31
reference_url https://lists.apache.org/thread.html/rb43f9a65150948a6bebd3cb77ee3e105d40db2820fd547528f4e7f89@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb43f9a65150948a6bebd3cb77ee3e105d40db2820fd547528f4e7f89@%3Cissues.zookeeper.apache.org%3E
32
reference_url https://lists.apache.org/thread.html/rb5eedf90ba3633e171a2ffdfe484651c9490dc5df74c8a29244cbc0e@%3Ccommits.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb5eedf90ba3633e171a2ffdfe484651c9490dc5df74c8a29244cbc0e@%3Ccommits.zookeeper.apache.org%3E
33
reference_url https://lists.apache.org/thread.html/rb73708bf714ed6dbc1212da082e7703e586077f0c92f3940b2e82caf@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb73708bf714ed6dbc1212da082e7703e586077f0c92f3940b2e82caf@%3Cdev.ranger.apache.org%3E
34
reference_url https://lists.apache.org/thread.html/rb99c7321eba5d4c907beec46675d52827528b738cfafd48eb4d862f1@%3Cdev.tomee.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb99c7321eba5d4c907beec46675d52827528b738cfafd48eb4d862f1@%3Cdev.tomee.apache.org%3E
35
reference_url https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2@%3Cdev.tomee.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2@%3Cdev.tomee.apache.org%3E
36
reference_url https://lists.apache.org/thread.html/rc717fd6c65190f4e592345713f9ef0723fb7d71f624caa2a17caa26a@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc717fd6c65190f4e592345713f9ef0723fb7d71f624caa2a17caa26a@%3Cdev.ranger.apache.org%3E
37
reference_url https://lists.apache.org/thread.html/rcc72b497e3dff2dc62ec9b89ceb90bc4e1b14fc56c3c252a6fcbb013@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rcc72b497e3dff2dc62ec9b89ceb90bc4e1b14fc56c3c252a6fcbb013@%3Cdev.ranger.apache.org%3E
38
reference_url https://lists.apache.org/thread.html/rdea588d4a0ebf9cb7ce8c3a8f18d0d306507c4f8ba178dd3d20207b8@%3Cdev.tomee.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rdea588d4a0ebf9cb7ce8c3a8f18d0d306507c4f8ba178dd3d20207b8@%3Cdev.tomee.apache.org%3E
39
reference_url https://lists.apache.org/thread.html/rdf311f13e6356297e0ffe74397fdd25a3687b0a16e687c3ff5b834d8@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rdf311f13e6356297e0ffe74397fdd25a3687b0a16e687c3ff5b834d8@%3Cdev.ranger.apache.org%3E
40
reference_url https://lists.apache.org/thread.html/rdf8d389271a291dde3b2f99c36918d6cb1e796958af626cc140fee23@%3Ccommits.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rdf8d389271a291dde3b2f99c36918d6cb1e796958af626cc140fee23@%3Ccommits.zookeeper.apache.org%3E
41
reference_url https://lists.apache.org/thread.html/re7326b8655eab931f2a9ce074fd9a1a51b5db11456bee9b48e1e170c@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re7326b8655eab931f2a9ce074fd9a1a51b5db11456bee9b48e1e170c@%3Cissues.zookeeper.apache.org%3E
42
reference_url https://lists.apache.org/thread.html/re8ae2670ec456ef1c5a2a661a2838ab2cd00e9efa1e88c069f546f21@%3Ccommits.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re8ae2670ec456ef1c5a2a661a2838ab2cd00e9efa1e88c069f546f21@%3Ccommits.zookeeper.apache.org%3E
43
reference_url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
44
reference_url https://lists.apache.org/thread.html/rf28ab6f224b48452afd567dfffb705fbda0fdbbf6535f6bc69d47e91@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf28ab6f224b48452afd567dfffb705fbda0fdbbf6535f6bc69d47e91@%3Cdev.ranger.apache.org%3E
45
reference_url https://lists.apache.org/thread.html/rfc1ccfe89332155b72ce17f13a2701d3e7b9ec213324ceb90e79a28a@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfc1ccfe89332155b72ce17f13a2701d3e7b9ec213324ceb90e79a28a@%3Cdev.ranger.apache.org%3E
46
reference_url https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html
47
reference_url https://security.netapp.com/advisory/ntap-20200327-0002
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200327-0002
48
reference_url https://security.netapp.com/advisory/ntap-20200327-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200327-0002/
49
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
50
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
51
reference_url http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fastjason-en
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fastjason-en
52
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1816330
reference_id 1816330
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1816330
53
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8840
reference_id CVE-2020-8840
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8840
54
reference_url https://github.com/advisories/GHSA-4w82-r329-3q67
reference_id GHSA-4w82-r329-3q67
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4w82-r329-3q67
55
reference_url https://access.redhat.com/errata/RHSA-2020:1644
reference_id RHSA-2020:1644
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1644
56
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
57
reference_url https://access.redhat.com/errata/RHSA-2020:2511
reference_id RHSA-2020:2511
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2511
58
reference_url https://access.redhat.com/errata/RHSA-2020:2512
reference_id RHSA-2020:2512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2512
59
reference_url https://access.redhat.com/errata/RHSA-2020:2513
reference_id RHSA-2020:2513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2513
60
reference_url https://access.redhat.com/errata/RHSA-2020:2515
reference_id RHSA-2020:2515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2515
61
reference_url https://access.redhat.com/errata/RHSA-2020:2813
reference_id RHSA-2020:2813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2813
62
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
63
reference_url https://access.redhat.com/errata/RHSA-2020:3196
reference_id RHSA-2020:3196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3196
64
reference_url https://access.redhat.com/errata/RHSA-2020:3197
reference_id RHSA-2020:3197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3197
65
reference_url https://access.redhat.com/errata/RHSA-2020:3637
reference_id RHSA-2020:3637
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3637
66
reference_url https://access.redhat.com/errata/RHSA-2020:3638
reference_id RHSA-2020:3638
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3638
67
reference_url https://access.redhat.com/errata/RHSA-2020:3639
reference_id RHSA-2020:3639
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3639
68
reference_url https://access.redhat.com/errata/RHSA-2020:3642
reference_id RHSA-2020:3642
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3642
69
reference_url https://access.redhat.com/errata/RHSA-2020:3779
reference_id RHSA-2020:3779
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3779
70
reference_url https://access.redhat.com/errata/RHSA-2020:4366
reference_id RHSA-2020:4366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4366
71
reference_url https://access.redhat.com/errata/RHSA-2025:1746
reference_id RHSA-2025:1746
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1746
72
reference_url https://usn.ubuntu.com/USN-4813-1/
reference_id USN-USN-4813-1
reference_type
scores
url https://usn.ubuntu.com/USN-4813-1/
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.4
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-5887-pcyq-nkht
2
vulnerability VCID-88hx-kauy-4fcy
3
vulnerability VCID-8ec9-5qt4-duat
4
vulnerability VCID-8fr2-v728-cfcc
5
vulnerability VCID-8htk-33f4-4ufg
6
vulnerability VCID-8kwc-sxvr-skgp
7
vulnerability VCID-auzw-j1fc-jff8
8
vulnerability VCID-cnns-pjex-4ybt
9
vulnerability VCID-ez2q-xgz1-rkab
10
vulnerability VCID-fkct-tzwg-mkh8
11
vulnerability VCID-kdkp-1ucy-w3g1
12
vulnerability VCID-m3y5-xa6w-83b6
13
vulnerability VCID-nz1v-4hgs-6yge
14
vulnerability VCID-qx3m-tcqj-ukc2
15
vulnerability VCID-r92s-4m4x-dqc7
16
vulnerability VCID-r94a-3fq2-efdg
17
vulnerability VCID-rfqz-nf3z-v3a3
18
vulnerability VCID-s61k-e43h-13b5
19
vulnerability VCID-skd6-gqh8-sbba
20
vulnerability VCID-tfky-edec-13gw
21
vulnerability VCID-uzry-ts4t-fbc8
22
vulnerability VCID-vnh3-bvyq-13d6
23
vulnerability VCID-vqke-p81x-sffn
24
vulnerability VCID-w1c4-c4xs-yba4
25
vulnerability VCID-w7nq-y9sx-nfcc
26
vulnerability VCID-xqz3-k7ts-juck
27
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.4
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.7
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-39mg-y1k8-xbf9
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-88hx-kauy-4fcy
4
vulnerability VCID-8fr2-v728-cfcc
5
vulnerability VCID-8htk-33f4-4ufg
6
vulnerability VCID-8kwc-sxvr-skgp
7
vulnerability VCID-auzw-j1fc-jff8
8
vulnerability VCID-cnns-pjex-4ybt
9
vulnerability VCID-fkct-tzwg-mkh8
10
vulnerability VCID-nz1v-4hgs-6yge
11
vulnerability VCID-qx3m-tcqj-ukc2
12
vulnerability VCID-r92s-4m4x-dqc7
13
vulnerability VCID-r94a-3fq2-efdg
14
vulnerability VCID-rfqz-nf3z-v3a3
15
vulnerability VCID-s61k-e43h-13b5
16
vulnerability VCID-skd6-gqh8-sbba
17
vulnerability VCID-t4kd-zjrn-kueu
18
vulnerability VCID-t79w-jeyp-suaw
19
vulnerability VCID-u37s-5nn4-wqbx
20
vulnerability VCID-uzry-ts4t-fbc8
21
vulnerability VCID-vnh3-bvyq-13d6
22
vulnerability VCID-vqke-p81x-sffn
23
vulnerability VCID-w1c4-c4xs-yba4
24
vulnerability VCID-w7nq-y9sx-nfcc
25
vulnerability VCID-wqg8-5kwe-vuem
26
vulnerability VCID-xqz3-k7ts-juck
27
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.7
2
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-39mg-y1k8-xbf9
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-88hx-kauy-4fcy
4
vulnerability VCID-8fr2-v728-cfcc
5
vulnerability VCID-8htk-33f4-4ufg
6
vulnerability VCID-8kwc-sxvr-skgp
7
vulnerability VCID-auzw-j1fc-jff8
8
vulnerability VCID-cnns-pjex-4ybt
9
vulnerability VCID-fkct-tzwg-mkh8
10
vulnerability VCID-nz1v-4hgs-6yge
11
vulnerability VCID-qx3m-tcqj-ukc2
12
vulnerability VCID-r92s-4m4x-dqc7
13
vulnerability VCID-r94a-3fq2-efdg
14
vulnerability VCID-rfqz-nf3z-v3a3
15
vulnerability VCID-s61k-e43h-13b5
16
vulnerability VCID-skd6-gqh8-sbba
17
vulnerability VCID-t79w-jeyp-suaw
18
vulnerability VCID-u37s-5nn4-wqbx
19
vulnerability VCID-vnh3-bvyq-13d6
20
vulnerability VCID-vqke-p81x-sffn
21
vulnerability VCID-w1c4-c4xs-yba4
22
vulnerability VCID-w7nq-y9sx-nfcc
23
vulnerability VCID-wqg8-5kwe-vuem
24
vulnerability VCID-xqz3-k7ts-juck
25
vulnerability VCID-zbfc-s76k-gfgv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
3
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.3
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z31-s1cu-bbh4
1
vulnerability VCID-314g-t8xy-5khg
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-89dx-2s8k-mufw
4
vulnerability VCID-8fr2-v728-cfcc
5
vulnerability VCID-8kwc-sxvr-skgp
6
vulnerability VCID-c1uz-emh5-9fhe
7
vulnerability VCID-crra-28kn-mqab
8
vulnerability VCID-dd77-bpcr-zfam
9
vulnerability VCID-fkct-tzwg-mkh8
10
vulnerability VCID-gxpn-pz3c-gugf
11
vulnerability VCID-nz1v-4hgs-6yge
12
vulnerability VCID-q6zd-khan-9yhj
13
vulnerability VCID-q7ye-13eq-vuhy
14
vulnerability VCID-qx3m-tcqj-ukc2
15
vulnerability VCID-r92s-4m4x-dqc7
16
vulnerability VCID-r94a-3fq2-efdg
17
vulnerability VCID-rfqz-nf3z-v3a3
18
vulnerability VCID-rsg7-5tup-4bd1
19
vulnerability VCID-s61k-e43h-13b5
20
vulnerability VCID-skd6-gqh8-sbba
21
vulnerability VCID-ujnp-2f3v-s3h3
22
vulnerability VCID-vnh3-bvyq-13d6
23
vulnerability VCID-w1c4-c4xs-yba4
24
vulnerability VCID-w5gg-jtut-qkcc
25
vulnerability VCID-xqz3-k7ts-juck
26
vulnerability VCID-y3uj-myy6-kbha
27
vulnerability VCID-z9uf-p9w2-57fj
28
vulnerability VCID-zbfc-s76k-gfgv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.3
aliases CVE-2020-8840, GHSA-4w82-r329-3q67
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7svn-u8ub-4faw
3
url VCID-88hx-kauy-4fcy
vulnerability_id VCID-88hx-kauy-4fcy
summary 
Improper Input Validation
A Polymorphic Typing issue was discovered in FasterXML jackson-databind. It is related to `net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup`.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:3200
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3200
1
reference_url https://access.redhat.com/errata/RHSA-2020:0159
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0159
2
reference_url https://access.redhat.com/errata/RHSA-2020:0160
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0160
3
reference_url https://access.redhat.com/errata/RHSA-2020:0161
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0161
4
reference_url https://access.redhat.com/errata/RHSA-2020:0164
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0164
5
reference_url https://access.redhat.com/errata/RHSA-2020:0445
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0445
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17267.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17267.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-17267
reference_id
reference_type
scores
0
value 0.01228
scoring_system epss
scoring_elements 0.79514
published_at 2026-06-05T12:55:00Z
1
value 0.01228
scoring_system epss
scoring_elements 0.79486
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-17267
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17267
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17267
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
11
reference_url https://github.com/FasterXML/jackson-databind/commit/191a4cdf87b56d2ddddb77edd895ee756b7f75eb
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/191a4cdf87b56d2ddddb77edd895ee756b7f75eb
12
reference_url https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10
13
reference_url https://github.com/FasterXML/jackson-databind/issues/2460
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2460
14
reference_url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/r9d727fc681fb3828794acbefcaee31393742b4d73a29461ccd9597a8@%3Cdev.skywalking.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9d727fc681fb3828794acbefcaee31393742b4d73a29461ccd9597a8@%3Cdev.skywalking.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
21
reference_url https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html
22
reference_url https://security.netapp.com/advisory/ntap-20191017-0006
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20191017-0006
23
reference_url https://security.netapp.com/advisory/ntap-20191017-0006/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20191017-0006/
24
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
25
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
26
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1758167
reference_id 1758167
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1758167
28
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-17267
reference_id CVE-2019-17267
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-17267
29
reference_url https://github.com/advisories/GHSA-f3j5-rmmp-3fc5
reference_id GHSA-f3j5-rmmp-3fc5
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f3j5-rmmp-3fc5
30
reference_url https://access.redhat.com/errata/RHSA-2020:0895
reference_id RHSA-2020:0895
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0895
31
reference_url https://access.redhat.com/errata/RHSA-2020:0899
reference_id RHSA-2020:0899
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0899
32
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
33
reference_url https://access.redhat.com/errata/RHSA-2020:2321
reference_id RHSA-2020:2321
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2321
34
reference_url https://access.redhat.com/errata/RHSA-2020:2333
reference_id RHSA-2020:2333
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2333
35
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
36
reference_url https://usn.ubuntu.com/USN-4813-1/
reference_id USN-USN-4813-1
reference_type
scores
url https://usn.ubuntu.com/USN-4813-1/
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-39mg-y1k8-xbf9
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-88hx-kauy-4fcy
4
vulnerability VCID-8fr2-v728-cfcc
5
vulnerability VCID-8htk-33f4-4ufg
6
vulnerability VCID-8kwc-sxvr-skgp
7
vulnerability VCID-auzw-j1fc-jff8
8
vulnerability VCID-cnns-pjex-4ybt
9
vulnerability VCID-fkct-tzwg-mkh8
10
vulnerability VCID-nz1v-4hgs-6yge
11
vulnerability VCID-qx3m-tcqj-ukc2
12
vulnerability VCID-r92s-4m4x-dqc7
13
vulnerability VCID-r94a-3fq2-efdg
14
vulnerability VCID-rfqz-nf3z-v3a3
15
vulnerability VCID-s61k-e43h-13b5
16
vulnerability VCID-skd6-gqh8-sbba
17
vulnerability VCID-t79w-jeyp-suaw
18
vulnerability VCID-u37s-5nn4-wqbx
19
vulnerability VCID-vnh3-bvyq-13d6
20
vulnerability VCID-vqke-p81x-sffn
21
vulnerability VCID-w1c4-c4xs-yba4
22
vulnerability VCID-w7nq-y9sx-nfcc
23
vulnerability VCID-wqg8-5kwe-vuem
24
vulnerability VCID-xqz3-k7ts-juck
25
vulnerability VCID-zbfc-s76k-gfgv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-1z31-s1cu-bbh4
2
vulnerability VCID-314g-t8xy-5khg
3
vulnerability VCID-5887-pcyq-nkht
4
vulnerability VCID-7svn-u8ub-4faw
5
vulnerability VCID-89dx-2s8k-mufw
6
vulnerability VCID-8fr2-v728-cfcc
7
vulnerability VCID-8htk-33f4-4ufg
8
vulnerability VCID-8kwc-sxvr-skgp
9
vulnerability VCID-auzw-j1fc-jff8
10
vulnerability VCID-c1uz-emh5-9fhe
11
vulnerability VCID-crra-28kn-mqab
12
vulnerability VCID-dd77-bpcr-zfam
13
vulnerability VCID-fkct-tzwg-mkh8
14
vulnerability VCID-gxpn-pz3c-gugf
15
vulnerability VCID-nz1v-4hgs-6yge
16
vulnerability VCID-q6zd-khan-9yhj
17
vulnerability VCID-q7ye-13eq-vuhy
18
vulnerability VCID-qx3m-tcqj-ukc2
19
vulnerability VCID-r92s-4m4x-dqc7
20
vulnerability VCID-r94a-3fq2-efdg
21
vulnerability VCID-rfqz-nf3z-v3a3
22
vulnerability VCID-rsg7-5tup-4bd1
23
vulnerability VCID-s61k-e43h-13b5
24
vulnerability VCID-skd6-gqh8-sbba
25
vulnerability VCID-ujnp-2f3v-s3h3
26
vulnerability VCID-uzry-ts4t-fbc8
27
vulnerability VCID-vnh3-bvyq-13d6
28
vulnerability VCID-w1c4-c4xs-yba4
29
vulnerability VCID-w5gg-jtut-qkcc
30
vulnerability VCID-xqz3-k7ts-juck
31
vulnerability VCID-y3uj-myy6-kbha
32
vulnerability VCID-z9uf-p9w2-57fj
33
vulnerability VCID-zbfc-s76k-gfgv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10
aliases CVE-2019-17267, GHSA-f3j5-rmmp-3fc5
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-88hx-kauy-4fcy
4
url VCID-8ec9-5qt4-duat
vulnerability_id VCID-8ec9-5qt4-duat
summary 
Deserialization of Untrusted Data
FasterXML jackson-databind allows unauthenticated remote code execution. This is exploitable via two different gadgets that bypass a denylist.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:0478
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0478
1
reference_url https://access.redhat.com/errata/RHSA-2018:0479
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0479
2
reference_url https://access.redhat.com/errata/RHSA-2018:0480
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0480
3
reference_url https://access.redhat.com/errata/RHSA-2018:0481
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0481
4
reference_url https://access.redhat.com/errata/RHSA-2018:1525
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1525
5
reference_url https://access.redhat.com/errata/RHSA-2019:2858
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2858
6
reference_url https://access.redhat.com/errata/RHSA-2019:3149
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3149
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5968.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5968.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-5968
reference_id
reference_type
scores
0
value 0.01965
scoring_system epss
scoring_elements 0.83871
published_at 2026-06-05T12:55:00Z
1
value 0.01965
scoring_system epss
scoring_elements 0.83848
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-5968
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17485
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17485
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5968
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5968
11
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
12
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
13
reference_url https://github.com/FasterXML/jackson-databind/commit/038b471e2efde2e8f96b4e0be958d3e5a1ff1d0
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/038b471e2efde2e8f96b4e0be958d3e5a1ff1d0
14
reference_url https://github.com/FasterXML/jackson-databind/commit/03ea0bec6293d4330b5ad19d1d62aca0e3cb6381
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/03ea0bec6293d4330b5ad19d1d62aca0e3cb6381
15
reference_url https://github.com/FasterXML/jackson-databind/commit/454be8bb8c913be18298327a84ca45a280b61605
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/454be8bb8c913be18298327a84ca45a280b61605
16
reference_url https://github.com/FasterXML/jackson-databind/issues/1899
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/1899
17
reference_url https://github.com/GulajavaMinistudio/jackson-databind/pull/92/commits/038b471e2efde2e8f96b4e0be958d3e5a1ff1d05
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/GulajavaMinistudio/jackson-databind/pull/92/commits/038b471e2efde2e8f96b4e0be958d3e5a1ff1d05
18
reference_url https://security.netapp.com/advisory/ntap-20180423-0002
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20180423-0002
19
reference_url https://security.netapp.com/advisory/ntap-20180423-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180423-0002/
20
reference_url https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
21
reference_url https://www.debian.org/security/2018/dsa-4114
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4114
22
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
23
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1538332
reference_id 1538332
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1538332
24
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888316
reference_id 888316
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888316
25
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-5968
reference_id CVE-2018-5968
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-5968
26
reference_url https://github.com/advisories/GHSA-w3f4-3q6j-rh82
reference_id GHSA-w3f4-3q6j-rh82
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w3f4-3q6j-rh82
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-39mg-y1k8-xbf9
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-7svn-u8ub-4faw
4
vulnerability VCID-88hx-kauy-4fcy
5
vulnerability VCID-8fr2-v728-cfcc
6
vulnerability VCID-8htk-33f4-4ufg
7
vulnerability VCID-8kwc-sxvr-skgp
8
vulnerability VCID-auzw-j1fc-jff8
9
vulnerability VCID-cnns-pjex-4ybt
10
vulnerability VCID-fkct-tzwg-mkh8
11
vulnerability VCID-nz1v-4hgs-6yge
12
vulnerability VCID-p52x-ese3-qkha
13
vulnerability VCID-qx3m-tcqj-ukc2
14
vulnerability VCID-r92s-4m4x-dqc7
15
vulnerability VCID-r94a-3fq2-efdg
16
vulnerability VCID-rfqz-nf3z-v3a3
17
vulnerability VCID-s61k-e43h-13b5
18
vulnerability VCID-skd6-gqh8-sbba
19
vulnerability VCID-t4kd-zjrn-kueu
20
vulnerability VCID-t79w-jeyp-suaw
21
vulnerability VCID-u37s-5nn4-wqbx
22
vulnerability VCID-uzry-ts4t-fbc8
23
vulnerability VCID-vnh3-bvyq-13d6
24
vulnerability VCID-vqke-p81x-sffn
25
vulnerability VCID-w1c4-c4xs-yba4
26
vulnerability VCID-w7nq-y9sx-nfcc
27
vulnerability VCID-wqg8-5kwe-vuem
28
vulnerability VCID-xqz3-k7ts-juck
29
vulnerability VCID-zbfc-s76k-gfgv
30
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.1
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18u1-9nc1-2feh
1
vulnerability VCID-1uan-q6u8-affj
2
vulnerability VCID-2uzw-pn14-p7a1
3
vulnerability VCID-39mg-y1k8-xbf9
4
vulnerability VCID-5887-pcyq-nkht
5
vulnerability VCID-7svn-u8ub-4faw
6
vulnerability VCID-88hx-kauy-4fcy
7
vulnerability VCID-8fr2-v728-cfcc
8
vulnerability VCID-8htk-33f4-4ufg
9
vulnerability VCID-8kwc-sxvr-skgp
10
vulnerability VCID-8mns-fyju-dqdr
11
vulnerability VCID-auzw-j1fc-jff8
12
vulnerability VCID-cnns-pjex-4ybt
13
vulnerability VCID-d6ez-jva8-hyag
14
vulnerability VCID-fkct-tzwg-mkh8
15
vulnerability VCID-j1pk-ygx5-5bfd
16
vulnerability VCID-kdkp-1ucy-w3g1
17
vulnerability VCID-m3y5-xa6w-83b6
18
vulnerability VCID-nz1v-4hgs-6yge
19
vulnerability VCID-p52x-ese3-qkha
20
vulnerability VCID-qx3m-tcqj-ukc2
21
vulnerability VCID-r92s-4m4x-dqc7
22
vulnerability VCID-r94a-3fq2-efdg
23
vulnerability VCID-rfqz-nf3z-v3a3
24
vulnerability VCID-s61k-e43h-13b5
25
vulnerability VCID-skd6-gqh8-sbba
26
vulnerability VCID-t4kd-zjrn-kueu
27
vulnerability VCID-t79w-jeyp-suaw
28
vulnerability VCID-u37s-5nn4-wqbx
29
vulnerability VCID-uzry-ts4t-fbc8
30
vulnerability VCID-vnh3-bvyq-13d6
31
vulnerability VCID-vqke-p81x-sffn
32
vulnerability VCID-w1c4-c4xs-yba4
33
vulnerability VCID-w7nq-y9sx-nfcc
34
vulnerability VCID-wqg8-5kwe-vuem
35
vulnerability VCID-xqz3-k7ts-juck
36
vulnerability VCID-zbfc-s76k-gfgv
37
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.1
2
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18u1-9nc1-2feh
1
vulnerability VCID-1uan-q6u8-affj
2
vulnerability VCID-1z31-s1cu-bbh4
3
vulnerability VCID-2uzw-pn14-p7a1
4
vulnerability VCID-314g-t8xy-5khg
5
vulnerability VCID-39mg-y1k8-xbf9
6
vulnerability VCID-5887-pcyq-nkht
7
vulnerability VCID-7svn-u8ub-4faw
8
vulnerability VCID-88hx-kauy-4fcy
9
vulnerability VCID-89dx-2s8k-mufw
10
vulnerability VCID-8fr2-v728-cfcc
11
vulnerability VCID-8htk-33f4-4ufg
12
vulnerability VCID-8kwc-sxvr-skgp
13
vulnerability VCID-8mns-fyju-dqdr
14
vulnerability VCID-auzw-j1fc-jff8
15
vulnerability VCID-c1uz-emh5-9fhe
16
vulnerability VCID-cnns-pjex-4ybt
17
vulnerability VCID-crra-28kn-mqab
18
vulnerability VCID-d6ez-jva8-hyag
19
vulnerability VCID-dd77-bpcr-zfam
20
vulnerability VCID-ez2q-xgz1-rkab
21
vulnerability VCID-fkct-tzwg-mkh8
22
vulnerability VCID-gxpn-pz3c-gugf
23
vulnerability VCID-kdkp-1ucy-w3g1
24
vulnerability VCID-m3y5-xa6w-83b6
25
vulnerability VCID-nz1v-4hgs-6yge
26
vulnerability VCID-p52x-ese3-qkha
27
vulnerability VCID-q6zd-khan-9yhj
28
vulnerability VCID-q7ye-13eq-vuhy
29
vulnerability VCID-qx3m-tcqj-ukc2
30
vulnerability VCID-r92s-4m4x-dqc7
31
vulnerability VCID-r94a-3fq2-efdg
32
vulnerability VCID-rfqz-nf3z-v3a3
33
vulnerability VCID-rsg7-5tup-4bd1
34
vulnerability VCID-s61k-e43h-13b5
35
vulnerability VCID-skd6-gqh8-sbba
36
vulnerability VCID-t4kd-zjrn-kueu
37
vulnerability VCID-t79w-jeyp-suaw
38
vulnerability VCID-u37s-5nn4-wqbx
39
vulnerability VCID-ujnp-2f3v-s3h3
40
vulnerability VCID-uzry-ts4t-fbc8
41
vulnerability VCID-vnh3-bvyq-13d6
42
vulnerability VCID-vqke-p81x-sffn
43
vulnerability VCID-w1c4-c4xs-yba4
44
vulnerability VCID-w5gg-jtut-qkcc
45
vulnerability VCID-w7nq-y9sx-nfcc
46
vulnerability VCID-wqg8-5kwe-vuem
47
vulnerability VCID-xqz3-k7ts-juck
48
vulnerability VCID-y3uj-myy6-kbha
49
vulnerability VCID-z9uf-p9w2-57fj
50
vulnerability VCID-zbfc-s76k-gfgv
51
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4
aliases CVE-2018-5968, GHSA-w3f4-3q6j-rh82
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8ec9-5qt4-duat
5
url VCID-8fr2-v728-cfcc
vulnerability_id VCID-8fr2-v728-cfcc
summary 
Uncontrolled Resource Consumption
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36518.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36518.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36518
reference_id
reference_type
scores
0
value 0.00487
scoring_system epss
scoring_elements 0.6583
published_at 2026-06-05T12:55:00Z
1
value 0.00487
scoring_system epss
scoring_elements 0.65776
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36518
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
7
reference_url https://github.com/FasterXML/jackson-databind/commit/0a8157c6ca478b1bc7be4ba7dccdb3863275f0de
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/0a8157c6ca478b1bc7be4ba7dccdb3863275f0de
8
reference_url https://github.com/FasterXML/jackson-databind/commit/3cc52f82ecf943e06c1d7c3b078e405fb3923d2b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/3cc52f82ecf943e06c1d7c3b078e405fb3923d2b
9
reference_url https://github.com/FasterXML/jackson-databind/commit/8238ab41d0350fb915797c89d46777b4496b74fd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/8238ab41d0350fb915797c89d46777b4496b74fd
10
reference_url https://github.com/FasterXML/jackson-databind/commit/b3587924ee5d8695942f364d0d404d48d0ea6126
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/b3587924ee5d8695942f364d0d404d48d0ea6126
11
reference_url https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b
12
reference_url https://github.com/FasterXML/jackson-databind/issues/2816
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/
url https://github.com/FasterXML/jackson-databind/issues/2816
13
reference_url https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12
14
reference_url https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13
15
reference_url https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/
url https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html
16
reference_url https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/
url https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html
17
reference_url https://security.netapp.com/advisory/ntap-20220506-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220506-0004
18
reference_url https://www.debian.org/security/2022/dsa-5283
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/
url https://www.debian.org/security/2022/dsa-5283
19
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/
url https://www.oracle.com/security-alerts/cpuapr2022.html
20
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007109
reference_id 1007109
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007109
22
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2064698
reference_id 2064698
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2064698
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36518
reference_id CVE-2020-36518
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36518
24
reference_url https://github.com/advisories/GHSA-57j2-w4cx-62h2
reference_id GHSA-57j2-w4cx-62h2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-57j2-w4cx-62h2
25
reference_url https://security.netapp.com/advisory/ntap-20220506-0004/
reference_id ntap-20220506-0004
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/
url https://security.netapp.com/advisory/ntap-20220506-0004/
26
reference_url https://access.redhat.com/errata/RHSA-2022:2232
reference_id RHSA-2022:2232
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2232
27
reference_url https://access.redhat.com/errata/RHSA-2022:4918
reference_id RHSA-2022:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4918
28
reference_url https://access.redhat.com/errata/RHSA-2022:4919
reference_id RHSA-2022:4919
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4919
29
reference_url https://access.redhat.com/errata/RHSA-2022:4922
reference_id RHSA-2022:4922
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4922
30
reference_url https://access.redhat.com/errata/RHSA-2022:5029
reference_id RHSA-2022:5029
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5029
31
reference_url https://access.redhat.com/errata/RHSA-2022:5101
reference_id RHSA-2022:5101
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5101
32
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
33
reference_url https://access.redhat.com/errata/RHSA-2022:5596
reference_id RHSA-2022:5596
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5596
34
reference_url https://access.redhat.com/errata/RHSA-2022:6407
reference_id RHSA-2022:6407
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6407
35
reference_url https://access.redhat.com/errata/RHSA-2022:6782
reference_id RHSA-2022:6782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6782
36
reference_url https://access.redhat.com/errata/RHSA-2022:6783
reference_id RHSA-2022:6783
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6783
37
reference_url https://access.redhat.com/errata/RHSA-2022:6787
reference_id RHSA-2022:6787
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6787
38
reference_url https://access.redhat.com/errata/RHSA-2022:6819
reference_id RHSA-2022:6819
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6819
39
reference_url https://access.redhat.com/errata/RHSA-2022:7409
reference_id RHSA-2022:7409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7409
40
reference_url https://access.redhat.com/errata/RHSA-2022:7410
reference_id RHSA-2022:7410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7410
41
reference_url https://access.redhat.com/errata/RHSA-2022:7411
reference_id RHSA-2022:7411
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7411
42
reference_url https://access.redhat.com/errata/RHSA-2022:7417
reference_id RHSA-2022:7417
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7417
43
reference_url https://access.redhat.com/errata/RHSA-2022:7435
reference_id RHSA-2022:7435
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7435
44
reference_url https://access.redhat.com/errata/RHSA-2022:8781
reference_id RHSA-2022:8781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8781
45
reference_url https://access.redhat.com/errata/RHSA-2022:8889
reference_id RHSA-2022:8889
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8889
46
reference_url https://access.redhat.com/errata/RHSA-2023:0264
reference_id RHSA-2023:0264
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0264
47
reference_url https://access.redhat.com/errata/RHSA-2023:2312
reference_id RHSA-2023:2312
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2312
48
reference_url https://access.redhat.com/errata/RHSA-2023:3223
reference_id RHSA-2023:3223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3223
49
reference_url https://access.redhat.com/errata/RHSA-2024:3061
reference_id RHSA-2024:3061
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3061
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r94a-3fq2-efdg
1
vulnerability VCID-w1c4-c4xs-yba4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2.1
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r94a-3fq2-efdg
1
vulnerability VCID-w1c4-c4xs-yba4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2.1
aliases CVE-2020-36518, GHSA-57j2-w4cx-62h2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8fr2-v728-cfcc
6
url VCID-8htk-33f4-4ufg
vulnerability_id VCID-8htk-33f4-4ufg
summary 
Improper Input Validation
A Polymorphic Typing issue was discovered in FasterXML jackson-databind. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of `com.p6spy.engine.spy.P6DataSource` mishandling.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0159
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0159
1
reference_url https://access.redhat.com/errata/RHSA-2020:0160
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0160
2
reference_url https://access.redhat.com/errata/RHSA-2020:0161
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0161
3
reference_url https://access.redhat.com/errata/RHSA-2020:0164
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0164
4
reference_url https://access.redhat.com/errata/RHSA-2020:0445
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0445
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16943.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16943.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16943
reference_id
reference_type
scores
0
value 0.01891
scoring_system epss
scoring_elements 0.83557
published_at 2026-06-05T12:55:00Z
1
value 0.01891
scoring_system epss
scoring_elements 0.83533
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16943
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943
13
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
14
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
15
reference_url https://github.com/FasterXML/jackson-databind/commit/328a0f833daf6baa443ac3b37c818a0204714b0b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/328a0f833daf6baa443ac3b37c818a0204714b0b
16
reference_url https://github.com/FasterXML/jackson-databind/commit/bc67eb11a7cf57561f861ff16f879f1fceb5779f
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/bc67eb11a7cf57561f861ff16f879f1fceb5779f
17
reference_url https://github.com/FasterXML/jackson-databind/issues/2478
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2478
18
reference_url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
26
reference_url https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html
27
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43
28
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/
29
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT
30
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/
31
reference_url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
32
reference_url https://seclists.org/bugtraq/2019/Oct/6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Oct/6
33
reference_url https://security.netapp.com/advisory/ntap-20191017-0006
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20191017-0006
34
reference_url https://security.netapp.com/advisory/ntap-20191017-0006/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20191017-0006/
35
reference_url https://www.debian.org/security/2019/dsa-4542
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4542
36
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
37
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
38
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
39
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
40
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
41
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1758191
reference_id 1758191
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1758191
42
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941530
reference_id 941530
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941530
43
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16943
reference_id CVE-2019-16943
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16943
44
reference_url https://github.com/advisories/GHSA-fmmc-742q-jg75
reference_id GHSA-fmmc-742q-jg75
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fmmc-742q-jg75
45
reference_url https://access.redhat.com/errata/RHSA-2020:0895
reference_id RHSA-2020:0895
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0895
46
reference_url https://access.redhat.com/errata/RHSA-2020:0899
reference_id RHSA-2020:0899
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0899
47
reference_url https://access.redhat.com/errata/RHSA-2020:0939
reference_id RHSA-2020:0939
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0939
48
reference_url https://access.redhat.com/errata/RHSA-2020:1644
reference_id RHSA-2020:1644
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1644
49
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
50
reference_url https://access.redhat.com/errata/RHSA-2020:2321
reference_id RHSA-2020:2321
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2321
51
reference_url https://access.redhat.com/errata/RHSA-2020:2333
reference_id RHSA-2020:2333
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2333
52
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
53
reference_url https://usn.ubuntu.com/USN-4813-1/
reference_id USN-USN-4813-1
reference_type
scores
url https://usn.ubuntu.com/USN-4813-1/
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-1z31-s1cu-bbh4
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-7svn-u8ub-4faw
4
vulnerability VCID-88hx-kauy-4fcy
5
vulnerability VCID-8ec9-5qt4-duat
6
vulnerability VCID-8fr2-v728-cfcc
7
vulnerability VCID-8htk-33f4-4ufg
8
vulnerability VCID-8kwc-sxvr-skgp
9
vulnerability VCID-auzw-j1fc-jff8
10
vulnerability VCID-cnns-pjex-4ybt
11
vulnerability VCID-ez2q-xgz1-rkab
12
vulnerability VCID-fkct-tzwg-mkh8
13
vulnerability VCID-kdkp-1ucy-w3g1
14
vulnerability VCID-m3y5-xa6w-83b6
15
vulnerability VCID-nz1v-4hgs-6yge
16
vulnerability VCID-qx3m-tcqj-ukc2
17
vulnerability VCID-r92s-4m4x-dqc7
18
vulnerability VCID-r94a-3fq2-efdg
19
vulnerability VCID-rfqz-nf3z-v3a3
20
vulnerability VCID-s61k-e43h-13b5
21
vulnerability VCID-skd6-gqh8-sbba
22
vulnerability VCID-tfky-edec-13gw
23
vulnerability VCID-ujnp-2f3v-s3h3
24
vulnerability VCID-uzry-ts4t-fbc8
25
vulnerability VCID-vnh3-bvyq-13d6
26
vulnerability VCID-vqke-p81x-sffn
27
vulnerability VCID-w1c4-c4xs-yba4
28
vulnerability VCID-w7nq-y9sx-nfcc
29
vulnerability VCID-xqz3-k7ts-juck
30
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-39mg-y1k8-xbf9
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-88hx-kauy-4fcy
4
vulnerability VCID-8fr2-v728-cfcc
5
vulnerability VCID-8htk-33f4-4ufg
6
vulnerability VCID-8kwc-sxvr-skgp
7
vulnerability VCID-auzw-j1fc-jff8
8
vulnerability VCID-cnns-pjex-4ybt
9
vulnerability VCID-fkct-tzwg-mkh8
10
vulnerability VCID-nz1v-4hgs-6yge
11
vulnerability VCID-qx3m-tcqj-ukc2
12
vulnerability VCID-r92s-4m4x-dqc7
13
vulnerability VCID-r94a-3fq2-efdg
14
vulnerability VCID-rfqz-nf3z-v3a3
15
vulnerability VCID-s61k-e43h-13b5
16
vulnerability VCID-skd6-gqh8-sbba
17
vulnerability VCID-t79w-jeyp-suaw
18
vulnerability VCID-u37s-5nn4-wqbx
19
vulnerability VCID-vnh3-bvyq-13d6
20
vulnerability VCID-vqke-p81x-sffn
21
vulnerability VCID-w1c4-c4xs-yba4
22
vulnerability VCID-w7nq-y9sx-nfcc
23
vulnerability VCID-wqg8-5kwe-vuem
24
vulnerability VCID-xqz3-k7ts-juck
25
vulnerability VCID-zbfc-s76k-gfgv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
2
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z31-s1cu-bbh4
1
vulnerability VCID-314g-t8xy-5khg
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-7svn-u8ub-4faw
4
vulnerability VCID-89dx-2s8k-mufw
5
vulnerability VCID-8fr2-v728-cfcc
6
vulnerability VCID-8kwc-sxvr-skgp
7
vulnerability VCID-c1uz-emh5-9fhe
8
vulnerability VCID-crra-28kn-mqab
9
vulnerability VCID-dd77-bpcr-zfam
10
vulnerability VCID-fkct-tzwg-mkh8
11
vulnerability VCID-gxpn-pz3c-gugf
12
vulnerability VCID-nz1v-4hgs-6yge
13
vulnerability VCID-q6zd-khan-9yhj
14
vulnerability VCID-q7ye-13eq-vuhy
15
vulnerability VCID-qx3m-tcqj-ukc2
16
vulnerability VCID-r92s-4m4x-dqc7
17
vulnerability VCID-r94a-3fq2-efdg
18
vulnerability VCID-rfqz-nf3z-v3a3
19
vulnerability VCID-rsg7-5tup-4bd1
20
vulnerability VCID-s61k-e43h-13b5
21
vulnerability VCID-skd6-gqh8-sbba
22
vulnerability VCID-ujnp-2f3v-s3h3
23
vulnerability VCID-uzry-ts4t-fbc8
24
vulnerability VCID-vnh3-bvyq-13d6
25
vulnerability VCID-w1c4-c4xs-yba4
26
vulnerability VCID-w5gg-jtut-qkcc
27
vulnerability VCID-xqz3-k7ts-juck
28
vulnerability VCID-y3uj-myy6-kbha
29
vulnerability VCID-z9uf-p9w2-57fj
30
vulnerability VCID-zbfc-s76k-gfgv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1
aliases CVE-2019-16943, GHSA-fmmc-742q-jg75
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8htk-33f4-4ufg
7
url VCID-8kwc-sxvr-skgp
vulnerability_id VCID-8kwc-sxvr-skgp
summary 
Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36186.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36186.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36186
reference_id
reference_type
scores
0
value 0.02623
scoring_system epss
scoring_elements 0.85972
published_at 2026-06-05T12:55:00Z
1
value 0.02623
scoring_system epss
scoring_elements 0.8595
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36186
2
reference_url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36186
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36186
4
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
5
reference_url https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1
6
reference_url https://github.com/FasterXML/jackson-databind/issues/2997
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2997
7
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
8
reference_url https://security.netapp.com/advisory/ntap-20210205-0005
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210205-0005
9
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
10
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
11
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
12
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
13
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
14
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1913931
reference_id 1913931
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1913931
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36186
reference_id CVE-2020-36186
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36186
17
reference_url https://github.com/advisories/GHSA-v585-23hc-c647
reference_id GHSA-v585-23hc-c647
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v585-23hc-c647
18
reference_url https://access.redhat.com/errata/RHSA-2021:1230
reference_id RHSA-2021:1230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1230
19
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8fr2-v728-cfcc
1
vulnerability VCID-r94a-3fq2-efdg
2
vulnerability VCID-w1c4-c4xs-yba4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-36186, GHSA-v585-23hc-c647
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8kwc-sxvr-skgp
8
url VCID-auzw-j1fc-jff8
vulnerability_id VCID-auzw-j1fc-jff8
summary 
Improper Input Validation
A Polymorphic Typing issue was discovered in FasterXML jackson-databind. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the `apache-log4j-extra` in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0159
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0159
1
reference_url https://access.redhat.com/errata/RHSA-2020:0160
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0160
2
reference_url https://access.redhat.com/errata/RHSA-2020:0161
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0161
3
reference_url https://access.redhat.com/errata/RHSA-2020:0164
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0164
4
reference_url https://access.redhat.com/errata/RHSA-2020:0445
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0445
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17531.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17531.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-17531
reference_id
reference_type
scores
0
value 0.01223
scoring_system epss
scoring_elements 0.79444
published_at 2026-06-04T12:55:00Z
1
value 0.01223
scoring_system epss
scoring_elements 0.79472
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-17531
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531
8
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
9
reference_url https://github.com/FasterXML/jackson-databind/commit/b5a304a98590b6bb766134f9261e6566dcbbb6d0
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/b5a304a98590b6bb766134f9261e6566dcbbb6d0
10
reference_url https://github.com/FasterXML/jackson-databind/issues/2498
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2498
11
reference_url https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5@%3Ccommits.pulsar.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
15
reference_url https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html
16
reference_url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
17
reference_url https://security.netapp.com/advisory/ntap-20191024-0005
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20191024-0005
18
reference_url https://security.netapp.com/advisory/ntap-20191024-0005/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20191024-0005/
19
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
20
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
21
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
22
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
23
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
24
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1775293
reference_id 1775293
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1775293
25
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-17531
reference_id CVE-2019-17531
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-17531
26
reference_url https://github.com/advisories/GHSA-gjmw-vf9h-g25v
reference_id GHSA-gjmw-vf9h-g25v
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gjmw-vf9h-g25v
27
reference_url https://access.redhat.com/errata/RHSA-2019:4192
reference_id RHSA-2019:4192
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4192
28
reference_url https://access.redhat.com/errata/RHSA-2020:0895
reference_id RHSA-2020:0895
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0895
29
reference_url https://access.redhat.com/errata/RHSA-2020:0899
reference_id RHSA-2020:0899
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0899
30
reference_url https://access.redhat.com/errata/RHSA-2020:0939
reference_id RHSA-2020:0939
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0939
31
reference_url https://access.redhat.com/errata/RHSA-2020:1644
reference_id RHSA-2020:1644
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1644
32
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
33
reference_url https://access.redhat.com/errata/RHSA-2020:2333
reference_id RHSA-2020:2333
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2333
34
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
35
reference_url https://access.redhat.com/errata/RHSA-2024:5856
reference_id RHSA-2024:5856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5856
36
reference_url https://usn.ubuntu.com/USN-4813-1/
reference_id USN-USN-4813-1
reference_type
scores
url https://usn.ubuntu.com/USN-4813-1/
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-1z31-s1cu-bbh4
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-7svn-u8ub-4faw
4
vulnerability VCID-88hx-kauy-4fcy
5
vulnerability VCID-8ec9-5qt4-duat
6
vulnerability VCID-8fr2-v728-cfcc
7
vulnerability VCID-8htk-33f4-4ufg
8
vulnerability VCID-8kwc-sxvr-skgp
9
vulnerability VCID-auzw-j1fc-jff8
10
vulnerability VCID-cnns-pjex-4ybt
11
vulnerability VCID-ez2q-xgz1-rkab
12
vulnerability VCID-fkct-tzwg-mkh8
13
vulnerability VCID-kdkp-1ucy-w3g1
14
vulnerability VCID-m3y5-xa6w-83b6
15
vulnerability VCID-nz1v-4hgs-6yge
16
vulnerability VCID-qx3m-tcqj-ukc2
17
vulnerability VCID-r92s-4m4x-dqc7
18
vulnerability VCID-r94a-3fq2-efdg
19
vulnerability VCID-rfqz-nf3z-v3a3
20
vulnerability VCID-s61k-e43h-13b5
21
vulnerability VCID-skd6-gqh8-sbba
22
vulnerability VCID-tfky-edec-13gw
23
vulnerability VCID-ujnp-2f3v-s3h3
24
vulnerability VCID-uzry-ts4t-fbc8
25
vulnerability VCID-vnh3-bvyq-13d6
26
vulnerability VCID-vqke-p81x-sffn
27
vulnerability VCID-w1c4-c4xs-yba4
28
vulnerability VCID-w7nq-y9sx-nfcc
29
vulnerability VCID-xqz3-k7ts-juck
30
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-39mg-y1k8-xbf9
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-88hx-kauy-4fcy
4
vulnerability VCID-8fr2-v728-cfcc
5
vulnerability VCID-8htk-33f4-4ufg
6
vulnerability VCID-8kwc-sxvr-skgp
7
vulnerability VCID-auzw-j1fc-jff8
8
vulnerability VCID-cnns-pjex-4ybt
9
vulnerability VCID-fkct-tzwg-mkh8
10
vulnerability VCID-nz1v-4hgs-6yge
11
vulnerability VCID-qx3m-tcqj-ukc2
12
vulnerability VCID-r92s-4m4x-dqc7
13
vulnerability VCID-r94a-3fq2-efdg
14
vulnerability VCID-rfqz-nf3z-v3a3
15
vulnerability VCID-s61k-e43h-13b5
16
vulnerability VCID-skd6-gqh8-sbba
17
vulnerability VCID-t79w-jeyp-suaw
18
vulnerability VCID-u37s-5nn4-wqbx
19
vulnerability VCID-vnh3-bvyq-13d6
20
vulnerability VCID-vqke-p81x-sffn
21
vulnerability VCID-w1c4-c4xs-yba4
22
vulnerability VCID-w7nq-y9sx-nfcc
23
vulnerability VCID-wqg8-5kwe-vuem
24
vulnerability VCID-xqz3-k7ts-juck
25
vulnerability VCID-zbfc-s76k-gfgv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
2
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z31-s1cu-bbh4
1
vulnerability VCID-314g-t8xy-5khg
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-7svn-u8ub-4faw
4
vulnerability VCID-89dx-2s8k-mufw
5
vulnerability VCID-8fr2-v728-cfcc
6
vulnerability VCID-8kwc-sxvr-skgp
7
vulnerability VCID-c1uz-emh5-9fhe
8
vulnerability VCID-crra-28kn-mqab
9
vulnerability VCID-dd77-bpcr-zfam
10
vulnerability VCID-fkct-tzwg-mkh8
11
vulnerability VCID-gxpn-pz3c-gugf
12
vulnerability VCID-nz1v-4hgs-6yge
13
vulnerability VCID-q6zd-khan-9yhj
14
vulnerability VCID-q7ye-13eq-vuhy
15
vulnerability VCID-qx3m-tcqj-ukc2
16
vulnerability VCID-r92s-4m4x-dqc7
17
vulnerability VCID-r94a-3fq2-efdg
18
vulnerability VCID-rfqz-nf3z-v3a3
19
vulnerability VCID-rsg7-5tup-4bd1
20
vulnerability VCID-s61k-e43h-13b5
21
vulnerability VCID-skd6-gqh8-sbba
22
vulnerability VCID-ujnp-2f3v-s3h3
23
vulnerability VCID-uzry-ts4t-fbc8
24
vulnerability VCID-vnh3-bvyq-13d6
25
vulnerability VCID-w1c4-c4xs-yba4
26
vulnerability VCID-w5gg-jtut-qkcc
27
vulnerability VCID-xqz3-k7ts-juck
28
vulnerability VCID-y3uj-myy6-kbha
29
vulnerability VCID-z9uf-p9w2-57fj
30
vulnerability VCID-zbfc-s76k-gfgv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1
aliases CVE-2019-17531, GHSA-gjmw-vf9h-g25v
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-auzw-j1fc-jff8
9
url VCID-cnns-pjex-4ybt
vulnerability_id VCID-cnns-pjex-4ybt
summary 
Improper Input Validation
A Polymorphic Typing issue was discovered in FasterXML jackson-databind. It is related to `com.zaxxer.hikari.HikariConfig`.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:3200
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3200
1
reference_url https://access.redhat.com/errata/RHSA-2020:0159
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0159
2
reference_url https://access.redhat.com/errata/RHSA-2020:0160
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0160
3
reference_url https://access.redhat.com/errata/RHSA-2020:0161
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0161
4
reference_url https://access.redhat.com/errata/RHSA-2020:0164
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0164
5
reference_url https://access.redhat.com/errata/RHSA-2020:0445
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0445
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14540.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14540.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14540
reference_id
reference_type
scores
0
value 0.06454
scoring_system epss
scoring_elements 0.91247
published_at 2026-06-05T12:55:00Z
1
value 0.06454
scoring_system epss
scoring_elements 0.91234
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14540
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943
14
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
15
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
16
reference_url https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x
17
reference_url https://github.com/FasterXML/jackson-databind/commit/73c1c2cc76e6cdd7f3a5615cbe3207fe96e4d3db
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/73c1c2cc76e6cdd7f3a5615cbe3207fe96e4d3db
18
reference_url https://github.com/FasterXML/jackson-databind/commit/d4983c740fec7d5576b207a8c30a63d3ea7443de
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/d4983c740fec7d5576b207a8c30a63d3ea7443de
19
reference_url https://github.com/FasterXML/jackson-databind/issues/2410
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2410
20
reference_url https://github.com/FasterXML/jackson-databind/issues/2449
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2449
21
reference_url https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6@%3Cnotifications.zookeeper.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
28
reference_url https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
29
reference_url https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E
30
reference_url https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E
31
reference_url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
32
reference_url https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
33
reference_url https://lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540@%3Ccommits.nifi.apache.org%3E
34
reference_url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
35
reference_url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
36
reference_url https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html
37
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43
38
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT
39
reference_url https://seclists.org/bugtraq/2019/Oct/6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Oct/6
40
reference_url https://security.netapp.com/advisory/ntap-20191004-0002
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20191004-0002
41
reference_url https://www.debian.org/security/2019/dsa-4542
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4542
42
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
43
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
44
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
45
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
46
reference_url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
47
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1755849
reference_id 1755849
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1755849
48
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940498
reference_id 940498
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940498
49
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14540
reference_id CVE-2019-14540
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14540
50
reference_url https://github.com/advisories/GHSA-h822-r4r5-v8jg
reference_id GHSA-h822-r4r5-v8jg
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h822-r4r5-v8jg
51
reference_url https://access.redhat.com/errata/RHSA-2020:0895
reference_id RHSA-2020:0895
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0895
52
reference_url https://access.redhat.com/errata/RHSA-2020:0899
reference_id RHSA-2020:0899
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0899
53
reference_url https://access.redhat.com/errata/RHSA-2020:1644
reference_id RHSA-2020:1644
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1644
54
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
55
reference_url https://access.redhat.com/errata/RHSA-2020:2321
reference_id RHSA-2020:2321
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2321
56
reference_url https://access.redhat.com/errata/RHSA-2020:2333
reference_id RHSA-2020:2333
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2333
57
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
58
reference_url https://usn.ubuntu.com/USN-4813-1/
reference_id USN-USN-4813-1
reference_type
scores
url https://usn.ubuntu.com/USN-4813-1/
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-1z31-s1cu-bbh4
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-7svn-u8ub-4faw
4
vulnerability VCID-88hx-kauy-4fcy
5
vulnerability VCID-8ec9-5qt4-duat
6
vulnerability VCID-8fr2-v728-cfcc
7
vulnerability VCID-8htk-33f4-4ufg
8
vulnerability VCID-8kwc-sxvr-skgp
9
vulnerability VCID-auzw-j1fc-jff8
10
vulnerability VCID-cnns-pjex-4ybt
11
vulnerability VCID-ez2q-xgz1-rkab
12
vulnerability VCID-fkct-tzwg-mkh8
13
vulnerability VCID-kdkp-1ucy-w3g1
14
vulnerability VCID-m3y5-xa6w-83b6
15
vulnerability VCID-nz1v-4hgs-6yge
16
vulnerability VCID-qx3m-tcqj-ukc2
17
vulnerability VCID-r92s-4m4x-dqc7
18
vulnerability VCID-r94a-3fq2-efdg
19
vulnerability VCID-rfqz-nf3z-v3a3
20
vulnerability VCID-s61k-e43h-13b5
21
vulnerability VCID-skd6-gqh8-sbba
22
vulnerability VCID-tfky-edec-13gw
23
vulnerability VCID-ujnp-2f3v-s3h3
24
vulnerability VCID-uzry-ts4t-fbc8
25
vulnerability VCID-vnh3-bvyq-13d6
26
vulnerability VCID-vqke-p81x-sffn
27
vulnerability VCID-w1c4-c4xs-yba4
28
vulnerability VCID-w7nq-y9sx-nfcc
29
vulnerability VCID-xqz3-k7ts-juck
30
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-39mg-y1k8-xbf9
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-88hx-kauy-4fcy
4
vulnerability VCID-8fr2-v728-cfcc
5
vulnerability VCID-8htk-33f4-4ufg
6
vulnerability VCID-8kwc-sxvr-skgp
7
vulnerability VCID-auzw-j1fc-jff8
8
vulnerability VCID-cnns-pjex-4ybt
9
vulnerability VCID-fkct-tzwg-mkh8
10
vulnerability VCID-nz1v-4hgs-6yge
11
vulnerability VCID-qx3m-tcqj-ukc2
12
vulnerability VCID-r92s-4m4x-dqc7
13
vulnerability VCID-r94a-3fq2-efdg
14
vulnerability VCID-rfqz-nf3z-v3a3
15
vulnerability VCID-s61k-e43h-13b5
16
vulnerability VCID-skd6-gqh8-sbba
17
vulnerability VCID-t79w-jeyp-suaw
18
vulnerability VCID-u37s-5nn4-wqbx
19
vulnerability VCID-vnh3-bvyq-13d6
20
vulnerability VCID-vqke-p81x-sffn
21
vulnerability VCID-w1c4-c4xs-yba4
22
vulnerability VCID-w7nq-y9sx-nfcc
23
vulnerability VCID-wqg8-5kwe-vuem
24
vulnerability VCID-xqz3-k7ts-juck
25
vulnerability VCID-zbfc-s76k-gfgv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
2
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-1z31-s1cu-bbh4
2
vulnerability VCID-314g-t8xy-5khg
3
vulnerability VCID-5887-pcyq-nkht
4
vulnerability VCID-7svn-u8ub-4faw
5
vulnerability VCID-89dx-2s8k-mufw
6
vulnerability VCID-8fr2-v728-cfcc
7
vulnerability VCID-8htk-33f4-4ufg
8
vulnerability VCID-8kwc-sxvr-skgp
9
vulnerability VCID-auzw-j1fc-jff8
10
vulnerability VCID-c1uz-emh5-9fhe
11
vulnerability VCID-crra-28kn-mqab
12
vulnerability VCID-dd77-bpcr-zfam
13
vulnerability VCID-fkct-tzwg-mkh8
14
vulnerability VCID-gxpn-pz3c-gugf
15
vulnerability VCID-nz1v-4hgs-6yge
16
vulnerability VCID-q6zd-khan-9yhj
17
vulnerability VCID-q7ye-13eq-vuhy
18
vulnerability VCID-qx3m-tcqj-ukc2
19
vulnerability VCID-r92s-4m4x-dqc7
20
vulnerability VCID-r94a-3fq2-efdg
21
vulnerability VCID-rfqz-nf3z-v3a3
22
vulnerability VCID-rsg7-5tup-4bd1
23
vulnerability VCID-s61k-e43h-13b5
24
vulnerability VCID-skd6-gqh8-sbba
25
vulnerability VCID-ujnp-2f3v-s3h3
26
vulnerability VCID-uzry-ts4t-fbc8
27
vulnerability VCID-vnh3-bvyq-13d6
28
vulnerability VCID-w1c4-c4xs-yba4
29
vulnerability VCID-w5gg-jtut-qkcc
30
vulnerability VCID-xqz3-k7ts-juck
31
vulnerability VCID-y3uj-myy6-kbha
32
vulnerability VCID-z9uf-p9w2-57fj
33
vulnerability VCID-zbfc-s76k-gfgv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10
aliases CVE-2019-14540, GHSA-h822-r4r5-v8jg
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cnns-pjex-4ybt
10
url VCID-d6ez-jva8-hyag
vulnerability_id VCID-d6ez-jva8-hyag
summary 
Deserialization of Untrusted Data
FasterXML jackson-databind might allow attackers to have unspecified impact by leveraging failure to block the `jboss-common-core` class from polymorphic deserialization.
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:0959
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0959
1
reference_url https://access.redhat.com/errata/RHSA-2019:0782
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0782
2
reference_url https://access.redhat.com/errata/RHSA-2019:0877
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0877
3
reference_url https://access.redhat.com/errata/RHSA-2019:1782
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1782
4
reference_url https://access.redhat.com/errata/RHSA-2019:1797
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1797
5
reference_url https://access.redhat.com/errata/RHSA-2019:1822
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1822
6
reference_url https://access.redhat.com/errata/RHSA-2019:1823
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1823
7
reference_url https://access.redhat.com/errata/RHSA-2019:2804
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2804
8
reference_url https://access.redhat.com/errata/RHSA-2019:2858
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2858
9
reference_url https://access.redhat.com/errata/RHSA-2019:3002
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3002
10
reference_url https://access.redhat.com/errata/RHSA-2019:3140
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3140
11
reference_url https://access.redhat.com/errata/RHSA-2019:3149
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3149
12
reference_url https://access.redhat.com/errata/RHSA-2019:3892
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3892
13
reference_url https://access.redhat.com/errata/RHSA-2019:4037
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4037
14
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19362.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19362.json
15
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-19362
reference_id
reference_type
scores
0
value 0.04233
scoring_system epss
scoring_elements 0.88961
published_at 2026-06-04T12:55:00Z
1
value 0.04233
scoring_system epss
scoring_elements 0.88978
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-19362
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361
25
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362
26
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
27
reference_url https://github.com/advisories/GHSA-c8hm-7hpq-7jhg
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-c8hm-7hpq-7jhg
28
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
29
reference_url https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
30
reference_url https://github.com/FasterXML/jackson-databind/commit/72cd4025a229fb28ec133235003dd4616f70afaa
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/72cd4025a229fb28ec133235003dd4616f70afaa
31
reference_url https://github.com/FasterXML/jackson-databind/issues/2186
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2186
32
reference_url https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8
33
reference_url https://issues.apache.org/jira/browse/TINKERPOP-2121
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/TINKERPOP-2121
34
reference_url https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E
35
reference_url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
36
reference_url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
37
reference_url https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
38
reference_url https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E
39
reference_url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
40
reference_url https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E
41
reference_url https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
42
reference_url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
43
reference_url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
44
reference_url https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html
45
reference_url https://seclists.org/bugtraq/2019/May/68
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/May/68
46
reference_url https://security.netapp.com/advisory/ntap-20190530-0003
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190530-0003
47
reference_url https://www.debian.org/security/2019/dsa-4452
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4452
48
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
49
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
50
reference_url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
51
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
52
reference_url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
53
reference_url http://www.securityfocus.com/bid/107985
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/107985
54
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1666489
reference_id 1666489
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1666489
55
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-19362
reference_id CVE-2018-19362
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-19362
56
reference_url https://access.redhat.com/errata/RHSA-2020:2564
reference_id RHSA-2020:2564
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2564
57
reference_url https://access.redhat.com/errata/RHSA-2021:1230
reference_id RHSA-2021:1230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1230
58
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
59
reference_url https://usn.ubuntu.com/USN-4813-1/
reference_id USN-USN-4813-1
reference_type
scores
url https://usn.ubuntu.com/USN-4813-1/
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-1z31-s1cu-bbh4
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-7svn-u8ub-4faw
4
vulnerability VCID-88hx-kauy-4fcy
5
vulnerability VCID-8ec9-5qt4-duat
6
vulnerability VCID-8fr2-v728-cfcc
7
vulnerability VCID-8htk-33f4-4ufg
8
vulnerability VCID-8kwc-sxvr-skgp
9
vulnerability VCID-auzw-j1fc-jff8
10
vulnerability VCID-cnns-pjex-4ybt
11
vulnerability VCID-ez2q-xgz1-rkab
12
vulnerability VCID-fkct-tzwg-mkh8
13
vulnerability VCID-kdkp-1ucy-w3g1
14
vulnerability VCID-m3y5-xa6w-83b6
15
vulnerability VCID-nz1v-4hgs-6yge
16
vulnerability VCID-qx3m-tcqj-ukc2
17
vulnerability VCID-r92s-4m4x-dqc7
18
vulnerability VCID-r94a-3fq2-efdg
19
vulnerability VCID-rfqz-nf3z-v3a3
20
vulnerability VCID-s61k-e43h-13b5
21
vulnerability VCID-skd6-gqh8-sbba
22
vulnerability VCID-tfky-edec-13gw
23
vulnerability VCID-ujnp-2f3v-s3h3
24
vulnerability VCID-uzry-ts4t-fbc8
25
vulnerability VCID-vnh3-bvyq-13d6
26
vulnerability VCID-vqke-p81x-sffn
27
vulnerability VCID-w1c4-c4xs-yba4
28
vulnerability VCID-w7nq-y9sx-nfcc
29
vulnerability VCID-xqz3-k7ts-juck
30
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-39mg-y1k8-xbf9
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-7svn-u8ub-4faw
4
vulnerability VCID-88hx-kauy-4fcy
5
vulnerability VCID-8fr2-v728-cfcc
6
vulnerability VCID-8htk-33f4-4ufg
7
vulnerability VCID-8kwc-sxvr-skgp
8
vulnerability VCID-auzw-j1fc-jff8
9
vulnerability VCID-cnns-pjex-4ybt
10
vulnerability VCID-fkct-tzwg-mkh8
11
vulnerability VCID-nz1v-4hgs-6yge
12
vulnerability VCID-p52x-ese3-qkha
13
vulnerability VCID-qx3m-tcqj-ukc2
14
vulnerability VCID-r92s-4m4x-dqc7
15
vulnerability VCID-r94a-3fq2-efdg
16
vulnerability VCID-rfqz-nf3z-v3a3
17
vulnerability VCID-s61k-e43h-13b5
18
vulnerability VCID-skd6-gqh8-sbba
19
vulnerability VCID-t4kd-zjrn-kueu
20
vulnerability VCID-t79w-jeyp-suaw
21
vulnerability VCID-u37s-5nn4-wqbx
22
vulnerability VCID-uzry-ts4t-fbc8
23
vulnerability VCID-vnh3-bvyq-13d6
24
vulnerability VCID-vqke-p81x-sffn
25
vulnerability VCID-w1c4-c4xs-yba4
26
vulnerability VCID-w7nq-y9sx-nfcc
27
vulnerability VCID-wqg8-5kwe-vuem
28
vulnerability VCID-xqz3-k7ts-juck
29
vulnerability VCID-zbfc-s76k-gfgv
30
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5
2
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-39mg-y1k8-xbf9
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-7svn-u8ub-4faw
4
vulnerability VCID-88hx-kauy-4fcy
5
vulnerability VCID-8fr2-v728-cfcc
6
vulnerability VCID-8htk-33f4-4ufg
7
vulnerability VCID-8kwc-sxvr-skgp
8
vulnerability VCID-auzw-j1fc-jff8
9
vulnerability VCID-cnns-pjex-4ybt
10
vulnerability VCID-fkct-tzwg-mkh8
11
vulnerability VCID-nz1v-4hgs-6yge
12
vulnerability VCID-p52x-ese3-qkha
13
vulnerability VCID-qx3m-tcqj-ukc2
14
vulnerability VCID-r92s-4m4x-dqc7
15
vulnerability VCID-r94a-3fq2-efdg
16
vulnerability VCID-rfqz-nf3z-v3a3
17
vulnerability VCID-s61k-e43h-13b5
18
vulnerability VCID-skd6-gqh8-sbba
19
vulnerability VCID-t4kd-zjrn-kueu
20
vulnerability VCID-t79w-jeyp-suaw
21
vulnerability VCID-u37s-5nn4-wqbx
22
vulnerability VCID-uzry-ts4t-fbc8
23
vulnerability VCID-vnh3-bvyq-13d6
24
vulnerability VCID-vqke-p81x-sffn
25
vulnerability VCID-w1c4-c4xs-yba4
26
vulnerability VCID-w7nq-y9sx-nfcc
27
vulnerability VCID-wqg8-5kwe-vuem
28
vulnerability VCID-xqz3-k7ts-juck
29
vulnerability VCID-zbfc-s76k-gfgv
30
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
3
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-1z31-s1cu-bbh4
2
vulnerability VCID-314g-t8xy-5khg
3
vulnerability VCID-5887-pcyq-nkht
4
vulnerability VCID-7svn-u8ub-4faw
5
vulnerability VCID-88hx-kauy-4fcy
6
vulnerability VCID-89dx-2s8k-mufw
7
vulnerability VCID-8fr2-v728-cfcc
8
vulnerability VCID-8htk-33f4-4ufg
9
vulnerability VCID-8kwc-sxvr-skgp
10
vulnerability VCID-auzw-j1fc-jff8
11
vulnerability VCID-c1uz-emh5-9fhe
12
vulnerability VCID-cnns-pjex-4ybt
13
vulnerability VCID-crra-28kn-mqab
14
vulnerability VCID-dd77-bpcr-zfam
15
vulnerability VCID-fkct-tzwg-mkh8
16
vulnerability VCID-gxpn-pz3c-gugf
17
vulnerability VCID-nz1v-4hgs-6yge
18
vulnerability VCID-p52x-ese3-qkha
19
vulnerability VCID-q6zd-khan-9yhj
20
vulnerability VCID-q7ye-13eq-vuhy
21
vulnerability VCID-qx3m-tcqj-ukc2
22
vulnerability VCID-r92s-4m4x-dqc7
23
vulnerability VCID-r94a-3fq2-efdg
24
vulnerability VCID-rfqz-nf3z-v3a3
25
vulnerability VCID-rsg7-5tup-4bd1
26
vulnerability VCID-s61k-e43h-13b5
27
vulnerability VCID-skd6-gqh8-sbba
28
vulnerability VCID-t4kd-zjrn-kueu
29
vulnerability VCID-ujnp-2f3v-s3h3
30
vulnerability VCID-uzry-ts4t-fbc8
31
vulnerability VCID-vnh3-bvyq-13d6
32
vulnerability VCID-vqke-p81x-sffn
33
vulnerability VCID-w1c4-c4xs-yba4
34
vulnerability VCID-w5gg-jtut-qkcc
35
vulnerability VCID-xqz3-k7ts-juck
36
vulnerability VCID-y3uj-myy6-kbha
37
vulnerability VCID-z9uf-p9w2-57fj
38
vulnerability VCID-zbfc-s76k-gfgv
39
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
aliases CVE-2018-19362, GHSA-c8hm-7hpq-7jhg
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d6ez-jva8-hyag
11
url VCID-ez2q-xgz1-rkab
vulnerability_id VCID-ez2q-xgz1-rkab
summary 
Deserialization of Untrusted Data
FasterXML jackson-databind allows unauthenticated remote code execution. This is exploitable by sending maliciously crafted JSON input to the `readValue` method of the `ObjectMapper`, bypassing a denylist that is ineffective if the `c3p0` libraries are available in the classpath.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:1447
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1447
1
reference_url https://access.redhat.com/errata/RHSA-2018:1448
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1448
2
reference_url https://access.redhat.com/errata/RHSA-2018:1449
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1449
3
reference_url https://access.redhat.com/errata/RHSA-2018:1450
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1450
4
reference_url https://access.redhat.com/errata/RHSA-2018:1451
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1451
5
reference_url https://access.redhat.com/errata/RHSA-2018:1786
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1786
6
reference_url https://access.redhat.com/errata/RHSA-2018:2088
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2088
7
reference_url https://access.redhat.com/errata/RHSA-2018:2089
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2089
8
reference_url https://access.redhat.com/errata/RHSA-2018:2090
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2090
9
reference_url https://access.redhat.com/errata/RHSA-2018:2938
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2938
10
reference_url https://access.redhat.com/errata/RHSA-2018:2939
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2939
11
reference_url https://access.redhat.com/errata/RHSA-2019:2858
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2858
12
reference_url https://access.redhat.com/errata/RHSA-2019:3149
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3149
13
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7489.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7489.json
14
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-7489
reference_id
reference_type
scores
0
value 0.36207
scoring_system epss
scoring_elements 0.97195
published_at 2026-06-05T12:55:00Z
1
value 0.36207
scoring_system epss
scoring_elements 0.97191
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-7489
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7489
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7489
16
reference_url https://github.com/advisories/GHSA-cggj-fvv3-cqwv
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-cggj-fvv3-cqwv
17
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
18
reference_url https://github.com/FasterXML/jackson-databind/commit/60d459cedcf079c6106ae7da2ac562bc32dcabe1
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/commit/60d459cedcf079c6106ae7da2ac562bc32dcabe1
19
reference_url https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2
20
reference_url https://github.com/FasterXML/jackson-databind/commit/bc22f90eb7f896ace9567598a99cb1ff6e0f9d9d
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/bc22f90eb7f896ace9567598a99cb1ff6e0f9d9d
21
reference_url https://github.com/FasterXML/jackson-databind/commit/c921f0935d5e41bf206e702d8077a275ba1a6efc
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/c921f0935d5e41bf206e702d8077a275ba1a6efc
22
reference_url https://github.com/FasterXML/jackson-databind/commit/ca2bfc86af82a1479112004b663ba74c760752e6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/ca2bfc86af82a1479112004b663ba74c760752e6
23
reference_url https://github.com/FasterXML/jackson-databind/commit/ddfddfba6414adbecaff99684ef66eebd3a92e92
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/commit/ddfddfba6414adbecaff99684ef66eebd3a92e92
24
reference_url https://github.com/FasterXML/jackson-databind/commit/e66c0a9d3c926ff1b63bf586c824ead1d02f2a3d
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/e66c0a9d3c926ff1b63bf586c824ead1d02f2a3d
25
reference_url https://github.com/FasterXML/jackson-databind/commit/e8f043d1aac9b82eee907e0f0c3abbdea723a935
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/commit/e8f043d1aac9b82eee907e0f0c3abbdea723a935
26
reference_url https://github.com/FasterXML/jackson-databind/issues/1931
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/1931
27
reference_url https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E
28
reference_url https://security.netapp.com/advisory/ntap-20180328-0001
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20180328-0001
29
reference_url https://security.netapp.com/advisory/ntap-20180328-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180328-0001/
30
reference_url https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
31
reference_url https://www.debian.org/security/2018/dsa-4190
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4190
32
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
33
reference_url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
34
reference_url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
35
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
36
reference_url http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
37
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
38
reference_url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
39
reference_url http://www.securityfocus.com/bid/103203
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/103203
40
reference_url http://www.securitytracker.com/id/1040693
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1040693
41
reference_url http://www.securitytracker.com/id/1041890
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1041890
42
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1549276
reference_id 1549276
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1549276
43
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891614
reference_id 891614
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891614
44
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-7489
reference_id CVE-2018-7489
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-7489
45
reference_url https://access.redhat.com/errata/RHSA-2020:2562
reference_id RHSA-2020:2562
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2562
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-5887-pcyq-nkht
2
vulnerability VCID-88hx-kauy-4fcy
3
vulnerability VCID-8ec9-5qt4-duat
4
vulnerability VCID-8fr2-v728-cfcc
5
vulnerability VCID-8htk-33f4-4ufg
6
vulnerability VCID-8kwc-sxvr-skgp
7
vulnerability VCID-auzw-j1fc-jff8
8
vulnerability VCID-cnns-pjex-4ybt
9
vulnerability VCID-ez2q-xgz1-rkab
10
vulnerability VCID-fkct-tzwg-mkh8
11
vulnerability VCID-kdkp-1ucy-w3g1
12
vulnerability VCID-m3y5-xa6w-83b6
13
vulnerability VCID-nz1v-4hgs-6yge
14
vulnerability VCID-qx3m-tcqj-ukc2
15
vulnerability VCID-r94a-3fq2-efdg
16
vulnerability VCID-skd6-gqh8-sbba
17
vulnerability VCID-tfky-edec-13gw
18
vulnerability VCID-uzry-ts4t-fbc8
19
vulnerability VCID-vnh3-bvyq-13d6
20
vulnerability VCID-vqke-p81x-sffn
21
vulnerability VCID-w1c4-c4xs-yba4
22
vulnerability VCID-w7nq-y9sx-nfcc
23
vulnerability VCID-xqz3-k7ts-juck
24
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.3
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18u1-9nc1-2feh
1
vulnerability VCID-1uan-q6u8-affj
2
vulnerability VCID-2uzw-pn14-p7a1
3
vulnerability VCID-39mg-y1k8-xbf9
4
vulnerability VCID-5887-pcyq-nkht
5
vulnerability VCID-7svn-u8ub-4faw
6
vulnerability VCID-88hx-kauy-4fcy
7
vulnerability VCID-8ec9-5qt4-duat
8
vulnerability VCID-8fr2-v728-cfcc
9
vulnerability VCID-8htk-33f4-4ufg
10
vulnerability VCID-8kwc-sxvr-skgp
11
vulnerability VCID-8mns-fyju-dqdr
12
vulnerability VCID-auzw-j1fc-jff8
13
vulnerability VCID-cnns-pjex-4ybt
14
vulnerability VCID-d6ez-jva8-hyag
15
vulnerability VCID-fkct-tzwg-mkh8
16
vulnerability VCID-j1pk-ygx5-5bfd
17
vulnerability VCID-kdkp-1ucy-w3g1
18
vulnerability VCID-m3y5-xa6w-83b6
19
vulnerability VCID-nz1v-4hgs-6yge
20
vulnerability VCID-p52x-ese3-qkha
21
vulnerability VCID-qx3m-tcqj-ukc2
22
vulnerability VCID-r92s-4m4x-dqc7
23
vulnerability VCID-r94a-3fq2-efdg
24
vulnerability VCID-rfqz-nf3z-v3a3
25
vulnerability VCID-s61k-e43h-13b5
26
vulnerability VCID-skd6-gqh8-sbba
27
vulnerability VCID-t4kd-zjrn-kueu
28
vulnerability VCID-t79w-jeyp-suaw
29
vulnerability VCID-u37s-5nn4-wqbx
30
vulnerability VCID-uzry-ts4t-fbc8
31
vulnerability VCID-vnh3-bvyq-13d6
32
vulnerability VCID-vqke-p81x-sffn
33
vulnerability VCID-w1c4-c4xs-yba4
34
vulnerability VCID-w7nq-y9sx-nfcc
35
vulnerability VCID-wqg8-5kwe-vuem
36
vulnerability VCID-xqz3-k7ts-juck
37
vulnerability VCID-zbfc-s76k-gfgv
38
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.3
2
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.1
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18u1-9nc1-2feh
1
vulnerability VCID-1uan-q6u8-affj
2
vulnerability VCID-2uzw-pn14-p7a1
3
vulnerability VCID-39mg-y1k8-xbf9
4
vulnerability VCID-5887-pcyq-nkht
5
vulnerability VCID-7svn-u8ub-4faw
6
vulnerability VCID-88hx-kauy-4fcy
7
vulnerability VCID-8fr2-v728-cfcc
8
vulnerability VCID-8htk-33f4-4ufg
9
vulnerability VCID-8kwc-sxvr-skgp
10
vulnerability VCID-8mns-fyju-dqdr
11
vulnerability VCID-auzw-j1fc-jff8
12
vulnerability VCID-cnns-pjex-4ybt
13
vulnerability VCID-d6ez-jva8-hyag
14
vulnerability VCID-fkct-tzwg-mkh8
15
vulnerability VCID-j1pk-ygx5-5bfd
16
vulnerability VCID-kdkp-1ucy-w3g1
17
vulnerability VCID-m3y5-xa6w-83b6
18
vulnerability VCID-nz1v-4hgs-6yge
19
vulnerability VCID-p52x-ese3-qkha
20
vulnerability VCID-qx3m-tcqj-ukc2
21
vulnerability VCID-r92s-4m4x-dqc7
22
vulnerability VCID-r94a-3fq2-efdg
23
vulnerability VCID-rfqz-nf3z-v3a3
24
vulnerability VCID-s61k-e43h-13b5
25
vulnerability VCID-skd6-gqh8-sbba
26
vulnerability VCID-t4kd-zjrn-kueu
27
vulnerability VCID-t79w-jeyp-suaw
28
vulnerability VCID-u37s-5nn4-wqbx
29
vulnerability VCID-uzry-ts4t-fbc8
30
vulnerability VCID-vnh3-bvyq-13d6
31
vulnerability VCID-vqke-p81x-sffn
32
vulnerability VCID-w1c4-c4xs-yba4
33
vulnerability VCID-w7nq-y9sx-nfcc
34
vulnerability VCID-wqg8-5kwe-vuem
35
vulnerability VCID-xqz3-k7ts-juck
36
vulnerability VCID-zbfc-s76k-gfgv
37
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.1
3
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18u1-9nc1-2feh
1
vulnerability VCID-1uan-q6u8-affj
2
vulnerability VCID-1z31-s1cu-bbh4
3
vulnerability VCID-2uzw-pn14-p7a1
4
vulnerability VCID-314g-t8xy-5khg
5
vulnerability VCID-39mg-y1k8-xbf9
6
vulnerability VCID-5887-pcyq-nkht
7
vulnerability VCID-7svn-u8ub-4faw
8
vulnerability VCID-88hx-kauy-4fcy
9
vulnerability VCID-89dx-2s8k-mufw
10
vulnerability VCID-8fr2-v728-cfcc
11
vulnerability VCID-8htk-33f4-4ufg
12
vulnerability VCID-8kwc-sxvr-skgp
13
vulnerability VCID-8mns-fyju-dqdr
14
vulnerability VCID-auzw-j1fc-jff8
15
vulnerability VCID-c1uz-emh5-9fhe
16
vulnerability VCID-cnns-pjex-4ybt
17
vulnerability VCID-crra-28kn-mqab
18
vulnerability VCID-d6ez-jva8-hyag
19
vulnerability VCID-dd77-bpcr-zfam
20
vulnerability VCID-fkct-tzwg-mkh8
21
vulnerability VCID-gxpn-pz3c-gugf
22
vulnerability VCID-kdkp-1ucy-w3g1
23
vulnerability VCID-m3y5-xa6w-83b6
24
vulnerability VCID-nz1v-4hgs-6yge
25
vulnerability VCID-p52x-ese3-qkha
26
vulnerability VCID-q6zd-khan-9yhj
27
vulnerability VCID-q7ye-13eq-vuhy
28
vulnerability VCID-qx3m-tcqj-ukc2
29
vulnerability VCID-r92s-4m4x-dqc7
30
vulnerability VCID-r94a-3fq2-efdg
31
vulnerability VCID-rfqz-nf3z-v3a3
32
vulnerability VCID-rsg7-5tup-4bd1
33
vulnerability VCID-s61k-e43h-13b5
34
vulnerability VCID-skd6-gqh8-sbba
35
vulnerability VCID-t4kd-zjrn-kueu
36
vulnerability VCID-t79w-jeyp-suaw
37
vulnerability VCID-u37s-5nn4-wqbx
38
vulnerability VCID-ujnp-2f3v-s3h3
39
vulnerability VCID-uzry-ts4t-fbc8
40
vulnerability VCID-vnh3-bvyq-13d6
41
vulnerability VCID-vqke-p81x-sffn
42
vulnerability VCID-w1c4-c4xs-yba4
43
vulnerability VCID-w5gg-jtut-qkcc
44
vulnerability VCID-w7nq-y9sx-nfcc
45
vulnerability VCID-wqg8-5kwe-vuem
46
vulnerability VCID-xqz3-k7ts-juck
47
vulnerability VCID-y3uj-myy6-kbha
48
vulnerability VCID-z9uf-p9w2-57fj
49
vulnerability VCID-zbfc-s76k-gfgv
50
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5
aliases CVE-2018-7489, GHSA-cggj-fvv3-cqwv
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ez2q-xgz1-rkab
12
url VCID-fkct-tzwg-mkh8
vulnerability_id VCID-fkct-tzwg-mkh8
summary 
Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36185.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36185.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36185
reference_id
reference_type
scores
0
value 0.0295
scoring_system epss
scoring_elements 0.86742
published_at 2026-06-05T12:55:00Z
1
value 0.0295
scoring_system epss
scoring_elements 0.8672
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36185
2
reference_url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36185
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36185
4
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
5
reference_url https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a
6
reference_url https://github.com/FasterXML/jackson-databind/issues/2998
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2998
7
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
8
reference_url https://security.netapp.com/advisory/ntap-20210205-0005
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210205-0005
9
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
10
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
11
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
12
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
13
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
14
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1913929
reference_id 1913929
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1913929
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36185
reference_id CVE-2020-36185
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36185
17
reference_url https://github.com/advisories/GHSA-8w26-6f25-cm9x
reference_id GHSA-8w26-6f25-cm9x
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8w26-6f25-cm9x
18
reference_url https://access.redhat.com/errata/RHSA-2021:1230
reference_id RHSA-2021:1230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1230
19
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8fr2-v728-cfcc
1
vulnerability VCID-r94a-3fq2-efdg
2
vulnerability VCID-w1c4-c4xs-yba4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-36185, GHSA-8w26-6f25-cm9x
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fkct-tzwg-mkh8
13
url VCID-kdkp-1ucy-w3g1
vulnerability_id VCID-kdkp-1ucy-w3g1
summary 
Deserialization of Untrusted Data
An issue was discovered in FasterXML jackson-databind. The use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:0782
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0782
1
reference_url https://access.redhat.com/errata/RHSA-2019:1822
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1822
2
reference_url https://access.redhat.com/errata/RHSA-2019:1823
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1823
3
reference_url https://access.redhat.com/errata/RHSA-2019:2804
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2804
4
reference_url https://access.redhat.com/errata/RHSA-2019:2858
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2858
5
reference_url https://access.redhat.com/errata/RHSA-2019:3002
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3002
6
reference_url https://access.redhat.com/errata/RHSA-2019:3140
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3140
7
reference_url https://access.redhat.com/errata/RHSA-2019:3149
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3149
8
reference_url https://access.redhat.com/errata/RHSA-2019:3892
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3892
9
reference_url https://access.redhat.com/errata/RHSA-2019:4037
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4037
10
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11307.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11307.json
11
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11307
reference_id
reference_type
scores
0
value 0.12722
scoring_system epss
scoring_elements 0.94135
published_at 2026-06-05T12:55:00Z
1
value 0.12722
scoring_system epss
scoring_elements 0.94126
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11307
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
23
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
24
reference_url https://github.com/FasterXML/jackson-databind/commit/051bd5e447fbc9539e12a4fe90eb989dba0c656
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/051bd5e447fbc9539e12a4fe90eb989dba0c656
25
reference_url https://github.com/FasterXML/jackson-databind/commit/27b4defc270454dea6842bd9279f17387eceb73
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/27b4defc270454dea6842bd9279f17387eceb73
26
reference_url https://github.com/FasterXML/jackson-databind/commit/78e78738d69adcb59fdac9fc12d9053ce8809f3d
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/78e78738d69adcb59fdac9fc12d9053ce8809f3d
27
reference_url https://github.com/FasterXML/jackson-databind/issues/2032
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2032
28
reference_url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
29
reference_url https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E
30
reference_url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
31
reference_url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
32
reference_url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
33
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
34
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
35
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
36
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
37
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1677341
reference_id 1677341
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1677341
38
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7525
reference_id CVE-2017-7525
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7525
39
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11307
reference_id CVE-2018-11307
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11307
40
reference_url https://github.com/advisories/GHSA-qr7j-h6gg-jmgc
reference_id GHSA-qr7j-h6gg-jmgc
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qr7j-h6gg-jmgc
41
reference_url https://usn.ubuntu.com/USN-4813-1/
reference_id USN-USN-4813-1
reference_type
scores
url https://usn.ubuntu.com/USN-4813-1/
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.4
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18u1-9nc1-2feh
1
vulnerability VCID-1uan-q6u8-affj
2
vulnerability VCID-39mg-y1k8-xbf9
3
vulnerability VCID-5887-pcyq-nkht
4
vulnerability VCID-7svn-u8ub-4faw
5
vulnerability VCID-88hx-kauy-4fcy
6
vulnerability VCID-8ec9-5qt4-duat
7
vulnerability VCID-8fr2-v728-cfcc
8
vulnerability VCID-8htk-33f4-4ufg
9
vulnerability VCID-8kwc-sxvr-skgp
10
vulnerability VCID-8mns-fyju-dqdr
11
vulnerability VCID-auzw-j1fc-jff8
12
vulnerability VCID-cnns-pjex-4ybt
13
vulnerability VCID-d6ez-jva8-hyag
14
vulnerability VCID-fkct-tzwg-mkh8
15
vulnerability VCID-nz1v-4hgs-6yge
16
vulnerability VCID-p52x-ese3-qkha
17
vulnerability VCID-qx3m-tcqj-ukc2
18
vulnerability VCID-r92s-4m4x-dqc7
19
vulnerability VCID-r94a-3fq2-efdg
20
vulnerability VCID-rfqz-nf3z-v3a3
21
vulnerability VCID-s61k-e43h-13b5
22
vulnerability VCID-skd6-gqh8-sbba
23
vulnerability VCID-t4kd-zjrn-kueu
24
vulnerability VCID-t79w-jeyp-suaw
25
vulnerability VCID-u37s-5nn4-wqbx
26
vulnerability VCID-uzry-ts4t-fbc8
27
vulnerability VCID-vnh3-bvyq-13d6
28
vulnerability VCID-vqke-p81x-sffn
29
vulnerability VCID-w1c4-c4xs-yba4
30
vulnerability VCID-w7nq-y9sx-nfcc
31
vulnerability VCID-wqg8-5kwe-vuem
32
vulnerability VCID-xqz3-k7ts-juck
33
vulnerability VCID-zbfc-s76k-gfgv
34
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.4
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.2
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18u1-9nc1-2feh
1
vulnerability VCID-1uan-q6u8-affj
2
vulnerability VCID-39mg-y1k8-xbf9
3
vulnerability VCID-5887-pcyq-nkht
4
vulnerability VCID-7svn-u8ub-4faw
5
vulnerability VCID-88hx-kauy-4fcy
6
vulnerability VCID-8fr2-v728-cfcc
7
vulnerability VCID-8htk-33f4-4ufg
8
vulnerability VCID-8kwc-sxvr-skgp
9
vulnerability VCID-8mns-fyju-dqdr
10
vulnerability VCID-auzw-j1fc-jff8
11
vulnerability VCID-cnns-pjex-4ybt
12
vulnerability VCID-d6ez-jva8-hyag
13
vulnerability VCID-fkct-tzwg-mkh8
14
vulnerability VCID-nz1v-4hgs-6yge
15
vulnerability VCID-p52x-ese3-qkha
16
vulnerability VCID-qx3m-tcqj-ukc2
17
vulnerability VCID-r92s-4m4x-dqc7
18
vulnerability VCID-r94a-3fq2-efdg
19
vulnerability VCID-rfqz-nf3z-v3a3
20
vulnerability VCID-s61k-e43h-13b5
21
vulnerability VCID-skd6-gqh8-sbba
22
vulnerability VCID-t4kd-zjrn-kueu
23
vulnerability VCID-t79w-jeyp-suaw
24
vulnerability VCID-u37s-5nn4-wqbx
25
vulnerability VCID-uzry-ts4t-fbc8
26
vulnerability VCID-vnh3-bvyq-13d6
27
vulnerability VCID-vqke-p81x-sffn
28
vulnerability VCID-w1c4-c4xs-yba4
29
vulnerability VCID-w7nq-y9sx-nfcc
30
vulnerability VCID-wqg8-5kwe-vuem
31
vulnerability VCID-xqz3-k7ts-juck
32
vulnerability VCID-zbfc-s76k-gfgv
33
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.2
2
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18u1-9nc1-2feh
1
vulnerability VCID-1uan-q6u8-affj
2
vulnerability VCID-1z31-s1cu-bbh4
3
vulnerability VCID-314g-t8xy-5khg
4
vulnerability VCID-39mg-y1k8-xbf9
5
vulnerability VCID-5887-pcyq-nkht
6
vulnerability VCID-7svn-u8ub-4faw
7
vulnerability VCID-88hx-kauy-4fcy
8
vulnerability VCID-89dx-2s8k-mufw
9
vulnerability VCID-8fr2-v728-cfcc
10
vulnerability VCID-8htk-33f4-4ufg
11
vulnerability VCID-8kwc-sxvr-skgp
12
vulnerability VCID-8mns-fyju-dqdr
13
vulnerability VCID-auzw-j1fc-jff8
14
vulnerability VCID-c1uz-emh5-9fhe
15
vulnerability VCID-cnns-pjex-4ybt
16
vulnerability VCID-crra-28kn-mqab
17
vulnerability VCID-d6ez-jva8-hyag
18
vulnerability VCID-dd77-bpcr-zfam
19
vulnerability VCID-fkct-tzwg-mkh8
20
vulnerability VCID-gxpn-pz3c-gugf
21
vulnerability VCID-nz1v-4hgs-6yge
22
vulnerability VCID-p52x-ese3-qkha
23
vulnerability VCID-q6zd-khan-9yhj
24
vulnerability VCID-q7ye-13eq-vuhy
25
vulnerability VCID-qx3m-tcqj-ukc2
26
vulnerability VCID-r92s-4m4x-dqc7
27
vulnerability VCID-r94a-3fq2-efdg
28
vulnerability VCID-rfqz-nf3z-v3a3
29
vulnerability VCID-rsg7-5tup-4bd1
30
vulnerability VCID-s61k-e43h-13b5
31
vulnerability VCID-skd6-gqh8-sbba
32
vulnerability VCID-t4kd-zjrn-kueu
33
vulnerability VCID-t79w-jeyp-suaw
34
vulnerability VCID-u37s-5nn4-wqbx
35
vulnerability VCID-ujnp-2f3v-s3h3
36
vulnerability VCID-uzry-ts4t-fbc8
37
vulnerability VCID-vnh3-bvyq-13d6
38
vulnerability VCID-vqke-p81x-sffn
39
vulnerability VCID-w1c4-c4xs-yba4
40
vulnerability VCID-w5gg-jtut-qkcc
41
vulnerability VCID-w7nq-y9sx-nfcc
42
vulnerability VCID-wqg8-5kwe-vuem
43
vulnerability VCID-xqz3-k7ts-juck
44
vulnerability VCID-y3uj-myy6-kbha
45
vulnerability VCID-z9uf-p9w2-57fj
46
vulnerability VCID-zbfc-s76k-gfgv
47
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
aliases CVE-2018-11307, GHSA-qr7j-h6gg-jmgc
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kdkp-1ucy-w3g1
14
url VCID-m3y5-xa6w-83b6
vulnerability_id VCID-m3y5-xa6w-83b6
summary 
jackson-databind Deserialization of Untrusted Data vulnerability
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:0959
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0959
1
reference_url https://access.redhat.com/errata/RHSA-2019:0782
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0782
2
reference_url https://access.redhat.com/errata/RHSA-2019:0877
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0877
3
reference_url https://access.redhat.com/errata/RHSA-2019:1106
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1106
4
reference_url https://access.redhat.com/errata/RHSA-2019:1107
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1107
5
reference_url https://access.redhat.com/errata/RHSA-2019:1108
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1108
6
reference_url https://access.redhat.com/errata/RHSA-2019:1140
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1140
7
reference_url https://access.redhat.com/errata/RHSA-2019:1782
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1782
8
reference_url https://access.redhat.com/errata/RHSA-2019:1797
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1797
9
reference_url https://access.redhat.com/errata/RHSA-2019:1822
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1822
10
reference_url https://access.redhat.com/errata/RHSA-2019:1823
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1823
11
reference_url https://access.redhat.com/errata/RHSA-2019:2804
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2804
12
reference_url https://access.redhat.com/errata/RHSA-2019:2858
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2858
13
reference_url https://access.redhat.com/errata/RHSA-2019:3002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3002
14
reference_url https://access.redhat.com/errata/RHSA-2019:3140
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3140
15
reference_url https://access.redhat.com/errata/RHSA-2019:3149
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3149
16
reference_url https://access.redhat.com/errata/RHSA-2019:3892
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3892
17
reference_url https://access.redhat.com/errata/RHSA-2019:4037
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4037
18
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12022.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12022.json
19
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12022
reference_id
reference_type
scores
0
value 0.03117
scoring_system epss
scoring_elements 0.871
published_at 2026-06-05T12:55:00Z
1
value 0.03117
scoring_system epss
scoring_elements 0.87077
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12022
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1671098
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1671098
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718
25
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719
26
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720
27
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721
28
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360
29
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361
30
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362
31
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
32
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
33
reference_url https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226
34
reference_url https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a
35
reference_url https://github.com/FasterXML/jackson-databind/commit/7487cf7eb14be2f65a1eb108e8629c07ef45e0a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/7487cf7eb14be2f65a1eb108e8629c07ef45e0a
36
reference_url https://github.com/FasterXML/jackson-databind/commit/bf261d404c2f79fd3406237710d40ebb03c99d84
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/bf261d404c2f79fd3406237710d40ebb03c99d84
37
reference_url https://github.com/FasterXML/jackson-databind/issues/2052
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2052
38
reference_url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
39
reference_url https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E
40
reference_url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
41
reference_url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
42
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC
43
reference_url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
44
reference_url https://seclists.org/bugtraq/2019/May/68
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/May/68
45
reference_url https://security.netapp.com/advisory/ntap-20190530-0003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190530-0003
46
reference_url https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf
47
reference_url https://www.debian.org/security/2019/dsa-4452
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4452
48
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
49
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
50
reference_url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
51
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
52
reference_url http://www.securityfocus.com/bid/107585
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/107585
53
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1671097
reference_id 1671097
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1671097
54
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12022
reference_id CVE-2018-12022
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12022
55
reference_url https://github.com/advisories/GHSA-cjjf-94ff-43w7
reference_id GHSA-cjjf-94ff-43w7
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-cjjf-94ff-43w7
56
reference_url https://usn.ubuntu.com/USN-4813-1/
reference_id USN-USN-4813-1
reference_type
scores
url https://usn.ubuntu.com/USN-4813-1/
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.4
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18u1-9nc1-2feh
1
vulnerability VCID-1uan-q6u8-affj
2
vulnerability VCID-39mg-y1k8-xbf9
3
vulnerability VCID-5887-pcyq-nkht
4
vulnerability VCID-7svn-u8ub-4faw
5
vulnerability VCID-88hx-kauy-4fcy
6
vulnerability VCID-8ec9-5qt4-duat
7
vulnerability VCID-8fr2-v728-cfcc
8
vulnerability VCID-8htk-33f4-4ufg
9
vulnerability VCID-8kwc-sxvr-skgp
10
vulnerability VCID-8mns-fyju-dqdr
11
vulnerability VCID-auzw-j1fc-jff8
12
vulnerability VCID-cnns-pjex-4ybt
13
vulnerability VCID-d6ez-jva8-hyag
14
vulnerability VCID-fkct-tzwg-mkh8
15
vulnerability VCID-nz1v-4hgs-6yge
16
vulnerability VCID-p52x-ese3-qkha
17
vulnerability VCID-qx3m-tcqj-ukc2
18
vulnerability VCID-r92s-4m4x-dqc7
19
vulnerability VCID-r94a-3fq2-efdg
20
vulnerability VCID-rfqz-nf3z-v3a3
21
vulnerability VCID-s61k-e43h-13b5
22
vulnerability VCID-skd6-gqh8-sbba
23
vulnerability VCID-t4kd-zjrn-kueu
24
vulnerability VCID-t79w-jeyp-suaw
25
vulnerability VCID-u37s-5nn4-wqbx
26
vulnerability VCID-uzry-ts4t-fbc8
27
vulnerability VCID-vnh3-bvyq-13d6
28
vulnerability VCID-vqke-p81x-sffn
29
vulnerability VCID-w1c4-c4xs-yba4
30
vulnerability VCID-w7nq-y9sx-nfcc
31
vulnerability VCID-wqg8-5kwe-vuem
32
vulnerability VCID-xqz3-k7ts-juck
33
vulnerability VCID-zbfc-s76k-gfgv
34
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.4
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.2
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18u1-9nc1-2feh
1
vulnerability VCID-1uan-q6u8-affj
2
vulnerability VCID-39mg-y1k8-xbf9
3
vulnerability VCID-5887-pcyq-nkht
4
vulnerability VCID-7svn-u8ub-4faw
5
vulnerability VCID-88hx-kauy-4fcy
6
vulnerability VCID-8fr2-v728-cfcc
7
vulnerability VCID-8htk-33f4-4ufg
8
vulnerability VCID-8kwc-sxvr-skgp
9
vulnerability VCID-8mns-fyju-dqdr
10
vulnerability VCID-auzw-j1fc-jff8
11
vulnerability VCID-cnns-pjex-4ybt
12
vulnerability VCID-d6ez-jva8-hyag
13
vulnerability VCID-fkct-tzwg-mkh8
14
vulnerability VCID-nz1v-4hgs-6yge
15
vulnerability VCID-p52x-ese3-qkha
16
vulnerability VCID-qx3m-tcqj-ukc2
17
vulnerability VCID-r92s-4m4x-dqc7
18
vulnerability VCID-r94a-3fq2-efdg
19
vulnerability VCID-rfqz-nf3z-v3a3
20
vulnerability VCID-s61k-e43h-13b5
21
vulnerability VCID-skd6-gqh8-sbba
22
vulnerability VCID-t4kd-zjrn-kueu
23
vulnerability VCID-t79w-jeyp-suaw
24
vulnerability VCID-u37s-5nn4-wqbx
25
vulnerability VCID-uzry-ts4t-fbc8
26
vulnerability VCID-vnh3-bvyq-13d6
27
vulnerability VCID-vqke-p81x-sffn
28
vulnerability VCID-w1c4-c4xs-yba4
29
vulnerability VCID-w7nq-y9sx-nfcc
30
vulnerability VCID-wqg8-5kwe-vuem
31
vulnerability VCID-xqz3-k7ts-juck
32
vulnerability VCID-zbfc-s76k-gfgv
33
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.2
2
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18u1-9nc1-2feh
1
vulnerability VCID-1uan-q6u8-affj
2
vulnerability VCID-1z31-s1cu-bbh4
3
vulnerability VCID-314g-t8xy-5khg
4
vulnerability VCID-39mg-y1k8-xbf9
5
vulnerability VCID-5887-pcyq-nkht
6
vulnerability VCID-7svn-u8ub-4faw
7
vulnerability VCID-88hx-kauy-4fcy
8
vulnerability VCID-89dx-2s8k-mufw
9
vulnerability VCID-8fr2-v728-cfcc
10
vulnerability VCID-8htk-33f4-4ufg
11
vulnerability VCID-8kwc-sxvr-skgp
12
vulnerability VCID-8mns-fyju-dqdr
13
vulnerability VCID-auzw-j1fc-jff8
14
vulnerability VCID-c1uz-emh5-9fhe
15
vulnerability VCID-cnns-pjex-4ybt
16
vulnerability VCID-crra-28kn-mqab
17
vulnerability VCID-d6ez-jva8-hyag
18
vulnerability VCID-dd77-bpcr-zfam
19
vulnerability VCID-fkct-tzwg-mkh8
20
vulnerability VCID-gxpn-pz3c-gugf
21
vulnerability VCID-nz1v-4hgs-6yge
22
vulnerability VCID-p52x-ese3-qkha
23
vulnerability VCID-q6zd-khan-9yhj
24
vulnerability VCID-q7ye-13eq-vuhy
25
vulnerability VCID-qx3m-tcqj-ukc2
26
vulnerability VCID-r92s-4m4x-dqc7
27
vulnerability VCID-r94a-3fq2-efdg
28
vulnerability VCID-rfqz-nf3z-v3a3
29
vulnerability VCID-rsg7-5tup-4bd1
30
vulnerability VCID-s61k-e43h-13b5
31
vulnerability VCID-skd6-gqh8-sbba
32
vulnerability VCID-t4kd-zjrn-kueu
33
vulnerability VCID-t79w-jeyp-suaw
34
vulnerability VCID-u37s-5nn4-wqbx
35
vulnerability VCID-ujnp-2f3v-s3h3
36
vulnerability VCID-uzry-ts4t-fbc8
37
vulnerability VCID-vnh3-bvyq-13d6
38
vulnerability VCID-vqke-p81x-sffn
39
vulnerability VCID-w1c4-c4xs-yba4
40
vulnerability VCID-w5gg-jtut-qkcc
41
vulnerability VCID-w7nq-y9sx-nfcc
42
vulnerability VCID-wqg8-5kwe-vuem
43
vulnerability VCID-xqz3-k7ts-juck
44
vulnerability VCID-y3uj-myy6-kbha
45
vulnerability VCID-z9uf-p9w2-57fj
46
vulnerability VCID-zbfc-s76k-gfgv
47
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
aliases CVE-2018-12022, GHSA-cjjf-94ff-43w7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m3y5-xa6w-83b6
15
url VCID-nz1v-4hgs-6yge
vulnerability_id VCID-nz1v-4hgs-6yge
summary 
Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36184.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36184.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36184
reference_id
reference_type
scores
0
value 0.07471
scoring_system epss
scoring_elements 0.91924
published_at 2026-06-05T12:55:00Z
1
value 0.07471
scoring_system epss
scoring_elements 0.91912
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36184
2
reference_url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/
url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36184
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36184
4
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
5
reference_url https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a
6
reference_url https://github.com/FasterXML/jackson-databind/issues/2998
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/
url https://github.com/FasterXML/jackson-databind/issues/2998
7
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
8
reference_url https://security.netapp.com/advisory/ntap-20210205-0005
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210205-0005
9
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/
url https://www.oracle.com/security-alerts/cpuApr2021.html
10
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/
url https://www.oracle.com/security-alerts/cpuapr2022.html
11
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/
url https://www.oracle.com/security-alerts/cpujan2022.html
12
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/
url https://www.oracle.com//security-alerts/cpujul2021.html
13
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
14
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/
url https://www.oracle.com/security-alerts/cpuoct2021.html
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1913928
reference_id 1913928
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1913928
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36184
reference_id CVE-2020-36184
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36184
17
reference_url https://github.com/advisories/GHSA-m6x4-97wx-4q27
reference_id GHSA-m6x4-97wx-4q27
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m6x4-97wx-4q27
18
reference_url https://security.netapp.com/advisory/ntap-20210205-0005/
reference_id ntap-20210205-0005
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/
url https://security.netapp.com/advisory/ntap-20210205-0005/
19
reference_url https://access.redhat.com/errata/RHSA-2021:1230
reference_id RHSA-2021:1230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1230
20
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8fr2-v728-cfcc
1
vulnerability VCID-r94a-3fq2-efdg
2
vulnerability VCID-w1c4-c4xs-yba4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-36184, GHSA-m6x4-97wx-4q27
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nz1v-4hgs-6yge
16
url VCID-qx3m-tcqj-ukc2
vulnerability_id VCID-qx3m-tcqj-ukc2
summary 
Improper Control of Dynamically-Managed Code Resources
FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing, related to `org.apache.commons.dbcp2.datasources.SharedPoolDataSource.`
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35491.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35491.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35491
reference_id
reference_type
scores
0
value 0.06186
scoring_system epss
scoring_elements 0.91021
published_at 2026-06-05T12:55:00Z
1
value 0.06186
scoring_system epss
scoring_elements 0.91007
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35491
2
reference_url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35491
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35491
4
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
5
reference_url https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d
6
reference_url https://github.com/FasterXML/jackson-databind/issues/2986
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2986
7
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
8
reference_url https://security.netapp.com/advisory/ntap-20210122-0005
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210122-0005
9
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
10
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
11
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
12
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
13
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
14
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1909269
reference_id 1909269
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1909269
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-35491
reference_id CVE-2020-35491
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-35491
17
reference_url https://github.com/advisories/GHSA-r3gr-cxrf-hg25
reference_id GHSA-r3gr-cxrf-hg25
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r3gr-cxrf-hg25
18
reference_url https://access.redhat.com/errata/RHSA-2021:1230
reference_id RHSA-2021:1230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1230
19
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8fr2-v728-cfcc
1
vulnerability VCID-r94a-3fq2-efdg
2
vulnerability VCID-w1c4-c4xs-yba4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-35491, GHSA-r3gr-cxrf-hg25
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qx3m-tcqj-ukc2
17
url VCID-r92s-4m4x-dqc7
vulnerability_id VCID-r92s-4m4x-dqc7
summary 
Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36183.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36183.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36183
reference_id
reference_type
scores
0
value 0.02241
scoring_system epss
scoring_elements 0.8489
published_at 2026-06-05T12:55:00Z
1
value 0.02241
scoring_system epss
scoring_elements 0.84867
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36183
2
reference_url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36183
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36183
4
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
5
reference_url https://github.com/FasterXML/jackson-databind/commit/12e23c962ffb4cf1857c5461d72ae54cc8008f29
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/12e23c962ffb4cf1857c5461d72ae54cc8008f29
6
reference_url https://github.com/FasterXML/jackson-databind/issues/3003
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/3003
7
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
8
reference_url https://security.netapp.com/advisory/ntap-20210205-0005
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210205-0005
9
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
10
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
11
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
12
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
13
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
14
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1913927
reference_id 1913927
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1913927
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36183
reference_id CVE-2020-36183
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36183
17
reference_url https://github.com/advisories/GHSA-9m6f-7xcq-8vf8
reference_id GHSA-9m6f-7xcq-8vf8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9m6f-7xcq-8vf8
18
reference_url https://access.redhat.com/errata/RHSA-2021:1230
reference_id RHSA-2021:1230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1230
19
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-5887-pcyq-nkht
2
vulnerability VCID-88hx-kauy-4fcy
3
vulnerability VCID-8ec9-5qt4-duat
4
vulnerability VCID-8fr2-v728-cfcc
5
vulnerability VCID-8htk-33f4-4ufg
6
vulnerability VCID-8kwc-sxvr-skgp
7
vulnerability VCID-auzw-j1fc-jff8
8
vulnerability VCID-cnns-pjex-4ybt
9
vulnerability VCID-ez2q-xgz1-rkab
10
vulnerability VCID-fkct-tzwg-mkh8
11
vulnerability VCID-kdkp-1ucy-w3g1
12
vulnerability VCID-m3y5-xa6w-83b6
13
vulnerability VCID-nz1v-4hgs-6yge
14
vulnerability VCID-qx3m-tcqj-ukc2
15
vulnerability VCID-r94a-3fq2-efdg
16
vulnerability VCID-skd6-gqh8-sbba
17
vulnerability VCID-tfky-edec-13gw
18
vulnerability VCID-uzry-ts4t-fbc8
19
vulnerability VCID-vnh3-bvyq-13d6
20
vulnerability VCID-vqke-p81x-sffn
21
vulnerability VCID-w1c4-c4xs-yba4
22
vulnerability VCID-w7nq-y9sx-nfcc
23
vulnerability VCID-xqz3-k7ts-juck
24
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8fr2-v728-cfcc
1
vulnerability VCID-r94a-3fq2-efdg
2
vulnerability VCID-w1c4-c4xs-yba4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-36183, GHSA-9m6f-7xcq-8vf8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r92s-4m4x-dqc7
18
url VCID-r94a-3fq2-efdg
vulnerability_id VCID-r94a-3fq2-efdg
summary In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42003.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42003.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42003
reference_id
reference_type
scores
0
value 0.00317
scoring_system epss
scoring_elements 0.55141
published_at 2026-06-05T12:55:00Z
1
value 0.00317
scoring_system epss
scoring_elements 0.55082
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42003
2
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
8
reference_url https://github.com/FasterXML/jackson-databind/blob/2.13/release-notes/VERSION-2.x
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/blob/2.13/release-notes/VERSION-2.x
9
reference_url https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1
10
reference_url https://github.com/FasterXML/jackson-databind/commit/2c4a601c626f7790cad9d3c322d244e182838288
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/2c4a601c626f7790cad9d3c322d244e182838288
11
reference_url https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc
12
reference_url https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea
13
reference_url https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45
14
reference_url https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33
15
reference_url https://github.com/FasterXML/jackson-databind/commits/jackson-databind-2.4.0-rc1?after=75b97b8519f0d50c62523ad85170d80a197a2c86+174&branch=jackson-databind-2.4.0-rc1&qualified_name=refs%2Ftags%2Fjackson-databind-2.4.0-rc1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commits/jackson-databind-2.4.0-rc1?after=75b97b8519f0d50c62523ad85170d80a197a2c86+174&branch=jackson-databind-2.4.0-rc1&qualified_name=refs%2Ftags%2Fjackson-databind-2.4.0-rc1
16
reference_url https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.13.4.1...jackson-databind-2.13.4.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.13.4.1...jackson-databind-2.13.4.2
17
reference_url https://github.com/FasterXML/jackson-databind/issues/3590
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/3590
18
reference_url https://github.com/FasterXML/jackson-databind/issues/3627
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/3627
19
reference_url https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42003
21
reference_url https://security.gentoo.org/glsa/202210-21
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202210-21
22
reference_url https://security.netapp.com/advisory/ntap-20221124-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20221124-0004
23
reference_url https://www.debian.org/security/2022/dsa-5283
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5283
24
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2135244
reference_id 2135244
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2135244
25
reference_url https://github.com/advisories/GHSA-jjjh-jjxp-wpff
reference_id GHSA-jjjh-jjxp-wpff
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jjjh-jjxp-wpff
26
reference_url https://access.redhat.com/errata/RHSA-2022:7435
reference_id RHSA-2022:7435
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7435
27
reference_url https://access.redhat.com/errata/RHSA-2022:8781
reference_id RHSA-2022:8781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8781
28
reference_url https://access.redhat.com/errata/RHSA-2022:8876
reference_id RHSA-2022:8876
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8876
29
reference_url https://access.redhat.com/errata/RHSA-2022:8889
reference_id RHSA-2022:8889
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8889
30
reference_url https://access.redhat.com/errata/RHSA-2022:9023
reference_id RHSA-2022:9023
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:9023
31
reference_url https://access.redhat.com/errata/RHSA-2022:9032
reference_id RHSA-2022:9032
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:9032
32
reference_url https://access.redhat.com/errata/RHSA-2023:0189
reference_id RHSA-2023:0189
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0189
33
reference_url https://access.redhat.com/errata/RHSA-2023:0261
reference_id RHSA-2023:0261
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0261
34
reference_url https://access.redhat.com/errata/RHSA-2023:0264
reference_id RHSA-2023:0264
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0264
35
reference_url https://access.redhat.com/errata/RHSA-2023:0469
reference_id RHSA-2023:0469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0469
36
reference_url https://access.redhat.com/errata/RHSA-2023:0471
reference_id RHSA-2023:0471
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0471
37
reference_url https://access.redhat.com/errata/RHSA-2023:0552
reference_id RHSA-2023:0552
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0552
38
reference_url https://access.redhat.com/errata/RHSA-2023:0553
reference_id RHSA-2023:0553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0553
39
reference_url https://access.redhat.com/errata/RHSA-2023:0554
reference_id RHSA-2023:0554
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0554
40
reference_url https://access.redhat.com/errata/RHSA-2023:0556
reference_id RHSA-2023:0556
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0556
41
reference_url https://access.redhat.com/errata/RHSA-2023:0713
reference_id RHSA-2023:0713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0713
42
reference_url https://access.redhat.com/errata/RHSA-2023:1006
reference_id RHSA-2023:1006
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1006
43
reference_url https://access.redhat.com/errata/RHSA-2023:1064
reference_id RHSA-2023:1064
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1064
44
reference_url https://access.redhat.com/errata/RHSA-2023:1151
reference_id RHSA-2023:1151
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1151
45
reference_url https://access.redhat.com/errata/RHSA-2023:2097
reference_id RHSA-2023:2097
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2097
46
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
47
reference_url https://access.redhat.com/errata/RHSA-2023:2135
reference_id RHSA-2023:2135
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2135
48
reference_url https://access.redhat.com/errata/RHSA-2023:3223
reference_id RHSA-2023:3223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3223
49
reference_url https://access.redhat.com/errata/RHSA-2023:3641
reference_id RHSA-2023:3641
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3641
50
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
51
reference_url https://access.redhat.com/errata/RHSA-2025:1746
reference_id RHSA-2025:1746
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1746
52
reference_url https://access.redhat.com/errata/RHSA-2025:1747
reference_id RHSA-2025:1747
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1747
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4.2
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4.2
aliases CVE-2022-42003, GHSA-jjjh-jjxp-wpff
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r94a-3fq2-efdg
19
url VCID-rfqz-nf3z-v3a3
vulnerability_id VCID-rfqz-nf3z-v3a3
summary 
Deserialization of Untrusted Data
FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36187.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36187.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36187
reference_id
reference_type
scores
0
value 0.02335
scoring_system epss
scoring_elements 0.85162
published_at 2026-06-05T12:55:00Z
1
value 0.02335
scoring_system epss
scoring_elements 0.85137
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36187
2
reference_url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36187
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36187
4
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
5
reference_url https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1
6
reference_url https://github.com/FasterXML/jackson-databind/issues/2997
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2997
7
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
8
reference_url https://security.netapp.com/advisory/ntap-20210205-0005
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210205-0005
9
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
10
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
11
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
12
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
13
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
14
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1913933
reference_id 1913933
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1913933
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36187
reference_id CVE-2020-36187
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36187
17
reference_url https://github.com/advisories/GHSA-r695-7vr9-jgc2
reference_id GHSA-r695-7vr9-jgc2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r695-7vr9-jgc2
18
reference_url https://access.redhat.com/errata/RHSA-2021:1230
reference_id RHSA-2021:1230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1230
19
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-5887-pcyq-nkht
2
vulnerability VCID-88hx-kauy-4fcy
3
vulnerability VCID-8ec9-5qt4-duat
4
vulnerability VCID-8fr2-v728-cfcc
5
vulnerability VCID-8htk-33f4-4ufg
6
vulnerability VCID-8kwc-sxvr-skgp
7
vulnerability VCID-auzw-j1fc-jff8
8
vulnerability VCID-cnns-pjex-4ybt
9
vulnerability VCID-ez2q-xgz1-rkab
10
vulnerability VCID-fkct-tzwg-mkh8
11
vulnerability VCID-kdkp-1ucy-w3g1
12
vulnerability VCID-m3y5-xa6w-83b6
13
vulnerability VCID-nz1v-4hgs-6yge
14
vulnerability VCID-qx3m-tcqj-ukc2
15
vulnerability VCID-r94a-3fq2-efdg
16
vulnerability VCID-skd6-gqh8-sbba
17
vulnerability VCID-tfky-edec-13gw
18
vulnerability VCID-uzry-ts4t-fbc8
19
vulnerability VCID-vnh3-bvyq-13d6
20
vulnerability VCID-vqke-p81x-sffn
21
vulnerability VCID-w1c4-c4xs-yba4
22
vulnerability VCID-w7nq-y9sx-nfcc
23
vulnerability VCID-xqz3-k7ts-juck
24
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8fr2-v728-cfcc
1
vulnerability VCID-r94a-3fq2-efdg
2
vulnerability VCID-w1c4-c4xs-yba4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-36187, GHSA-r695-7vr9-jgc2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rfqz-nf3z-v3a3
20
url VCID-rg7k-kaxv-2ubx
vulnerability_id VCID-rg7k-kaxv-2ubx
summary 
Deserialization of Untrusted Data
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the `readValue` method of the `ObjectMapper`.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:1834
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1834
1
reference_url https://access.redhat.com/errata/RHSA-2017:1835
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1835
2
reference_url https://access.redhat.com/errata/RHSA-2017:1836
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1836
3
reference_url https://access.redhat.com/errata/RHSA-2017:1837
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1837
4
reference_url https://access.redhat.com/errata/RHSA-2017:1839
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1839
5
reference_url https://access.redhat.com/errata/RHSA-2017:1840
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1840
6
reference_url https://access.redhat.com/errata/RHSA-2017:2477
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2477
7
reference_url https://access.redhat.com/errata/RHSA-2017:2546
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2546
8
reference_url https://access.redhat.com/errata/RHSA-2017:2547
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2547
9
reference_url https://access.redhat.com/errata/RHSA-2017:2633
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2633
10
reference_url https://access.redhat.com/errata/RHSA-2017:2635
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2635
11
reference_url https://access.redhat.com/errata/RHSA-2017:2636
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2636
12
reference_url https://access.redhat.com/errata/RHSA-2017:2637
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2637
13
reference_url https://access.redhat.com/errata/RHSA-2017:2638
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2638
14
reference_url https://access.redhat.com/errata/RHSA-2017:3141
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3141
15
reference_url https://access.redhat.com/errata/RHSA-2017:3454
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3454
16
reference_url https://access.redhat.com/errata/RHSA-2017:3455
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3455
17
reference_url https://access.redhat.com/errata/RHSA-2017:3456
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3456
18
reference_url https://access.redhat.com/errata/RHSA-2017:3458
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3458
19
reference_url https://access.redhat.com/errata/RHSA-2018:0294
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0294
20
reference_url https://access.redhat.com/errata/RHSA-2018:0342
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0342
21
reference_url https://access.redhat.com/errata/RHSA-2018:1449
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1449
22
reference_url https://access.redhat.com/errata/RHSA-2018:1450
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1450
23
reference_url https://access.redhat.com/errata/RHSA-2019:0910
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0910
24
reference_url https://access.redhat.com/errata/RHSA-2019:2858
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2858
25
reference_url https://access.redhat.com/errata/RHSA-2019:3149
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3149
26
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7525.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7525.json
27
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7525
reference_id
reference_type
scores
0
value 0.82379
scoring_system epss
scoring_elements 0.99245
published_at 2026-06-05T12:55:00Z
1
value 0.82379
scoring_system epss
scoring_elements 0.99244
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7525
28
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1462702
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1462702
29
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525
30
reference_url https://cwiki.apache.org/confluence/display/WW/S2-055
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-055
31
reference_url https://github.com/advisories/GHSA-qxxx-2pp7-5hmx
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-qxxx-2pp7-5hmx
32
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
33
reference_url https://github.com/FasterXML/jackson-databind/commit/3bfbb835e530055c1941ddf87fde0b08d08dcd38
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/3bfbb835e530055c1941ddf87fde0b08d08dcd38
34
reference_url https://github.com/FasterXML/jackson-databind/commit/60d459cedcf079c6106ae7da2ac562bc32dcabe1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/60d459cedcf079c6106ae7da2ac562bc32dcabe1
35
reference_url https://github.com/FasterXML/jackson-databind/commit/680d75b011edd67a2d2a2e9980998a968194c2ef
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/680d75b011edd67a2d2a2e9980998a968194c2ef
36
reference_url https://github.com/FasterXML/jackson-databind/commit/6ce32ffd18facac6abdbbf559c817b47fcb622c1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/6ce32ffd18facac6abdbbf559c817b47fcb622c1
37
reference_url https://github.com/FasterXML/jackson-databind/commit/90042692085deeb05ae75c569c9909f7dba24415
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/90042692085deeb05ae75c569c9909f7dba24415
38
reference_url https://github.com/FasterXML/jackson-databind/commit/ddfddfba6414adbecaff99684ef66eebd3a92e92
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/commit/ddfddfba6414adbecaff99684ef66eebd3a92e92
39
reference_url https://github.com/FasterXML/jackson-databind/commit/e8f043d1aac9b82eee907e0f0c3abbdea723a935
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/commit/e8f043d1aac9b82eee907e0f0c3abbdea723a935
40
reference_url https://github.com/FasterXML/jackson-databind/commit/fa87c1ddbe803ebb7295f5c2ebfe38e12f6e6162
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/fa87c1ddbe803ebb7295f5c2ebfe38e12f6e6162
41
reference_url https://github.com/FasterXML/jackson-databind/commit/fd8dec2c7fab8b4b4bd60502a0f1d63ec23c24da
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/fd8dec2c7fab8b4b4bd60502a0f1d63ec23c24da
42
reference_url https://github.com/FasterXML/jackson-databind/issues/1599
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/1599
43
reference_url https://github.com/FasterXML/jackson-databind/issues/1723
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/1723
44
reference_url https://github.com/FasterXML/jackson-databind/issues/1737
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/1737
45
reference_url https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f@%3Cdev.lucene.apache.org%3E
46
reference_url https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b@%3Ccommits.cassandra.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b@%3Ccommits.cassandra.apache.org%3E
47
reference_url https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399@%3Csolr-user.lucene.apache.org%3E
48
reference_url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
49
reference_url https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
50
reference_url https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346@%3Cdev.lucene.apache.org%3E
51
reference_url https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913@%3Cdev.lucene.apache.org%3E
52
reference_url https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6@%3Cdev.lucene.apache.org%3E
53
reference_url https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87@%3Csolr-user.lucene.apache.org%3E
54
reference_url https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E
55
reference_url https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486@%3Cdev.lucene.apache.org%3E
56
reference_url https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7@%3Ccommits.cassandra.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7@%3Ccommits.cassandra.apache.org%3E
57
reference_url https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589@%3Cissues.spark.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589@%3Cissues.spark.apache.org%3E
58
reference_url https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3E
59
reference_url https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html
60
reference_url https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html
61
reference_url https://security.netapp.com/advisory/ntap-20171214-0002
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20171214-0002
62
reference_url https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
63
reference_url https://www.debian.org/security/2017/dsa-4004
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2017/dsa-4004
64
reference_url https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true
reference_id
reference_type
scores
url https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true
65
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
66
reference_url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
67
reference_url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
68
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
69
reference_url http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
70
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
71
reference_url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
72
reference_url http://www.securityfocus.com/bid/99623
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/99623
73
reference_url http://www.securitytracker.com/id/1039744
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1039744
74
reference_url http://www.securitytracker.com/id/1039947
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1039947
75
reference_url http://www.securitytracker.com/id/1040360
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1040360
76
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870848
reference_id 870848
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870848
77
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7525
reference_id CVE-2017-7525
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7525
78
reference_url https://usn.ubuntu.com/4741-1/
reference_id USN-4741-1
reference_type
scores
url https://usn.ubuntu.com/4741-1/
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.1
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18u1-9nc1-2feh
1
vulnerability VCID-1uan-q6u8-affj
2
vulnerability VCID-1z31-s1cu-bbh4
3
vulnerability VCID-39mg-y1k8-xbf9
4
vulnerability VCID-5887-pcyq-nkht
5
vulnerability VCID-7svn-u8ub-4faw
6
vulnerability VCID-88hx-kauy-4fcy
7
vulnerability VCID-8ec9-5qt4-duat
8
vulnerability VCID-8fr2-v728-cfcc
9
vulnerability VCID-8htk-33f4-4ufg
10
vulnerability VCID-8kwc-sxvr-skgp
11
vulnerability VCID-8mns-fyju-dqdr
12
vulnerability VCID-auzw-j1fc-jff8
13
vulnerability VCID-cnns-pjex-4ybt
14
vulnerability VCID-d6ez-jva8-hyag
15
vulnerability VCID-ez2q-xgz1-rkab
16
vulnerability VCID-fkct-tzwg-mkh8
17
vulnerability VCID-kdkp-1ucy-w3g1
18
vulnerability VCID-m3y5-xa6w-83b6
19
vulnerability VCID-nz1v-4hgs-6yge
20
vulnerability VCID-qx3m-tcqj-ukc2
21
vulnerability VCID-r92s-4m4x-dqc7
22
vulnerability VCID-r94a-3fq2-efdg
23
vulnerability VCID-rfqz-nf3z-v3a3
24
vulnerability VCID-s61k-e43h-13b5
25
vulnerability VCID-skd6-gqh8-sbba
26
vulnerability VCID-t4kd-zjrn-kueu
27
vulnerability VCID-t79w-jeyp-suaw
28
vulnerability VCID-tfky-edec-13gw
29
vulnerability VCID-u37s-5nn4-wqbx
30
vulnerability VCID-ujnp-2f3v-s3h3
31
vulnerability VCID-uzry-ts4t-fbc8
32
vulnerability VCID-vnh3-bvyq-13d6
33
vulnerability VCID-vqke-p81x-sffn
34
vulnerability VCID-w1c4-c4xs-yba4
35
vulnerability VCID-w7nq-y9sx-nfcc
36
vulnerability VCID-wqg8-5kwe-vuem
37
vulnerability VCID-xqz3-k7ts-juck
38
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.1
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.1
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18u1-9nc1-2feh
1
vulnerability VCID-1uan-q6u8-affj
2
vulnerability VCID-2uzw-pn14-p7a1
3
vulnerability VCID-39mg-y1k8-xbf9
4
vulnerability VCID-5887-pcyq-nkht
5
vulnerability VCID-7svn-u8ub-4faw
6
vulnerability VCID-88hx-kauy-4fcy
7
vulnerability VCID-8ec9-5qt4-duat
8
vulnerability VCID-8fr2-v728-cfcc
9
vulnerability VCID-8htk-33f4-4ufg
10
vulnerability VCID-8kwc-sxvr-skgp
11
vulnerability VCID-8mns-fyju-dqdr
12
vulnerability VCID-auzw-j1fc-jff8
13
vulnerability VCID-cnns-pjex-4ybt
14
vulnerability VCID-d6ez-jva8-hyag
15
vulnerability VCID-ez2q-xgz1-rkab
16
vulnerability VCID-fkct-tzwg-mkh8
17
vulnerability VCID-kdkp-1ucy-w3g1
18
vulnerability VCID-m3y5-xa6w-83b6
19
vulnerability VCID-nz1v-4hgs-6yge
20
vulnerability VCID-p52x-ese3-qkha
21
vulnerability VCID-qx3m-tcqj-ukc2
22
vulnerability VCID-r92s-4m4x-dqc7
23
vulnerability VCID-r94a-3fq2-efdg
24
vulnerability VCID-rfqz-nf3z-v3a3
25
vulnerability VCID-s61k-e43h-13b5
26
vulnerability VCID-skd6-gqh8-sbba
27
vulnerability VCID-t4kd-zjrn-kueu
28
vulnerability VCID-t79w-jeyp-suaw
29
vulnerability VCID-tfky-edec-13gw
30
vulnerability VCID-u37s-5nn4-wqbx
31
vulnerability VCID-uzry-ts4t-fbc8
32
vulnerability VCID-vnh3-bvyq-13d6
33
vulnerability VCID-vqke-p81x-sffn
34
vulnerability VCID-w1c4-c4xs-yba4
35
vulnerability VCID-w7nq-y9sx-nfcc
36
vulnerability VCID-wqg8-5kwe-vuem
37
vulnerability VCID-xqz3-k7ts-juck
38
vulnerability VCID-zbfc-s76k-gfgv
39
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.1
2
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.9
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18u1-9nc1-2feh
1
vulnerability VCID-1uan-q6u8-affj
2
vulnerability VCID-2uzw-pn14-p7a1
3
vulnerability VCID-39mg-y1k8-xbf9
4
vulnerability VCID-5887-pcyq-nkht
5
vulnerability VCID-7svn-u8ub-4faw
6
vulnerability VCID-88hx-kauy-4fcy
7
vulnerability VCID-8ec9-5qt4-duat
8
vulnerability VCID-8fr2-v728-cfcc
9
vulnerability VCID-8htk-33f4-4ufg
10
vulnerability VCID-8kwc-sxvr-skgp
11
vulnerability VCID-8mns-fyju-dqdr
12
vulnerability VCID-auzw-j1fc-jff8
13
vulnerability VCID-cnns-pjex-4ybt
14
vulnerability VCID-d6ez-jva8-hyag
15
vulnerability VCID-ez2q-xgz1-rkab
16
vulnerability VCID-fkct-tzwg-mkh8
17
vulnerability VCID-kdkp-1ucy-w3g1
18
vulnerability VCID-m3y5-xa6w-83b6
19
vulnerability VCID-nz1v-4hgs-6yge
20
vulnerability VCID-p52x-ese3-qkha
21
vulnerability VCID-qx3m-tcqj-ukc2
22
vulnerability VCID-r92s-4m4x-dqc7
23
vulnerability VCID-r94a-3fq2-efdg
24
vulnerability VCID-rfqz-nf3z-v3a3
25
vulnerability VCID-s61k-e43h-13b5
26
vulnerability VCID-skd6-gqh8-sbba
27
vulnerability VCID-t4kd-zjrn-kueu
28
vulnerability VCID-t79w-jeyp-suaw
29
vulnerability VCID-tfky-edec-13gw
30
vulnerability VCID-u37s-5nn4-wqbx
31
vulnerability VCID-uzry-ts4t-fbc8
32
vulnerability VCID-vnh3-bvyq-13d6
33
vulnerability VCID-vqke-p81x-sffn
34
vulnerability VCID-w1c4-c4xs-yba4
35
vulnerability VCID-w7nq-y9sx-nfcc
36
vulnerability VCID-wqg8-5kwe-vuem
37
vulnerability VCID-xqz3-k7ts-juck
38
vulnerability VCID-zbfc-s76k-gfgv
39
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.9
aliases CVE-2017-7525, GHSA-qxxx-2pp7-5hmx
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rg7k-kaxv-2ubx
21
url VCID-s61k-e43h-13b5
vulnerability_id VCID-s61k-e43h-13b5
summary 
Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24750.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24750.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-24750
reference_id
reference_type
scores
0
value 0.02052
scoring_system epss
scoring_elements 0.84217
published_at 2026-06-05T12:55:00Z
1
value 0.02052
scoring_system epss
scoring_elements 0.84194
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-24750
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24750
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24750
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
5
reference_url https://github.com/FasterXML/jackson-databind/commit/2118e71325486c68f089a9761c9d8a11b4ddd1cb
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/2118e71325486c68f089a9761c9d8a11b4ddd1cb
6
reference_url https://github.com/FasterXML/jackson-databind/commit/6cc9f1a1af323cd156f5668a47e43bab324ae16f
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/6cc9f1a1af323cd156f5668a47e43bab324ae16f
7
reference_url https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b
8
reference_url https://github.com/FasterXML/jackson-databind/issues/2798
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2798
9
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
10
reference_url https://security.netapp.com/advisory/ntap-20201009-0003
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20201009-0003
11
reference_url https://security.netapp.com/advisory/ntap-20201009-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20201009-0003/
12
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
13
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
14
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
15
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
16
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
17
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1882310
reference_id 1882310
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1882310
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-24750
reference_id CVE-2020-24750
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-24750
20
reference_url https://github.com/advisories/GHSA-qjw2-hr98-qgfh
reference_id GHSA-qjw2-hr98-qgfh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qjw2-hr98-qgfh
21
reference_url https://access.redhat.com/errata/RHSA-2020:4173
reference_id RHSA-2020:4173
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4173
22
reference_url https://access.redhat.com/errata/RHSA-2020:5635
reference_id RHSA-2020:5635
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5635
23
reference_url https://access.redhat.com/errata/RHSA-2021:1230
reference_id RHSA-2021:1230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1230
24
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-5887-pcyq-nkht
2
vulnerability VCID-88hx-kauy-4fcy
3
vulnerability VCID-8ec9-5qt4-duat
4
vulnerability VCID-8fr2-v728-cfcc
5
vulnerability VCID-8htk-33f4-4ufg
6
vulnerability VCID-8kwc-sxvr-skgp
7
vulnerability VCID-auzw-j1fc-jff8
8
vulnerability VCID-cnns-pjex-4ybt
9
vulnerability VCID-ez2q-xgz1-rkab
10
vulnerability VCID-fkct-tzwg-mkh8
11
vulnerability VCID-kdkp-1ucy-w3g1
12
vulnerability VCID-m3y5-xa6w-83b6
13
vulnerability VCID-nz1v-4hgs-6yge
14
vulnerability VCID-qx3m-tcqj-ukc2
15
vulnerability VCID-r94a-3fq2-efdg
16
vulnerability VCID-skd6-gqh8-sbba
17
vulnerability VCID-tfky-edec-13gw
18
vulnerability VCID-uzry-ts4t-fbc8
19
vulnerability VCID-vnh3-bvyq-13d6
20
vulnerability VCID-vqke-p81x-sffn
21
vulnerability VCID-w1c4-c4xs-yba4
22
vulnerability VCID-w7nq-y9sx-nfcc
23
vulnerability VCID-xqz3-k7ts-juck
24
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z31-s1cu-bbh4
1
vulnerability VCID-5887-pcyq-nkht
2
vulnerability VCID-8fr2-v728-cfcc
3
vulnerability VCID-8kwc-sxvr-skgp
4
vulnerability VCID-fkct-tzwg-mkh8
5
vulnerability VCID-nz1v-4hgs-6yge
6
vulnerability VCID-qx3m-tcqj-ukc2
7
vulnerability VCID-r92s-4m4x-dqc7
8
vulnerability VCID-r94a-3fq2-efdg
9
vulnerability VCID-rfqz-nf3z-v3a3
10
vulnerability VCID-vnh3-bvyq-13d6
11
vulnerability VCID-w1c4-c4xs-yba4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6
aliases CVE-2020-24750, GHSA-qjw2-hr98-qgfh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s61k-e43h-13b5
22
url VCID-skd6-gqh8-sbba
vulnerability_id VCID-skd6-gqh8-sbba
summary A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10650
reference_id
reference_type
scores
0
value 0.09009
scoring_system epss
scoring_elements 0.92786
published_at 2026-06-05T12:55:00Z
1
value 0.09009
scoring_system epss
scoring_elements 0.92774
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10650
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10650
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10650
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
4
reference_url https://github.com/FasterXML/jackson-databind/commit/a424c038ba0c0d65e579e22001dec925902ac0ef
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-14T16:21:17Z/
url https://github.com/FasterXML/jackson-databind/commit/a424c038ba0c0d65e579e22001dec925902ac0ef
5
reference_url https://github.com/FasterXML/jackson-databind/issues/2658
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-14T16:21:17Z/
url https://github.com/FasterXML/jackson-databind/issues/2658
6
reference_url https://github.com/FasterXML/jackson-databind/pull/2864
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/pull/2864
7
reference_url https://github.com/luisgarciacheckmarx/LGV_onefile/issues/19
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/luisgarciacheckmarx/LGV_onefile/issues/19
8
reference_url https://lists.debian.org/debian-lts-announce/2023/04/msg00032.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-14T16:21:17Z/
url https://lists.debian.org/debian-lts-announce/2023/04/msg00032.html
9
reference_url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10650
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10650
11
reference_url https://security.netapp.com/advisory/ntap-20230818-0007
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230818-0007
12
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-14T16:21:17Z/
url https://www.oracle.com/security-alerts/cpujan2021.html
13
reference_url https://www.oracle.com/security-alerts/cpuoct2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-14T16:21:17Z/
url https://www.oracle.com/security-alerts/cpuoct2022.html
14
reference_url https://github.com/advisories/GHSA-rpr3-cw39-3pxh
reference_id GHSA-rpr3-cw39-3pxh
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-14T16:21:17Z/
url https://github.com/advisories/GHSA-rpr3-cw39-3pxh
15
reference_url https://security.netapp.com/advisory/ntap-20230818-0007/
reference_id ntap-20230818-0007
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-14T16:21:17Z/
url https://security.netapp.com/advisory/ntap-20230818-0007/
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z31-s1cu-bbh4
1
vulnerability VCID-5887-pcyq-nkht
2
vulnerability VCID-89dx-2s8k-mufw
3
vulnerability VCID-8fr2-v728-cfcc
4
vulnerability VCID-8kwc-sxvr-skgp
5
vulnerability VCID-dd77-bpcr-zfam
6
vulnerability VCID-fkct-tzwg-mkh8
7
vulnerability VCID-nz1v-4hgs-6yge
8
vulnerability VCID-qx3m-tcqj-ukc2
9
vulnerability VCID-r92s-4m4x-dqc7
10
vulnerability VCID-r94a-3fq2-efdg
11
vulnerability VCID-rfqz-nf3z-v3a3
12
vulnerability VCID-s61k-e43h-13b5
13
vulnerability VCID-vnh3-bvyq-13d6
14
vulnerability VCID-w1c4-c4xs-yba4
15
vulnerability VCID-w5gg-jtut-qkcc
16
vulnerability VCID-xqz3-k7ts-juck
17
vulnerability VCID-z9uf-p9w2-57fj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4
aliases CVE-2020-10650, GHSA-rpr3-cw39-3pxh, GMS-2022-2955
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-skd6-gqh8-sbba
23
url VCID-t4kd-zjrn-kueu
vulnerability_id VCID-t4kd-zjrn-kueu
summary 
Polymorphic deserialization of malicious object in jackson-databind
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5, and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0729
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0729
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14892.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14892.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14892
reference_id
reference_type
scores
0
value 0.00897
scoring_system epss
scoring_elements 0.76026
published_at 2026-06-05T12:55:00Z
1
value 0.00897
scoring_system epss
scoring_elements 0.76001
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14892
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14892
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14892
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14892
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14892
5
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
6
reference_url https://github.com/FasterXML/jackson-databind/commit/41b7f9b90149e9d44a65a8261a8deedc7186f6af
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/41b7f9b90149e9d44a65a8261a8deedc7186f6af
7
reference_url https://github.com/FasterXML/jackson-databind/commit/819cdbcab51c6da9fb896380f2d46e9b7d4fdc3b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/819cdbcab51c6da9fb896380f2d46e9b7d4fdc3b
8
reference_url https://github.com/FasterXML/jackson-databind/issues/2462
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2462
9
reference_url https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
11
reference_url https://security.netapp.com/advisory/ntap-20200904-0005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200904-0005
12
reference_url https://security.netapp.com/advisory/ntap-20200904-0005/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200904-0005/
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1758171
reference_id 1758171
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1758171
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14892
reference_id CVE-2019-14892
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14892
15
reference_url https://github.com/advisories/GHSA-cf6r-3wgc-h863
reference_id GHSA-cf6r-3wgc-h863
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cf6r-3wgc-h863
16
reference_url https://access.redhat.com/errata/RHSA-2020:0895
reference_id RHSA-2020:0895
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0895
17
reference_url https://access.redhat.com/errata/RHSA-2020:0899
reference_id RHSA-2020:0899
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0899
18
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
19
reference_url https://access.redhat.com/errata/RHSA-2020:2333
reference_id RHSA-2020:2333
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2333
20
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-1z31-s1cu-bbh4
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-7svn-u8ub-4faw
4
vulnerability VCID-88hx-kauy-4fcy
5
vulnerability VCID-8ec9-5qt4-duat
6
vulnerability VCID-8fr2-v728-cfcc
7
vulnerability VCID-8htk-33f4-4ufg
8
vulnerability VCID-8kwc-sxvr-skgp
9
vulnerability VCID-auzw-j1fc-jff8
10
vulnerability VCID-cnns-pjex-4ybt
11
vulnerability VCID-ez2q-xgz1-rkab
12
vulnerability VCID-fkct-tzwg-mkh8
13
vulnerability VCID-kdkp-1ucy-w3g1
14
vulnerability VCID-m3y5-xa6w-83b6
15
vulnerability VCID-nz1v-4hgs-6yge
16
vulnerability VCID-qx3m-tcqj-ukc2
17
vulnerability VCID-r92s-4m4x-dqc7
18
vulnerability VCID-r94a-3fq2-efdg
19
vulnerability VCID-rfqz-nf3z-v3a3
20
vulnerability VCID-s61k-e43h-13b5
21
vulnerability VCID-skd6-gqh8-sbba
22
vulnerability VCID-tfky-edec-13gw
23
vulnerability VCID-ujnp-2f3v-s3h3
24
vulnerability VCID-uzry-ts4t-fbc8
25
vulnerability VCID-vnh3-bvyq-13d6
26
vulnerability VCID-vqke-p81x-sffn
27
vulnerability VCID-w1c4-c4xs-yba4
28
vulnerability VCID-w7nq-y9sx-nfcc
29
vulnerability VCID-xqz3-k7ts-juck
30
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-39mg-y1k8-xbf9
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-88hx-kauy-4fcy
4
vulnerability VCID-8fr2-v728-cfcc
5
vulnerability VCID-8htk-33f4-4ufg
6
vulnerability VCID-8kwc-sxvr-skgp
7
vulnerability VCID-auzw-j1fc-jff8
8
vulnerability VCID-cnns-pjex-4ybt
9
vulnerability VCID-fkct-tzwg-mkh8
10
vulnerability VCID-nz1v-4hgs-6yge
11
vulnerability VCID-qx3m-tcqj-ukc2
12
vulnerability VCID-r92s-4m4x-dqc7
13
vulnerability VCID-r94a-3fq2-efdg
14
vulnerability VCID-rfqz-nf3z-v3a3
15
vulnerability VCID-s61k-e43h-13b5
16
vulnerability VCID-skd6-gqh8-sbba
17
vulnerability VCID-t79w-jeyp-suaw
18
vulnerability VCID-u37s-5nn4-wqbx
19
vulnerability VCID-vnh3-bvyq-13d6
20
vulnerability VCID-vqke-p81x-sffn
21
vulnerability VCID-w1c4-c4xs-yba4
22
vulnerability VCID-w7nq-y9sx-nfcc
23
vulnerability VCID-wqg8-5kwe-vuem
24
vulnerability VCID-xqz3-k7ts-juck
25
vulnerability VCID-zbfc-s76k-gfgv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
2
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-1z31-s1cu-bbh4
2
vulnerability VCID-314g-t8xy-5khg
3
vulnerability VCID-5887-pcyq-nkht
4
vulnerability VCID-7svn-u8ub-4faw
5
vulnerability VCID-89dx-2s8k-mufw
6
vulnerability VCID-8fr2-v728-cfcc
7
vulnerability VCID-8htk-33f4-4ufg
8
vulnerability VCID-8kwc-sxvr-skgp
9
vulnerability VCID-auzw-j1fc-jff8
10
vulnerability VCID-c1uz-emh5-9fhe
11
vulnerability VCID-crra-28kn-mqab
12
vulnerability VCID-dd77-bpcr-zfam
13
vulnerability VCID-fkct-tzwg-mkh8
14
vulnerability VCID-gxpn-pz3c-gugf
15
vulnerability VCID-nz1v-4hgs-6yge
16
vulnerability VCID-q6zd-khan-9yhj
17
vulnerability VCID-q7ye-13eq-vuhy
18
vulnerability VCID-qx3m-tcqj-ukc2
19
vulnerability VCID-r92s-4m4x-dqc7
20
vulnerability VCID-r94a-3fq2-efdg
21
vulnerability VCID-rfqz-nf3z-v3a3
22
vulnerability VCID-rsg7-5tup-4bd1
23
vulnerability VCID-s61k-e43h-13b5
24
vulnerability VCID-skd6-gqh8-sbba
25
vulnerability VCID-ujnp-2f3v-s3h3
26
vulnerability VCID-uzry-ts4t-fbc8
27
vulnerability VCID-vnh3-bvyq-13d6
28
vulnerability VCID-w1c4-c4xs-yba4
29
vulnerability VCID-w5gg-jtut-qkcc
30
vulnerability VCID-xqz3-k7ts-juck
31
vulnerability VCID-y3uj-myy6-kbha
32
vulnerability VCID-z9uf-p9w2-57fj
33
vulnerability VCID-zbfc-s76k-gfgv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10
aliases CVE-2019-14892, GHSA-cf6r-3wgc-h863
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t4kd-zjrn-kueu
24
url VCID-tfky-edec-13gw
vulnerability_id VCID-tfky-edec-13gw
summary 
Deserialization of Untrusted Data
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the `readValue` method of the `ObjectMapper`.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:3189
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3189
1
reference_url https://access.redhat.com/errata/RHSA-2017:3190
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3190
2
reference_url https://access.redhat.com/errata/RHSA-2018:0342
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0342
3
reference_url https://access.redhat.com/errata/RHSA-2018:0478
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0478
4
reference_url https://access.redhat.com/errata/RHSA-2018:0479
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0479
5
reference_url https://access.redhat.com/errata/RHSA-2018:0480
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0480
6
reference_url https://access.redhat.com/errata/RHSA-2018:0481
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0481
7
reference_url https://access.redhat.com/errata/RHSA-2018:0576
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0576
8
reference_url https://access.redhat.com/errata/RHSA-2018:0577
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0577
9
reference_url https://access.redhat.com/errata/RHSA-2018:1447
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1447
10
reference_url https://access.redhat.com/errata/RHSA-2018:1448
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1448
11
reference_url https://access.redhat.com/errata/RHSA-2018:1449
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1449
12
reference_url https://access.redhat.com/errata/RHSA-2018:1450
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1450
13
reference_url https://access.redhat.com/errata/RHSA-2018:1451
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1451
14
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
15
reference_url https://access.redhat.com/errata/RHSA-2019:2858
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2858
16
reference_url https://access.redhat.com/errata/RHSA-2019:3149
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3149
17
reference_url https://access.redhat.com/errata/RHSA-2019:3892
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3892
18
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15095.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15095.json
19
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-15095
reference_id
reference_type
scores
0
value 0.07891
scoring_system epss
scoring_elements 0.92164
published_at 2026-06-04T12:55:00Z
1
value 0.07891
scoring_system epss
scoring_elements 0.92177
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-15095
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15095
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15095
21
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
22
reference_url https://github.com/FasterXML/jackson-databind/commit/a054585e2175ad0882f07bcafedecfac86230f1b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/a054585e2175ad0882f07bcafedecfac86230f1b
23
reference_url https://github.com/FasterXML/jackson-databind/commit/a3939d36edcc755c8af55bdc1969e0fa8438f9db
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/a3939d36edcc755c8af55bdc1969e0fa8438f9db
24
reference_url https://github.com/FasterXML/jackson-databind/commit/ddfddfba6414adbecaff99684ef66eebd3a92e92
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/ddfddfba6414adbecaff99684ef66eebd3a92e92
25
reference_url https://github.com/FasterXML/jackson-databind/commit/e865a7a4464da63ded9f4b1a2328ad85c9ded78b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/e865a7a4464da63ded9f4b1a2328ad85c9ded78b
26
reference_url https://github.com/FasterXML/jackson-databind/commit/e8f043d1aac9b82eee907e0f0c3abbdea723a935
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/e8f043d1aac9b82eee907e0f0c3abbdea723a935
27
reference_url https://github.com/FasterXML/jackson-databind/issues/1680
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/1680
28
reference_url https://github.com/FasterXML/jackson-databind/issues/1737
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/1737
29
reference_url https://github.com/tolbertam/jackson-databind/commit/80566a0f96b2003863f9d8f9ccc3b562001e147b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/tolbertam/jackson-databind/commit/80566a0f96b2003863f9d8f9ccc3b562001e147b
30
reference_url https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E
31
reference_url https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html
32
reference_url https://security.netapp.com/advisory/ntap-20171214-0003
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20171214-0003
33
reference_url https://web.archive.org/web/20200401000000*/http://www.securityfocus.com/bid/103880
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200401000000*/http://www.securityfocus.com/bid/103880
34
reference_url https://web.archive.org/web/20201221192044/http://www.securitytracker.com/id/1039769
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201221192044/http://www.securitytracker.com/id/1039769
35
reference_url https://www.debian.org/security/2017/dsa-4037
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2017/dsa-4037
36
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
37
reference_url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
38
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
39
reference_url http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
40
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
41
reference_url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
42
reference_url http://www.securityfocus.com/bid/103880
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/103880
43
reference_url http://www.securitytracker.com/id/1039769
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1039769
44
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1506612
reference_id 1506612
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1506612
45
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-15095
reference_id CVE-2017-15095
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-15095
46
reference_url https://github.com/advisories/GHSA-h592-38cm-4ggp
reference_id GHSA-h592-38cm-4ggp
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h592-38cm-4ggp
47
reference_url https://usn.ubuntu.com/4741-1/
reference_id USN-4741-1
reference_type
scores
url https://usn.ubuntu.com/4741-1/
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-1z31-s1cu-bbh4
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-7svn-u8ub-4faw
4
vulnerability VCID-88hx-kauy-4fcy
5
vulnerability VCID-8ec9-5qt4-duat
6
vulnerability VCID-8fr2-v728-cfcc
7
vulnerability VCID-8htk-33f4-4ufg
8
vulnerability VCID-8kwc-sxvr-skgp
9
vulnerability VCID-auzw-j1fc-jff8
10
vulnerability VCID-cnns-pjex-4ybt
11
vulnerability VCID-ez2q-xgz1-rkab
12
vulnerability VCID-fkct-tzwg-mkh8
13
vulnerability VCID-kdkp-1ucy-w3g1
14
vulnerability VCID-m3y5-xa6w-83b6
15
vulnerability VCID-nz1v-4hgs-6yge
16
vulnerability VCID-qx3m-tcqj-ukc2
17
vulnerability VCID-r92s-4m4x-dqc7
18
vulnerability VCID-r94a-3fq2-efdg
19
vulnerability VCID-rfqz-nf3z-v3a3
20
vulnerability VCID-s61k-e43h-13b5
21
vulnerability VCID-skd6-gqh8-sbba
22
vulnerability VCID-tfky-edec-13gw
23
vulnerability VCID-ujnp-2f3v-s3h3
24
vulnerability VCID-uzry-ts4t-fbc8
25
vulnerability VCID-vnh3-bvyq-13d6
26
vulnerability VCID-vqke-p81x-sffn
27
vulnerability VCID-w1c4-c4xs-yba4
28
vulnerability VCID-w7nq-y9sx-nfcc
29
vulnerability VCID-xqz3-k7ts-juck
30
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.2
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18u1-9nc1-2feh
1
vulnerability VCID-1uan-q6u8-affj
2
vulnerability VCID-2uzw-pn14-p7a1
3
vulnerability VCID-39mg-y1k8-xbf9
4
vulnerability VCID-5887-pcyq-nkht
5
vulnerability VCID-7svn-u8ub-4faw
6
vulnerability VCID-88hx-kauy-4fcy
7
vulnerability VCID-8ec9-5qt4-duat
8
vulnerability VCID-8fr2-v728-cfcc
9
vulnerability VCID-8htk-33f4-4ufg
10
vulnerability VCID-8kwc-sxvr-skgp
11
vulnerability VCID-8mns-fyju-dqdr
12
vulnerability VCID-auzw-j1fc-jff8
13
vulnerability VCID-cnns-pjex-4ybt
14
vulnerability VCID-d6ez-jva8-hyag
15
vulnerability VCID-ez2q-xgz1-rkab
16
vulnerability VCID-fkct-tzwg-mkh8
17
vulnerability VCID-kdkp-1ucy-w3g1
18
vulnerability VCID-m3y5-xa6w-83b6
19
vulnerability VCID-nz1v-4hgs-6yge
20
vulnerability VCID-p52x-ese3-qkha
21
vulnerability VCID-qx3m-tcqj-ukc2
22
vulnerability VCID-r92s-4m4x-dqc7
23
vulnerability VCID-r94a-3fq2-efdg
24
vulnerability VCID-rfqz-nf3z-v3a3
25
vulnerability VCID-s61k-e43h-13b5
26
vulnerability VCID-skd6-gqh8-sbba
27
vulnerability VCID-t4kd-zjrn-kueu
28
vulnerability VCID-t79w-jeyp-suaw
29
vulnerability VCID-u37s-5nn4-wqbx
30
vulnerability VCID-uzry-ts4t-fbc8
31
vulnerability VCID-vnh3-bvyq-13d6
32
vulnerability VCID-vqke-p81x-sffn
33
vulnerability VCID-w1c4-c4xs-yba4
34
vulnerability VCID-w7nq-y9sx-nfcc
35
vulnerability VCID-wqg8-5kwe-vuem
36
vulnerability VCID-xqz3-k7ts-juck
37
vulnerability VCID-zbfc-s76k-gfgv
38
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.2
2
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.10
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18u1-9nc1-2feh
1
vulnerability VCID-1uan-q6u8-affj
2
vulnerability VCID-2uzw-pn14-p7a1
3
vulnerability VCID-39mg-y1k8-xbf9
4
vulnerability VCID-5887-pcyq-nkht
5
vulnerability VCID-7svn-u8ub-4faw
6
vulnerability VCID-88hx-kauy-4fcy
7
vulnerability VCID-8ec9-5qt4-duat
8
vulnerability VCID-8fr2-v728-cfcc
9
vulnerability VCID-8htk-33f4-4ufg
10
vulnerability VCID-8kwc-sxvr-skgp
11
vulnerability VCID-8mns-fyju-dqdr
12
vulnerability VCID-auzw-j1fc-jff8
13
vulnerability VCID-cnns-pjex-4ybt
14
vulnerability VCID-d6ez-jva8-hyag
15
vulnerability VCID-ez2q-xgz1-rkab
16
vulnerability VCID-fkct-tzwg-mkh8
17
vulnerability VCID-kdkp-1ucy-w3g1
18
vulnerability VCID-m3y5-xa6w-83b6
19
vulnerability VCID-nz1v-4hgs-6yge
20
vulnerability VCID-p52x-ese3-qkha
21
vulnerability VCID-qx3m-tcqj-ukc2
22
vulnerability VCID-r92s-4m4x-dqc7
23
vulnerability VCID-r94a-3fq2-efdg
24
vulnerability VCID-rfqz-nf3z-v3a3
25
vulnerability VCID-s61k-e43h-13b5
26
vulnerability VCID-skd6-gqh8-sbba
27
vulnerability VCID-t4kd-zjrn-kueu
28
vulnerability VCID-t79w-jeyp-suaw
29
vulnerability VCID-u37s-5nn4-wqbx
30
vulnerability VCID-uzry-ts4t-fbc8
31
vulnerability VCID-vnh3-bvyq-13d6
32
vulnerability VCID-vqke-p81x-sffn
33
vulnerability VCID-w1c4-c4xs-yba4
34
vulnerability VCID-w7nq-y9sx-nfcc
35
vulnerability VCID-wqg8-5kwe-vuem
36
vulnerability VCID-xqz3-k7ts-juck
37
vulnerability VCID-zbfc-s76k-gfgv
38
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.10
3
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18u1-9nc1-2feh
1
vulnerability VCID-1uan-q6u8-affj
2
vulnerability VCID-2uzw-pn14-p7a1
3
vulnerability VCID-39mg-y1k8-xbf9
4
vulnerability VCID-5887-pcyq-nkht
5
vulnerability VCID-7svn-u8ub-4faw
6
vulnerability VCID-88hx-kauy-4fcy
7
vulnerability VCID-8ec9-5qt4-duat
8
vulnerability VCID-8fr2-v728-cfcc
9
vulnerability VCID-8htk-33f4-4ufg
10
vulnerability VCID-8kwc-sxvr-skgp
11
vulnerability VCID-8mns-fyju-dqdr
12
vulnerability VCID-auzw-j1fc-jff8
13
vulnerability VCID-cnns-pjex-4ybt
14
vulnerability VCID-d6ez-jva8-hyag
15
vulnerability VCID-ez2q-xgz1-rkab
16
vulnerability VCID-fkct-tzwg-mkh8
17
vulnerability VCID-kdkp-1ucy-w3g1
18
vulnerability VCID-m3y5-xa6w-83b6
19
vulnerability VCID-nz1v-4hgs-6yge
20
vulnerability VCID-p52x-ese3-qkha
21
vulnerability VCID-qx3m-tcqj-ukc2
22
vulnerability VCID-r92s-4m4x-dqc7
23
vulnerability VCID-r94a-3fq2-efdg
24
vulnerability VCID-rfqz-nf3z-v3a3
25
vulnerability VCID-s61k-e43h-13b5
26
vulnerability VCID-skd6-gqh8-sbba
27
vulnerability VCID-t4kd-zjrn-kueu
28
vulnerability VCID-t79w-jeyp-suaw
29
vulnerability VCID-u37s-5nn4-wqbx
30
vulnerability VCID-uzry-ts4t-fbc8
31
vulnerability VCID-vnh3-bvyq-13d6
32
vulnerability VCID-vqke-p81x-sffn
33
vulnerability VCID-w1c4-c4xs-yba4
34
vulnerability VCID-w7nq-y9sx-nfcc
35
vulnerability VCID-wqg8-5kwe-vuem
36
vulnerability VCID-xqz3-k7ts-juck
37
vulnerability VCID-zbfc-s76k-gfgv
38
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11
4
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.0.pr1
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.0.pr1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18u1-9nc1-2feh
1
vulnerability VCID-1uan-q6u8-affj
2
vulnerability VCID-1z31-s1cu-bbh4
3
vulnerability VCID-2uzw-pn14-p7a1
4
vulnerability VCID-314g-t8xy-5khg
5
vulnerability VCID-39mg-y1k8-xbf9
6
vulnerability VCID-5887-pcyq-nkht
7
vulnerability VCID-7svn-u8ub-4faw
8
vulnerability VCID-88hx-kauy-4fcy
9
vulnerability VCID-89dx-2s8k-mufw
10
vulnerability VCID-8ec9-5qt4-duat
11
vulnerability VCID-8fr2-v728-cfcc
12
vulnerability VCID-8htk-33f4-4ufg
13
vulnerability VCID-8kwc-sxvr-skgp
14
vulnerability VCID-8mns-fyju-dqdr
15
vulnerability VCID-auzw-j1fc-jff8
16
vulnerability VCID-c1uz-emh5-9fhe
17
vulnerability VCID-cnns-pjex-4ybt
18
vulnerability VCID-crra-28kn-mqab
19
vulnerability VCID-d6ez-jva8-hyag
20
vulnerability VCID-dd77-bpcr-zfam
21
vulnerability VCID-ez2q-xgz1-rkab
22
vulnerability VCID-fkct-tzwg-mkh8
23
vulnerability VCID-gxpn-pz3c-gugf
24
vulnerability VCID-kdkp-1ucy-w3g1
25
vulnerability VCID-m3y5-xa6w-83b6
26
vulnerability VCID-nz1v-4hgs-6yge
27
vulnerability VCID-p52x-ese3-qkha
28
vulnerability VCID-q6zd-khan-9yhj
29
vulnerability VCID-q7ye-13eq-vuhy
30
vulnerability VCID-qx3m-tcqj-ukc2
31
vulnerability VCID-r92s-4m4x-dqc7
32
vulnerability VCID-r94a-3fq2-efdg
33
vulnerability VCID-rfqz-nf3z-v3a3
34
vulnerability VCID-rsg7-5tup-4bd1
35
vulnerability VCID-s61k-e43h-13b5
36
vulnerability VCID-skd6-gqh8-sbba
37
vulnerability VCID-t4kd-zjrn-kueu
38
vulnerability VCID-t79w-jeyp-suaw
39
vulnerability VCID-u37s-5nn4-wqbx
40
vulnerability VCID-ujnp-2f3v-s3h3
41
vulnerability VCID-uzry-ts4t-fbc8
42
vulnerability VCID-vnh3-bvyq-13d6
43
vulnerability VCID-vqke-p81x-sffn
44
vulnerability VCID-w1c4-c4xs-yba4
45
vulnerability VCID-w5gg-jtut-qkcc
46
vulnerability VCID-w7nq-y9sx-nfcc
47
vulnerability VCID-wqg8-5kwe-vuem
48
vulnerability VCID-xqz3-k7ts-juck
49
vulnerability VCID-y3uj-myy6-kbha
50
vulnerability VCID-z9uf-p9w2-57fj
51
vulnerability VCID-zbfc-s76k-gfgv
52
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.0.pr1
5
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.1
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18u1-9nc1-2feh
1
vulnerability VCID-1uan-q6u8-affj
2
vulnerability VCID-1z31-s1cu-bbh4
3
vulnerability VCID-2uzw-pn14-p7a1
4
vulnerability VCID-314g-t8xy-5khg
5
vulnerability VCID-39mg-y1k8-xbf9
6
vulnerability VCID-5887-pcyq-nkht
7
vulnerability VCID-7svn-u8ub-4faw
8
vulnerability VCID-88hx-kauy-4fcy
9
vulnerability VCID-89dx-2s8k-mufw
10
vulnerability VCID-8ec9-5qt4-duat
11
vulnerability VCID-8fr2-v728-cfcc
12
vulnerability VCID-8htk-33f4-4ufg
13
vulnerability VCID-8kwc-sxvr-skgp
14
vulnerability VCID-8mns-fyju-dqdr
15
vulnerability VCID-auzw-j1fc-jff8
16
vulnerability VCID-c1uz-emh5-9fhe
17
vulnerability VCID-cnns-pjex-4ybt
18
vulnerability VCID-crra-28kn-mqab
19
vulnerability VCID-d6ez-jva8-hyag
20
vulnerability VCID-dd77-bpcr-zfam
21
vulnerability VCID-ez2q-xgz1-rkab
22
vulnerability VCID-fkct-tzwg-mkh8
23
vulnerability VCID-gxpn-pz3c-gugf
24
vulnerability VCID-kdkp-1ucy-w3g1
25
vulnerability VCID-m3y5-xa6w-83b6
26
vulnerability VCID-nz1v-4hgs-6yge
27
vulnerability VCID-p52x-ese3-qkha
28
vulnerability VCID-q6zd-khan-9yhj
29
vulnerability VCID-q7ye-13eq-vuhy
30
vulnerability VCID-qx3m-tcqj-ukc2
31
vulnerability VCID-r92s-4m4x-dqc7
32
vulnerability VCID-r94a-3fq2-efdg
33
vulnerability VCID-rfqz-nf3z-v3a3
34
vulnerability VCID-rsg7-5tup-4bd1
35
vulnerability VCID-s61k-e43h-13b5
36
vulnerability VCID-skd6-gqh8-sbba
37
vulnerability VCID-t4kd-zjrn-kueu
38
vulnerability VCID-t79w-jeyp-suaw
39
vulnerability VCID-u37s-5nn4-wqbx
40
vulnerability VCID-ujnp-2f3v-s3h3
41
vulnerability VCID-uzry-ts4t-fbc8
42
vulnerability VCID-vnh3-bvyq-13d6
43
vulnerability VCID-vqke-p81x-sffn
44
vulnerability VCID-w1c4-c4xs-yba4
45
vulnerability VCID-w5gg-jtut-qkcc
46
vulnerability VCID-w7nq-y9sx-nfcc
47
vulnerability VCID-wqg8-5kwe-vuem
48
vulnerability VCID-xqz3-k7ts-juck
49
vulnerability VCID-y3uj-myy6-kbha
50
vulnerability VCID-z9uf-p9w2-57fj
51
vulnerability VCID-zbfc-s76k-gfgv
52
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.1
6
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18u1-9nc1-2feh
1
vulnerability VCID-1uan-q6u8-affj
2
vulnerability VCID-1z31-s1cu-bbh4
3
vulnerability VCID-2uzw-pn14-p7a1
4
vulnerability VCID-314g-t8xy-5khg
5
vulnerability VCID-39mg-y1k8-xbf9
6
vulnerability VCID-5887-pcyq-nkht
7
vulnerability VCID-7svn-u8ub-4faw
8
vulnerability VCID-88hx-kauy-4fcy
9
vulnerability VCID-89dx-2s8k-mufw
10
vulnerability VCID-8fr2-v728-cfcc
11
vulnerability VCID-8htk-33f4-4ufg
12
vulnerability VCID-8kwc-sxvr-skgp
13
vulnerability VCID-8mns-fyju-dqdr
14
vulnerability VCID-auzw-j1fc-jff8
15
vulnerability VCID-c1uz-emh5-9fhe
16
vulnerability VCID-cnns-pjex-4ybt
17
vulnerability VCID-crra-28kn-mqab
18
vulnerability VCID-d6ez-jva8-hyag
19
vulnerability VCID-dd77-bpcr-zfam
20
vulnerability VCID-ez2q-xgz1-rkab
21
vulnerability VCID-fkct-tzwg-mkh8
22
vulnerability VCID-gxpn-pz3c-gugf
23
vulnerability VCID-kdkp-1ucy-w3g1
24
vulnerability VCID-m3y5-xa6w-83b6
25
vulnerability VCID-nz1v-4hgs-6yge
26
vulnerability VCID-p52x-ese3-qkha
27
vulnerability VCID-q6zd-khan-9yhj
28
vulnerability VCID-q7ye-13eq-vuhy
29
vulnerability VCID-qx3m-tcqj-ukc2
30
vulnerability VCID-r92s-4m4x-dqc7
31
vulnerability VCID-r94a-3fq2-efdg
32
vulnerability VCID-rfqz-nf3z-v3a3
33
vulnerability VCID-rsg7-5tup-4bd1
34
vulnerability VCID-s61k-e43h-13b5
35
vulnerability VCID-skd6-gqh8-sbba
36
vulnerability VCID-t4kd-zjrn-kueu
37
vulnerability VCID-t79w-jeyp-suaw
38
vulnerability VCID-u37s-5nn4-wqbx
39
vulnerability VCID-ujnp-2f3v-s3h3
40
vulnerability VCID-uzry-ts4t-fbc8
41
vulnerability VCID-vnh3-bvyq-13d6
42
vulnerability VCID-vqke-p81x-sffn
43
vulnerability VCID-w1c4-c4xs-yba4
44
vulnerability VCID-w5gg-jtut-qkcc
45
vulnerability VCID-w7nq-y9sx-nfcc
46
vulnerability VCID-wqg8-5kwe-vuem
47
vulnerability VCID-xqz3-k7ts-juck
48
vulnerability VCID-y3uj-myy6-kbha
49
vulnerability VCID-z9uf-p9w2-57fj
50
vulnerability VCID-zbfc-s76k-gfgv
51
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4
aliases CVE-2017-15095, GHSA-h592-38cm-4ggp
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tfky-edec-13gw
25
url VCID-uzry-ts4t-fbc8
vulnerability_id VCID-uzry-ts4t-fbc8
summary 
Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20330.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20330.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-20330
reference_id
reference_type
scores
0
value 0.01914
scoring_system epss
scoring_elements 0.83662
published_at 2026-06-05T12:55:00Z
1
value 0.01914
scoring_system epss
scoring_elements 0.83637
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-20330
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
5
reference_url https://github.com/FasterXML/jackson-databind/commit/eb254813cc822d0af015ce8fe05febf50721dc53
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/eb254813cc822d0af015ce8fe05febf50721dc53
6
reference_url https://github.com/FasterXML/jackson-databind/commit/fc4214a883dc087070f25da738ef0d49c2f3387e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/fc4214a883dc087070f25da738ef0d49c2f3387e
7
reference_url https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2
8
reference_url https://github.com/FasterXML/jackson-databind/issues/2526
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2526
9
reference_url https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d@%3Cdev.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d@%3Cdev.zookeeper.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/r2c77dd6ab8344285bd8e481b57cf3029965a4b0036eefccef74cdd44@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2c77dd6ab8344285bd8e481b57cf3029965a4b0036eefccef74cdd44@%3Cnotifications.zookeeper.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/r3f8180d0d25a7c6473ebb9714b0c1d19a73f455ae70d0c5fefc17e6c@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3f8180d0d25a7c6473ebb9714b0c1d19a73f455ae70d0c5fefc17e6c@%3Cissues.zookeeper.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/r428735963bee7cb99877b88d3228e28ec28af64646455c4f3e7a3c94@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r428735963bee7cb99877b88d3228e28ec28af64646455c4f3e7a3c94@%3Cissues.zookeeper.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/r50f513772f12e1babf65c7c2b9c16425bac2d945351879e2e267517f@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r50f513772f12e1babf65c7c2b9c16425bac2d945351879e2e267517f@%3Cissues.zookeeper.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/r5c14fdcabdeaba258857bcb67198652e4dce1d33ddc590cd81d82393@%3Cdev.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5c14fdcabdeaba258857bcb67198652e4dce1d33ddc590cd81d82393@%3Cdev.zookeeper.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7efbe7d04625425b3@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7efbe7d04625425b3@%3Ccommits.druid.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/r5d3d10fdf28110da3f9ac1b7d08d7e252f98d7d37ce0a6bd139a2e4f@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5d3d10fdf28110da3f9ac1b7d08d7e252f98d7d37ce0a6bd139a2e4f@%3Cissues.zookeeper.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/r67f4d4c48197454b83d62afbed8bebbda3764e6e3a6e26a848961764@%3Ccommits.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r67f4d4c48197454b83d62afbed8bebbda3764e6e3a6e26a848961764@%3Ccommits.zookeeper.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/r707d23bb9ee245f50aa909add0da6e8d8f24719b1278ddd99d2428b2@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r707d23bb9ee245f50aa909add0da6e8d8f24719b1278ddd99d2428b2@%3Cissues.zookeeper.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/r7a0821b44247a1e6c6fe5f2943b90ebc4f80a8d1fb0aa9a8b29a59a2@%3Ccommits.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7a0821b44247a1e6c6fe5f2943b90ebc4f80a8d1fb0aa9a8b29a59a2@%3Ccommits.zookeeper.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/r7fb123e7dad49af5886cfec7135c0fd5b74e4c67af029e1dc91ba744@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7fb123e7dad49af5886cfec7135c0fd5b74e4c67af029e1dc91ba744@%3Ccommits.druid.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/r8831b7fa5ca87a1cf23ee08d6dedb7877a964c1d2bd869af24056a63@%3Ccommits.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8831b7fa5ca87a1cf23ee08d6dedb7877a964c1d2bd869af24056a63@%3Ccommits.zookeeper.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/r909c822409a276ba04dc2ae31179b16f6864ba02c4f9911bdffebf95@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r909c822409a276ba04dc2ae31179b16f6864ba02c4f9911bdffebf95@%3Cissues.zookeeper.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/ra2e572f568de8df5ba151e6aebb225a0629faaf0476bf7c7ed877af8@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra2e572f568de8df5ba151e6aebb225a0629faaf0476bf7c7ed877af8@%3Cnotifications.zookeeper.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/ra5ce96faec37c26b0aa15b4b6a8b1cbb145a748653e56ae83e9685d0@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra5ce96faec37c26b0aa15b4b6a8b1cbb145a748653e56ae83e9685d0@%3Cnotifications.zookeeper.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/ra8a80dbc7319916946397823aec0d893d24713cbf7b5aee0e957298c@%3Cdev.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra8a80dbc7319916946397823aec0d893d24713cbf7b5aee0e957298c@%3Cdev.zookeeper.apache.org%3E
28
reference_url https://lists.apache.org/thread.html/rb532fed78d031fff477fd840b81946f6d1200f93a63698dae65aa528@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb532fed78d031fff477fd840b81946f6d1200f93a63698dae65aa528@%3Ccommits.druid.apache.org%3E
29
reference_url https://lists.apache.org/thread.html/rd1f346227e11fc515914f3a7b20d81543e51e5822ba71baa0452634a@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd1f346227e11fc515914f3a7b20d81543e51e5822ba71baa0452634a@%3Cissues.zookeeper.apache.org%3E
30
reference_url https://lists.apache.org/thread.html/rd49cfa41bbb71ef33b53736a6af2aa8ba88c2106e30f2a34902a87d2@%3Cnotifications.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd49cfa41bbb71ef33b53736a6af2aa8ba88c2106e30f2a34902a87d2@%3Cnotifications.zookeeper.apache.org%3E
31
reference_url https://lists.apache.org/thread.html/rd6c6fef14944f3dcfb58d35f9317eb1c32a700e86c1b5231e45d3d0b@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd6c6fef14944f3dcfb58d35f9317eb1c32a700e86c1b5231e45d3d0b@%3Ccommits.druid.apache.org%3E
32
reference_url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
33
reference_url https://lists.apache.org/thread.html/rfa57d9c2a27d3af14c69607fb1a3da00e758b2092aa88eb6a51b6e99@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfa57d9c2a27d3af14c69607fb1a3da00e758b2092aa88eb6a51b6e99@%3Cissues.zookeeper.apache.org%3E
34
reference_url https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html
35
reference_url https://security.netapp.com/advisory/ntap-20200127-0004
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200127-0004
36
reference_url https://security.netapp.com/advisory/ntap-20200127-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200127-0004/
37
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
38
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
39
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
40
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
41
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1793154
reference_id 1793154
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1793154
42
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-20330
reference_id CVE-2019-20330
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-20330
43
reference_url https://github.com/advisories/GHSA-gww7-p5w4-wrfv
reference_id GHSA-gww7-p5w4-wrfv
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gww7-p5w4-wrfv
44
reference_url https://access.redhat.com/errata/RHSA-2020:0939
reference_id RHSA-2020:0939
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0939
45
reference_url https://access.redhat.com/errata/RHSA-2020:0951
reference_id RHSA-2020:0951
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0951
46
reference_url https://access.redhat.com/errata/RHSA-2020:1644
reference_id RHSA-2020:1644
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1644
47
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
48
reference_url https://access.redhat.com/errata/RHSA-2020:2333
reference_id RHSA-2020:2333
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2333
49
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
50
reference_url https://access.redhat.com/errata/RHSA-2020:3196
reference_id RHSA-2020:3196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3196
51
reference_url https://access.redhat.com/errata/RHSA-2020:3197
reference_id RHSA-2020:3197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3197
52
reference_url https://usn.ubuntu.com/USN-4813-1/
reference_id USN-USN-4813-1
reference_type
scores
url https://usn.ubuntu.com/USN-4813-1/
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.4
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-5887-pcyq-nkht
2
vulnerability VCID-88hx-kauy-4fcy
3
vulnerability VCID-8ec9-5qt4-duat
4
vulnerability VCID-8fr2-v728-cfcc
5
vulnerability VCID-8htk-33f4-4ufg
6
vulnerability VCID-8kwc-sxvr-skgp
7
vulnerability VCID-auzw-j1fc-jff8
8
vulnerability VCID-cnns-pjex-4ybt
9
vulnerability VCID-ez2q-xgz1-rkab
10
vulnerability VCID-fkct-tzwg-mkh8
11
vulnerability VCID-kdkp-1ucy-w3g1
12
vulnerability VCID-m3y5-xa6w-83b6
13
vulnerability VCID-nz1v-4hgs-6yge
14
vulnerability VCID-qx3m-tcqj-ukc2
15
vulnerability VCID-r92s-4m4x-dqc7
16
vulnerability VCID-r94a-3fq2-efdg
17
vulnerability VCID-rfqz-nf3z-v3a3
18
vulnerability VCID-s61k-e43h-13b5
19
vulnerability VCID-skd6-gqh8-sbba
20
vulnerability VCID-tfky-edec-13gw
21
vulnerability VCID-uzry-ts4t-fbc8
22
vulnerability VCID-vnh3-bvyq-13d6
23
vulnerability VCID-vqke-p81x-sffn
24
vulnerability VCID-w1c4-c4xs-yba4
25
vulnerability VCID-w7nq-y9sx-nfcc
26
vulnerability VCID-xqz3-k7ts-juck
27
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.4
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.7
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-39mg-y1k8-xbf9
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-88hx-kauy-4fcy
4
vulnerability VCID-8fr2-v728-cfcc
5
vulnerability VCID-8htk-33f4-4ufg
6
vulnerability VCID-8kwc-sxvr-skgp
7
vulnerability VCID-auzw-j1fc-jff8
8
vulnerability VCID-cnns-pjex-4ybt
9
vulnerability VCID-fkct-tzwg-mkh8
10
vulnerability VCID-nz1v-4hgs-6yge
11
vulnerability VCID-qx3m-tcqj-ukc2
12
vulnerability VCID-r92s-4m4x-dqc7
13
vulnerability VCID-r94a-3fq2-efdg
14
vulnerability VCID-rfqz-nf3z-v3a3
15
vulnerability VCID-s61k-e43h-13b5
16
vulnerability VCID-skd6-gqh8-sbba
17
vulnerability VCID-t4kd-zjrn-kueu
18
vulnerability VCID-t79w-jeyp-suaw
19
vulnerability VCID-u37s-5nn4-wqbx
20
vulnerability VCID-uzry-ts4t-fbc8
21
vulnerability VCID-vnh3-bvyq-13d6
22
vulnerability VCID-vqke-p81x-sffn
23
vulnerability VCID-w1c4-c4xs-yba4
24
vulnerability VCID-w7nq-y9sx-nfcc
25
vulnerability VCID-wqg8-5kwe-vuem
26
vulnerability VCID-xqz3-k7ts-juck
27
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.7
2
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-39mg-y1k8-xbf9
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-88hx-kauy-4fcy
4
vulnerability VCID-8fr2-v728-cfcc
5
vulnerability VCID-8htk-33f4-4ufg
6
vulnerability VCID-8kwc-sxvr-skgp
7
vulnerability VCID-auzw-j1fc-jff8
8
vulnerability VCID-cnns-pjex-4ybt
9
vulnerability VCID-fkct-tzwg-mkh8
10
vulnerability VCID-nz1v-4hgs-6yge
11
vulnerability VCID-qx3m-tcqj-ukc2
12
vulnerability VCID-r92s-4m4x-dqc7
13
vulnerability VCID-r94a-3fq2-efdg
14
vulnerability VCID-rfqz-nf3z-v3a3
15
vulnerability VCID-s61k-e43h-13b5
16
vulnerability VCID-skd6-gqh8-sbba
17
vulnerability VCID-t79w-jeyp-suaw
18
vulnerability VCID-u37s-5nn4-wqbx
19
vulnerability VCID-vnh3-bvyq-13d6
20
vulnerability VCID-vqke-p81x-sffn
21
vulnerability VCID-w1c4-c4xs-yba4
22
vulnerability VCID-w7nq-y9sx-nfcc
23
vulnerability VCID-wqg8-5kwe-vuem
24
vulnerability VCID-xqz3-k7ts-juck
25
vulnerability VCID-zbfc-s76k-gfgv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
3
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.2
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z31-s1cu-bbh4
1
vulnerability VCID-314g-t8xy-5khg
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-7svn-u8ub-4faw
4
vulnerability VCID-89dx-2s8k-mufw
5
vulnerability VCID-8fr2-v728-cfcc
6
vulnerability VCID-8kwc-sxvr-skgp
7
vulnerability VCID-c1uz-emh5-9fhe
8
vulnerability VCID-crra-28kn-mqab
9
vulnerability VCID-dd77-bpcr-zfam
10
vulnerability VCID-fkct-tzwg-mkh8
11
vulnerability VCID-gxpn-pz3c-gugf
12
vulnerability VCID-nz1v-4hgs-6yge
13
vulnerability VCID-q6zd-khan-9yhj
14
vulnerability VCID-q7ye-13eq-vuhy
15
vulnerability VCID-qx3m-tcqj-ukc2
16
vulnerability VCID-r92s-4m4x-dqc7
17
vulnerability VCID-r94a-3fq2-efdg
18
vulnerability VCID-rfqz-nf3z-v3a3
19
vulnerability VCID-rsg7-5tup-4bd1
20
vulnerability VCID-s61k-e43h-13b5
21
vulnerability VCID-skd6-gqh8-sbba
22
vulnerability VCID-ujnp-2f3v-s3h3
23
vulnerability VCID-vnh3-bvyq-13d6
24
vulnerability VCID-w1c4-c4xs-yba4
25
vulnerability VCID-w5gg-jtut-qkcc
26
vulnerability VCID-xqz3-k7ts-juck
27
vulnerability VCID-y3uj-myy6-kbha
28
vulnerability VCID-z9uf-p9w2-57fj
29
vulnerability VCID-zbfc-s76k-gfgv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.2
aliases CVE-2019-20330, GHSA-gww7-p5w4-wrfv
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uzry-ts4t-fbc8
26
url VCID-vnh3-bvyq-13d6
vulnerability_id VCID-vnh3-bvyq-13d6
summary 
Deserialization of Untrusted Data
FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing, related to `org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.`
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35490.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35490.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35490
reference_id
reference_type
scores
0
value 0.04249
scoring_system epss
scoring_elements 0.89004
published_at 2026-06-05T12:55:00Z
1
value 0.04249
scoring_system epss
scoring_elements 0.88986
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35490
2
reference_url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35490
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35490
4
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
5
reference_url https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d
6
reference_url https://github.com/FasterXML/jackson-databind/issues/2986
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2986
7
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
8
reference_url https://security.netapp.com/advisory/ntap-20210122-0005
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210122-0005
9
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
10
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
11
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
12
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
13
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
14
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1909266
reference_id 1909266
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1909266
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-35490
reference_id CVE-2020-35490
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-35490
17
reference_url https://github.com/advisories/GHSA-wh8g-3j2c-rqj5
reference_id GHSA-wh8g-3j2c-rqj5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wh8g-3j2c-rqj5
18
reference_url https://access.redhat.com/errata/RHSA-2021:1230
reference_id RHSA-2021:1230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1230
19
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8fr2-v728-cfcc
1
vulnerability VCID-r94a-3fq2-efdg
2
vulnerability VCID-w1c4-c4xs-yba4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-35490, GHSA-wh8g-3j2c-rqj5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vnh3-bvyq-13d6
27
url VCID-vqke-p81x-sffn
vulnerability_id VCID-vqke-p81x-sffn
summary 
Improper Input Validation
A Polymorphic Typing issue was discovered in FasterXML jackson-databind. It is related to `com.zaxxer.hikari.HikariDataSource`. This is a different vulnerability than CVE-2019-14540.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:3200
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3200
1
reference_url https://access.redhat.com/errata/RHSA-2020:0159
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0159
2
reference_url https://access.redhat.com/errata/RHSA-2020:0160
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0160
3
reference_url https://access.redhat.com/errata/RHSA-2020:0161
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0161
4
reference_url https://access.redhat.com/errata/RHSA-2020:0164
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0164
5
reference_url https://access.redhat.com/errata/RHSA-2020:0445
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0445
6
reference_url https://access.redhat.com/errata/RHSA-2020:0729
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0729
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16335.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16335.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16335
reference_id
reference_type
scores
0
value 0.00669
scoring_system epss
scoring_elements 0.71734
published_at 2026-06-05T12:55:00Z
1
value 0.00669
scoring_system epss
scoring_elements 0.71693
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16335
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943
15
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
16
reference_url https://github.com/FasterXML/jackson-databind/commit/73c1c2cc76e6cdd7f3a5615cbe3207fe96e4d3db
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/73c1c2cc76e6cdd7f3a5615cbe3207fe96e4d3db
17
reference_url https://github.com/FasterXML/jackson-databind/issues/2449
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2449
18
reference_url https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
28
reference_url https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
29
reference_url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
30
reference_url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
31
reference_url https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html
32
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43
33
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/
34
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT
35
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/
36
reference_url https://seclists.org/bugtraq/2019/Oct/6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Oct/6
37
reference_url https://security.netapp.com/advisory/ntap-20191004-0002
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20191004-0002
38
reference_url https://security.netapp.com/advisory/ntap-20191004-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20191004-0002/
39
reference_url https://www.debian.org/security/2019/dsa-4542
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4542
40
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
41
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
42
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
43
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
44
reference_url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
45
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1755831
reference_id 1755831
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1755831
46
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940498
reference_id 940498
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940498
47
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16335
reference_id CVE-2019-16335
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16335
48
reference_url https://github.com/advisories/GHSA-85cw-hj65-qqv9
reference_id GHSA-85cw-hj65-qqv9
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-85cw-hj65-qqv9
49
reference_url https://access.redhat.com/errata/RHSA-2020:0895
reference_id RHSA-2020:0895
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0895
50
reference_url https://access.redhat.com/errata/RHSA-2020:0899
reference_id RHSA-2020:0899
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0899
51
reference_url https://access.redhat.com/errata/RHSA-2020:1644
reference_id RHSA-2020:1644
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1644
52
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
53
reference_url https://access.redhat.com/errata/RHSA-2020:2333
reference_id RHSA-2020:2333
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2333
54
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
55
reference_url https://usn.ubuntu.com/USN-4813-1/
reference_id USN-USN-4813-1
reference_type
scores
url https://usn.ubuntu.com/USN-4813-1/
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-1z31-s1cu-bbh4
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-7svn-u8ub-4faw
4
vulnerability VCID-88hx-kauy-4fcy
5
vulnerability VCID-8ec9-5qt4-duat
6
vulnerability VCID-8fr2-v728-cfcc
7
vulnerability VCID-8htk-33f4-4ufg
8
vulnerability VCID-8kwc-sxvr-skgp
9
vulnerability VCID-auzw-j1fc-jff8
10
vulnerability VCID-cnns-pjex-4ybt
11
vulnerability VCID-ez2q-xgz1-rkab
12
vulnerability VCID-fkct-tzwg-mkh8
13
vulnerability VCID-kdkp-1ucy-w3g1
14
vulnerability VCID-m3y5-xa6w-83b6
15
vulnerability VCID-nz1v-4hgs-6yge
16
vulnerability VCID-qx3m-tcqj-ukc2
17
vulnerability VCID-r92s-4m4x-dqc7
18
vulnerability VCID-r94a-3fq2-efdg
19
vulnerability VCID-rfqz-nf3z-v3a3
20
vulnerability VCID-s61k-e43h-13b5
21
vulnerability VCID-skd6-gqh8-sbba
22
vulnerability VCID-tfky-edec-13gw
23
vulnerability VCID-ujnp-2f3v-s3h3
24
vulnerability VCID-uzry-ts4t-fbc8
25
vulnerability VCID-vnh3-bvyq-13d6
26
vulnerability VCID-vqke-p81x-sffn
27
vulnerability VCID-w1c4-c4xs-yba4
28
vulnerability VCID-w7nq-y9sx-nfcc
29
vulnerability VCID-xqz3-k7ts-juck
30
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-39mg-y1k8-xbf9
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-88hx-kauy-4fcy
4
vulnerability VCID-8fr2-v728-cfcc
5
vulnerability VCID-8htk-33f4-4ufg
6
vulnerability VCID-8kwc-sxvr-skgp
7
vulnerability VCID-auzw-j1fc-jff8
8
vulnerability VCID-cnns-pjex-4ybt
9
vulnerability VCID-fkct-tzwg-mkh8
10
vulnerability VCID-nz1v-4hgs-6yge
11
vulnerability VCID-qx3m-tcqj-ukc2
12
vulnerability VCID-r92s-4m4x-dqc7
13
vulnerability VCID-r94a-3fq2-efdg
14
vulnerability VCID-rfqz-nf3z-v3a3
15
vulnerability VCID-s61k-e43h-13b5
16
vulnerability VCID-skd6-gqh8-sbba
17
vulnerability VCID-t79w-jeyp-suaw
18
vulnerability VCID-u37s-5nn4-wqbx
19
vulnerability VCID-vnh3-bvyq-13d6
20
vulnerability VCID-vqke-p81x-sffn
21
vulnerability VCID-w1c4-c4xs-yba4
22
vulnerability VCID-w7nq-y9sx-nfcc
23
vulnerability VCID-wqg8-5kwe-vuem
24
vulnerability VCID-xqz3-k7ts-juck
25
vulnerability VCID-zbfc-s76k-gfgv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
2
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-1z31-s1cu-bbh4
2
vulnerability VCID-314g-t8xy-5khg
3
vulnerability VCID-5887-pcyq-nkht
4
vulnerability VCID-7svn-u8ub-4faw
5
vulnerability VCID-89dx-2s8k-mufw
6
vulnerability VCID-8fr2-v728-cfcc
7
vulnerability VCID-8htk-33f4-4ufg
8
vulnerability VCID-8kwc-sxvr-skgp
9
vulnerability VCID-auzw-j1fc-jff8
10
vulnerability VCID-c1uz-emh5-9fhe
11
vulnerability VCID-crra-28kn-mqab
12
vulnerability VCID-dd77-bpcr-zfam
13
vulnerability VCID-fkct-tzwg-mkh8
14
vulnerability VCID-gxpn-pz3c-gugf
15
vulnerability VCID-nz1v-4hgs-6yge
16
vulnerability VCID-q6zd-khan-9yhj
17
vulnerability VCID-q7ye-13eq-vuhy
18
vulnerability VCID-qx3m-tcqj-ukc2
19
vulnerability VCID-r92s-4m4x-dqc7
20
vulnerability VCID-r94a-3fq2-efdg
21
vulnerability VCID-rfqz-nf3z-v3a3
22
vulnerability VCID-rsg7-5tup-4bd1
23
vulnerability VCID-s61k-e43h-13b5
24
vulnerability VCID-skd6-gqh8-sbba
25
vulnerability VCID-ujnp-2f3v-s3h3
26
vulnerability VCID-uzry-ts4t-fbc8
27
vulnerability VCID-vnh3-bvyq-13d6
28
vulnerability VCID-w1c4-c4xs-yba4
29
vulnerability VCID-w5gg-jtut-qkcc
30
vulnerability VCID-xqz3-k7ts-juck
31
vulnerability VCID-y3uj-myy6-kbha
32
vulnerability VCID-z9uf-p9w2-57fj
33
vulnerability VCID-zbfc-s76k-gfgv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10
aliases CVE-2019-16335, GHSA-85cw-hj65-qqv9
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vqke-p81x-sffn
28
url VCID-w1c4-c4xs-yba4
vulnerability_id VCID-w1c4-c4xs-yba4
summary In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42004.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42004.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42004
reference_id
reference_type
scores
0
value 0.0025
scoring_system epss
scoring_elements 0.48467
published_at 2026-06-04T12:55:00Z
1
value 0.0025
scoring_system epss
scoring_elements 0.48529
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42004
2
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
8
reference_url https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88
9
reference_url https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1
10
reference_url https://github.com/FasterXML/jackson-databind/commit/35de19e7144c4df8ab178b800ba86e80c3d84252
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/35de19e7144c4df8ab178b800ba86e80c3d84252
11
reference_url https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea
12
reference_url https://github.com/FasterXML/jackson-databind/issues/3582
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/3582
13
reference_url https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42004
15
reference_url https://security.gentoo.org/glsa/202210-21
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202210-21
16
reference_url https://security.netapp.com/advisory/ntap-20221118-0008
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20221118-0008
17
reference_url https://www.debian.org/security/2022/dsa-5283
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5283
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2135247
reference_id 2135247
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2135247
19
reference_url https://github.com/advisories/GHSA-rgv9-q543-rqg4
reference_id GHSA-rgv9-q543-rqg4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rgv9-q543-rqg4
20
reference_url https://access.redhat.com/errata/RHSA-2022:7435
reference_id RHSA-2022:7435
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7435
21
reference_url https://access.redhat.com/errata/RHSA-2022:8781
reference_id RHSA-2022:8781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8781
22
reference_url https://access.redhat.com/errata/RHSA-2022:8876
reference_id RHSA-2022:8876
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8876
23
reference_url https://access.redhat.com/errata/RHSA-2022:8889
reference_id RHSA-2022:8889
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8889
24
reference_url https://access.redhat.com/errata/RHSA-2022:9023
reference_id RHSA-2022:9023
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:9023
25
reference_url https://access.redhat.com/errata/RHSA-2022:9032
reference_id RHSA-2022:9032
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:9032
26
reference_url https://access.redhat.com/errata/RHSA-2023:0189
reference_id RHSA-2023:0189
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0189
27
reference_url https://access.redhat.com/errata/RHSA-2023:0264
reference_id RHSA-2023:0264
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0264
28
reference_url https://access.redhat.com/errata/RHSA-2023:0469
reference_id RHSA-2023:0469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0469
29
reference_url https://access.redhat.com/errata/RHSA-2023:0471
reference_id RHSA-2023:0471
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0471
30
reference_url https://access.redhat.com/errata/RHSA-2023:0552
reference_id RHSA-2023:0552
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0552
31
reference_url https://access.redhat.com/errata/RHSA-2023:0553
reference_id RHSA-2023:0553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0553
32
reference_url https://access.redhat.com/errata/RHSA-2023:0554
reference_id RHSA-2023:0554
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0554
33
reference_url https://access.redhat.com/errata/RHSA-2023:0556
reference_id RHSA-2023:0556
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0556
34
reference_url https://access.redhat.com/errata/RHSA-2023:0713
reference_id RHSA-2023:0713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0713
35
reference_url https://access.redhat.com/errata/RHSA-2023:1006
reference_id RHSA-2023:1006
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1006
36
reference_url https://access.redhat.com/errata/RHSA-2023:1064
reference_id RHSA-2023:1064
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1064
37
reference_url https://access.redhat.com/errata/RHSA-2023:2097
reference_id RHSA-2023:2097
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2097
38
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
39
reference_url https://access.redhat.com/errata/RHSA-2023:2135
reference_id RHSA-2023:2135
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2135
40
reference_url https://access.redhat.com/errata/RHSA-2023:3223
reference_id RHSA-2023:3223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3223
41
reference_url https://access.redhat.com/errata/RHSA-2023:3641
reference_id RHSA-2023:3641
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3641
42
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
43
reference_url https://access.redhat.com/errata/RHSA-2025:1746
reference_id RHSA-2025:1746
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1746
44
reference_url https://access.redhat.com/errata/RHSA-2025:1747
reference_id RHSA-2025:1747
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1747
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r94a-3fq2-efdg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4
aliases CVE-2022-42004, GHSA-rgv9-q543-rqg4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w1c4-c4xs-yba4
29
url VCID-w7nq-y9sx-nfcc
vulnerability_id VCID-w7nq-y9sx-nfcc
summary 
Improper Input Validation
Fasterxml Jackson does not properly validate user input leading to a DoS. Specifically, deserializing malicious input of very large values in the nanoseconds field of a time value.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000873.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000873.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1000873
reference_id
reference_type
scores
0
value 0.02189
scoring_system epss
scoring_elements 0.84691
published_at 2026-06-04T12:55:00Z
1
value 0.02189
scoring_system epss
scoring_elements 0.84715
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1000873
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1665601
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1665601
3
reference_url https://github.com/FasterXML/jackson-modules-java8
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-modules-java8
4
reference_url https://github.com/FasterXML/jackson-modules-java8/issues/90
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-modules-java8/issues/90
5
reference_url https://github.com/FasterXML/jackson-modules-java8/pull/87
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-modules-java8/pull/87
6
reference_url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
12
reference_url https://security.netapp.com/advisory/ntap-20200904-0004
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200904-0004
13
reference_url https://security.netapp.com/advisory/ntap-20200904-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200904-0004/
14
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
15
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
16
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
17
reference_url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000873
reference_id CVE-2018-1000873
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000873
19
reference_url https://github.com/advisories/GHSA-h4x4-5qp2-wp46
reference_id GHSA-h4x4-5qp2-wp46
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-h4x4-5qp2-wp46
20
reference_url https://access.redhat.com/errata/RHSA-2020:5568
reference_id RHSA-2020:5568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5568
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-1z31-s1cu-bbh4
2
vulnerability VCID-314g-t8xy-5khg
3
vulnerability VCID-5887-pcyq-nkht
4
vulnerability VCID-7svn-u8ub-4faw
5
vulnerability VCID-88hx-kauy-4fcy
6
vulnerability VCID-89dx-2s8k-mufw
7
vulnerability VCID-8fr2-v728-cfcc
8
vulnerability VCID-8htk-33f4-4ufg
9
vulnerability VCID-8kwc-sxvr-skgp
10
vulnerability VCID-auzw-j1fc-jff8
11
vulnerability VCID-c1uz-emh5-9fhe
12
vulnerability VCID-cnns-pjex-4ybt
13
vulnerability VCID-crra-28kn-mqab
14
vulnerability VCID-dd77-bpcr-zfam
15
vulnerability VCID-fkct-tzwg-mkh8
16
vulnerability VCID-gxpn-pz3c-gugf
17
vulnerability VCID-nz1v-4hgs-6yge
18
vulnerability VCID-p52x-ese3-qkha
19
vulnerability VCID-q6zd-khan-9yhj
20
vulnerability VCID-q7ye-13eq-vuhy
21
vulnerability VCID-qx3m-tcqj-ukc2
22
vulnerability VCID-r92s-4m4x-dqc7
23
vulnerability VCID-r94a-3fq2-efdg
24
vulnerability VCID-rfqz-nf3z-v3a3
25
vulnerability VCID-rsg7-5tup-4bd1
26
vulnerability VCID-s61k-e43h-13b5
27
vulnerability VCID-skd6-gqh8-sbba
28
vulnerability VCID-t4kd-zjrn-kueu
29
vulnerability VCID-ujnp-2f3v-s3h3
30
vulnerability VCID-uzry-ts4t-fbc8
31
vulnerability VCID-vnh3-bvyq-13d6
32
vulnerability VCID-vqke-p81x-sffn
33
vulnerability VCID-w1c4-c4xs-yba4
34
vulnerability VCID-w5gg-jtut-qkcc
35
vulnerability VCID-xqz3-k7ts-juck
36
vulnerability VCID-y3uj-myy6-kbha
37
vulnerability VCID-z9uf-p9w2-57fj
38
vulnerability VCID-zbfc-s76k-gfgv
39
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
aliases CVE-2018-1000873, GHSA-h4x4-5qp2-wp46
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w7nq-y9sx-nfcc
30
url VCID-wqg8-5kwe-vuem
vulnerability_id VCID-wqg8-5kwe-vuem
summary 
Deserialization of Untrusted Data
FasterXML jackson-databind might allow remote attackers to execute arbitrary code by leveraging failure to block the `slf4j-ext` class from polymorphic deserialization.
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:0959
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0959
1
reference_url https://access.redhat.com/errata/RHSA-2019:0782
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0782
2
reference_url https://access.redhat.com/errata/RHSA-2019:0877
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0877
3
reference_url https://access.redhat.com/errata/RHSA-2019:1782
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1782
4
reference_url https://access.redhat.com/errata/RHSA-2019:1797
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1797
5
reference_url https://access.redhat.com/errata/RHSA-2019:1822
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1822
6
reference_url https://access.redhat.com/errata/RHSA-2019:1823
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1823
7
reference_url https://access.redhat.com/errata/RHSA-2019:2804
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2804
8
reference_url https://access.redhat.com/errata/RHSA-2019:2858
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2858
9
reference_url https://access.redhat.com/errata/RHSA-2019:3002
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3002
10
reference_url https://access.redhat.com/errata/RHSA-2019:3140
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3140
11
reference_url https://access.redhat.com/errata/RHSA-2019:3149
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3149
12
reference_url https://access.redhat.com/errata/RHSA-2019:3892
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3892
13
reference_url https://access.redhat.com/errata/RHSA-2019:4037
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4037
14
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14718.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14718.json
15
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14718
reference_id
reference_type
scores
0
value 0.14845
scoring_system epss
scoring_elements 0.94651
published_at 2026-06-05T12:55:00Z
1
value 0.14845
scoring_system epss
scoring_elements 0.94643
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14718
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361
25
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362
26
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
27
reference_url https://github.com/advisories/GHSA-645p-88qh-w398
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-645p-88qh-w398
28
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
29
reference_url https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
30
reference_url https://github.com/FasterXML/jackson-databind/issues/2097
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2097
31
reference_url https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7
32
reference_url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
33
reference_url https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286@%3Cdev.lucene.apache.org%3E
34
reference_url https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f@%3Cdev.lucene.apache.org%3E
35
reference_url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
36
reference_url https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df@%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df@%3Cdev.lucene.apache.org%3E
37
reference_url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
38
reference_url https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E
39
reference_url https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html
40
reference_url https://seclists.org/bugtraq/2019/May/68
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/May/68
41
reference_url https://security.netapp.com/advisory/ntap-20190530-0003
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190530-0003
42
reference_url https://security.netapp.com/advisory/ntap-20190530-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190530-0003/
43
reference_url https://www.debian.org/security/2019/dsa-4452
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4452
44
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
45
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
46
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
47
reference_url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
48
reference_url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
49
reference_url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
50
reference_url http://www.securityfocus.com/bid/106601
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/106601
51
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1666415
reference_id 1666415
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1666415
52
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14718
reference_id CVE-2018-14718
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14718
53
reference_url https://access.redhat.com/errata/RHSA-2020:2564
reference_id RHSA-2020:2564
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2564
54
reference_url https://access.redhat.com/errata/RHSA-2021:1230
reference_id RHSA-2021:1230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1230
55
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
56
reference_url https://usn.ubuntu.com/USN-4813-1/
reference_id USN-USN-4813-1
reference_type
scores
url https://usn.ubuntu.com/USN-4813-1/
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.2
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18u1-9nc1-2feh
1
vulnerability VCID-1uan-q6u8-affj
2
vulnerability VCID-1z31-s1cu-bbh4
3
vulnerability VCID-5887-pcyq-nkht
4
vulnerability VCID-7svn-u8ub-4faw
5
vulnerability VCID-88hx-kauy-4fcy
6
vulnerability VCID-8ec9-5qt4-duat
7
vulnerability VCID-8fr2-v728-cfcc
8
vulnerability VCID-8htk-33f4-4ufg
9
vulnerability VCID-8kwc-sxvr-skgp
10
vulnerability VCID-8mns-fyju-dqdr
11
vulnerability VCID-auzw-j1fc-jff8
12
vulnerability VCID-cnns-pjex-4ybt
13
vulnerability VCID-d6ez-jva8-hyag
14
vulnerability VCID-ez2q-xgz1-rkab
15
vulnerability VCID-fkct-tzwg-mkh8
16
vulnerability VCID-kdkp-1ucy-w3g1
17
vulnerability VCID-m3y5-xa6w-83b6
18
vulnerability VCID-nz1v-4hgs-6yge
19
vulnerability VCID-qx3m-tcqj-ukc2
20
vulnerability VCID-r92s-4m4x-dqc7
21
vulnerability VCID-r94a-3fq2-efdg
22
vulnerability VCID-rfqz-nf3z-v3a3
23
vulnerability VCID-s61k-e43h-13b5
24
vulnerability VCID-skd6-gqh8-sbba
25
vulnerability VCID-t4kd-zjrn-kueu
26
vulnerability VCID-tfky-edec-13gw
27
vulnerability VCID-ujnp-2f3v-s3h3
28
vulnerability VCID-uzry-ts4t-fbc8
29
vulnerability VCID-vnh3-bvyq-13d6
30
vulnerability VCID-vqke-p81x-sffn
31
vulnerability VCID-w1c4-c4xs-yba4
32
vulnerability VCID-w7nq-y9sx-nfcc
33
vulnerability VCID-wqg8-5kwe-vuem
34
vulnerability VCID-xqz3-k7ts-juck
35
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.2
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-1z31-s1cu-bbh4
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-7svn-u8ub-4faw
4
vulnerability VCID-88hx-kauy-4fcy
5
vulnerability VCID-8ec9-5qt4-duat
6
vulnerability VCID-8fr2-v728-cfcc
7
vulnerability VCID-8htk-33f4-4ufg
8
vulnerability VCID-8kwc-sxvr-skgp
9
vulnerability VCID-auzw-j1fc-jff8
10
vulnerability VCID-cnns-pjex-4ybt
11
vulnerability VCID-ez2q-xgz1-rkab
12
vulnerability VCID-fkct-tzwg-mkh8
13
vulnerability VCID-kdkp-1ucy-w3g1
14
vulnerability VCID-m3y5-xa6w-83b6
15
vulnerability VCID-nz1v-4hgs-6yge
16
vulnerability VCID-qx3m-tcqj-ukc2
17
vulnerability VCID-r92s-4m4x-dqc7
18
vulnerability VCID-r94a-3fq2-efdg
19
vulnerability VCID-rfqz-nf3z-v3a3
20
vulnerability VCID-s61k-e43h-13b5
21
vulnerability VCID-skd6-gqh8-sbba
22
vulnerability VCID-tfky-edec-13gw
23
vulnerability VCID-ujnp-2f3v-s3h3
24
vulnerability VCID-uzry-ts4t-fbc8
25
vulnerability VCID-vnh3-bvyq-13d6
26
vulnerability VCID-vqke-p81x-sffn
27
vulnerability VCID-w1c4-c4xs-yba4
28
vulnerability VCID-w7nq-y9sx-nfcc
29
vulnerability VCID-xqz3-k7ts-juck
30
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
2
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-39mg-y1k8-xbf9
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-7svn-u8ub-4faw
4
vulnerability VCID-88hx-kauy-4fcy
5
vulnerability VCID-8fr2-v728-cfcc
6
vulnerability VCID-8htk-33f4-4ufg
7
vulnerability VCID-8kwc-sxvr-skgp
8
vulnerability VCID-auzw-j1fc-jff8
9
vulnerability VCID-cnns-pjex-4ybt
10
vulnerability VCID-fkct-tzwg-mkh8
11
vulnerability VCID-nz1v-4hgs-6yge
12
vulnerability VCID-p52x-ese3-qkha
13
vulnerability VCID-qx3m-tcqj-ukc2
14
vulnerability VCID-r92s-4m4x-dqc7
15
vulnerability VCID-r94a-3fq2-efdg
16
vulnerability VCID-rfqz-nf3z-v3a3
17
vulnerability VCID-s61k-e43h-13b5
18
vulnerability VCID-skd6-gqh8-sbba
19
vulnerability VCID-t4kd-zjrn-kueu
20
vulnerability VCID-t79w-jeyp-suaw
21
vulnerability VCID-u37s-5nn4-wqbx
22
vulnerability VCID-uzry-ts4t-fbc8
23
vulnerability VCID-vnh3-bvyq-13d6
24
vulnerability VCID-vqke-p81x-sffn
25
vulnerability VCID-w1c4-c4xs-yba4
26
vulnerability VCID-w7nq-y9sx-nfcc
27
vulnerability VCID-wqg8-5kwe-vuem
28
vulnerability VCID-xqz3-k7ts-juck
29
vulnerability VCID-zbfc-s76k-gfgv
30
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5
3
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-39mg-y1k8-xbf9
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-7svn-u8ub-4faw
4
vulnerability VCID-88hx-kauy-4fcy
5
vulnerability VCID-8fr2-v728-cfcc
6
vulnerability VCID-8htk-33f4-4ufg
7
vulnerability VCID-8kwc-sxvr-skgp
8
vulnerability VCID-auzw-j1fc-jff8
9
vulnerability VCID-cnns-pjex-4ybt
10
vulnerability VCID-fkct-tzwg-mkh8
11
vulnerability VCID-nz1v-4hgs-6yge
12
vulnerability VCID-p52x-ese3-qkha
13
vulnerability VCID-qx3m-tcqj-ukc2
14
vulnerability VCID-r92s-4m4x-dqc7
15
vulnerability VCID-r94a-3fq2-efdg
16
vulnerability VCID-rfqz-nf3z-v3a3
17
vulnerability VCID-s61k-e43h-13b5
18
vulnerability VCID-skd6-gqh8-sbba
19
vulnerability VCID-t4kd-zjrn-kueu
20
vulnerability VCID-t79w-jeyp-suaw
21
vulnerability VCID-u37s-5nn4-wqbx
22
vulnerability VCID-uzry-ts4t-fbc8
23
vulnerability VCID-vnh3-bvyq-13d6
24
vulnerability VCID-vqke-p81x-sffn
25
vulnerability VCID-w1c4-c4xs-yba4
26
vulnerability VCID-w7nq-y9sx-nfcc
27
vulnerability VCID-wqg8-5kwe-vuem
28
vulnerability VCID-xqz3-k7ts-juck
29
vulnerability VCID-zbfc-s76k-gfgv
30
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
4
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18u1-9nc1-2feh
1
vulnerability VCID-1uan-q6u8-affj
2
vulnerability VCID-1z31-s1cu-bbh4
3
vulnerability VCID-314g-t8xy-5khg
4
vulnerability VCID-5887-pcyq-nkht
5
vulnerability VCID-7svn-u8ub-4faw
6
vulnerability VCID-88hx-kauy-4fcy
7
vulnerability VCID-89dx-2s8k-mufw
8
vulnerability VCID-8fr2-v728-cfcc
9
vulnerability VCID-8htk-33f4-4ufg
10
vulnerability VCID-8kwc-sxvr-skgp
11
vulnerability VCID-8mns-fyju-dqdr
12
vulnerability VCID-auzw-j1fc-jff8
13
vulnerability VCID-c1uz-emh5-9fhe
14
vulnerability VCID-cnns-pjex-4ybt
15
vulnerability VCID-crra-28kn-mqab
16
vulnerability VCID-d6ez-jva8-hyag
17
vulnerability VCID-dd77-bpcr-zfam
18
vulnerability VCID-fkct-tzwg-mkh8
19
vulnerability VCID-gxpn-pz3c-gugf
20
vulnerability VCID-nz1v-4hgs-6yge
21
vulnerability VCID-p52x-ese3-qkha
22
vulnerability VCID-q6zd-khan-9yhj
23
vulnerability VCID-q7ye-13eq-vuhy
24
vulnerability VCID-qx3m-tcqj-ukc2
25
vulnerability VCID-r92s-4m4x-dqc7
26
vulnerability VCID-r94a-3fq2-efdg
27
vulnerability VCID-rfqz-nf3z-v3a3
28
vulnerability VCID-rsg7-5tup-4bd1
29
vulnerability VCID-s61k-e43h-13b5
30
vulnerability VCID-skd6-gqh8-sbba
31
vulnerability VCID-t4kd-zjrn-kueu
32
vulnerability VCID-ujnp-2f3v-s3h3
33
vulnerability VCID-uzry-ts4t-fbc8
34
vulnerability VCID-vnh3-bvyq-13d6
35
vulnerability VCID-vqke-p81x-sffn
36
vulnerability VCID-w1c4-c4xs-yba4
37
vulnerability VCID-w5gg-jtut-qkcc
38
vulnerability VCID-w7nq-y9sx-nfcc
39
vulnerability VCID-xqz3-k7ts-juck
40
vulnerability VCID-y3uj-myy6-kbha
41
vulnerability VCID-z9uf-p9w2-57fj
42
vulnerability VCID-zbfc-s76k-gfgv
43
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7
aliases CVE-2018-14718, GHSA-645p-88qh-w398
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wqg8-5kwe-vuem
31
url VCID-xqz3-k7ts-juck
vulnerability_id VCID-xqz3-k7ts-juck
summary 
Code Injection in jackson-databind
This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24616.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24616.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-24616
reference_id
reference_type
scores
0
value 0.02908
scoring_system epss
scoring_elements 0.86653
published_at 2026-06-05T12:55:00Z
1
value 0.02908
scoring_system epss
scoring_elements 0.8663
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-24616
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24616
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24616
3
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
4
reference_url https://github.com/FasterXML/jackson-databind/commit/3d97153944f7de9c19c1b3637b33d3cf1fbbe4d7
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/3d97153944f7de9c19c1b3637b33d3cf1fbbe4d7
5
reference_url https://github.com/FasterXML/jackson-databind/issues/2814
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2814
6
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
7
reference_url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
8
reference_url https://security.netapp.com/advisory/ntap-20200904-0006
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200904-0006
9
reference_url https://security.netapp.com/advisory/ntap-20200904-0006/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200904-0006/
10
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
11
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
12
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
13
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
14
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
15
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1872707
reference_id 1872707
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1872707
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-24616
reference_id CVE-2020-24616
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-24616
18
reference_url https://github.com/advisories/GHSA-h3cw-g4mq-c5x2
reference_id GHSA-h3cw-g4mq-c5x2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h3cw-g4mq-c5x2
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z31-s1cu-bbh4
1
vulnerability VCID-5887-pcyq-nkht
2
vulnerability VCID-8fr2-v728-cfcc
3
vulnerability VCID-8kwc-sxvr-skgp
4
vulnerability VCID-fkct-tzwg-mkh8
5
vulnerability VCID-nz1v-4hgs-6yge
6
vulnerability VCID-qx3m-tcqj-ukc2
7
vulnerability VCID-r92s-4m4x-dqc7
8
vulnerability VCID-r94a-3fq2-efdg
9
vulnerability VCID-rfqz-nf3z-v3a3
10
vulnerability VCID-vnh3-bvyq-13d6
11
vulnerability VCID-w1c4-c4xs-yba4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6
aliases CVE-2020-24616, GHSA-h3cw-g4mq-c5x2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xqz3-k7ts-juck
32
url VCID-zm3q-aquc-pqg7
vulnerability_id VCID-zm3q-aquc-pqg7
summary 
Deserialization of Untrusted Data
A flaw was discovered in FasterXML jackson-databind that permits polymorphic deserialization of malicious objects. Specifically when the xalan JNDI gadget is used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()`. The gadget may also be combined with `@JsonTypeInfo` when it is using `Id.CLASS` or `Id.MINIMAL_CLASS`, or in any other way which `ObjectMapper.readValue` might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0729
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0729
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14893.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14893.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14893
reference_id
reference_type
scores
0
value 0.00983
scoring_system epss
scoring_elements 0.7718
published_at 2026-06-05T12:55:00Z
1
value 0.00983
scoring_system epss
scoring_elements 0.77148
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14893
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14893
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14893
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14893
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14893
5
reference_url https://github.com/FasterXML/jackson-databind/commit/998efd708284778f29d83d7962a9bd935c228317
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/998efd708284778f29d83d7962a9bd935c228317
6
reference_url https://github.com/FasterXML/jackson-databind/issues/2469
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2469
7
reference_url https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
9
reference_url https://security.netapp.com/advisory/ntap-20200327-0006
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200327-0006
10
reference_url https://security.netapp.com/advisory/ntap-20200327-0006/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200327-0006/
11
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
12
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1758182
reference_id 1758182
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1758182
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14893
reference_id CVE-2019-14893
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14893
15
reference_url https://github.com/advisories/GHSA-qmqc-x3r4-6v39
reference_id GHSA-qmqc-x3r4-6v39
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qmqc-x3r4-6v39
16
reference_url https://access.redhat.com/errata/RHSA-2020:0895
reference_id RHSA-2020:0895
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0895
17
reference_url https://access.redhat.com/errata/RHSA-2020:0899
reference_id RHSA-2020:0899
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0899
18
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
19
reference_url https://access.redhat.com/errata/RHSA-2020:2333
reference_id RHSA-2020:2333
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2333
20
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-39mg-y1k8-xbf9
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-88hx-kauy-4fcy
4
vulnerability VCID-8fr2-v728-cfcc
5
vulnerability VCID-8htk-33f4-4ufg
6
vulnerability VCID-8kwc-sxvr-skgp
7
vulnerability VCID-auzw-j1fc-jff8
8
vulnerability VCID-cnns-pjex-4ybt
9
vulnerability VCID-fkct-tzwg-mkh8
10
vulnerability VCID-nz1v-4hgs-6yge
11
vulnerability VCID-qx3m-tcqj-ukc2
12
vulnerability VCID-r92s-4m4x-dqc7
13
vulnerability VCID-r94a-3fq2-efdg
14
vulnerability VCID-rfqz-nf3z-v3a3
15
vulnerability VCID-s61k-e43h-13b5
16
vulnerability VCID-skd6-gqh8-sbba
17
vulnerability VCID-t79w-jeyp-suaw
18
vulnerability VCID-u37s-5nn4-wqbx
19
vulnerability VCID-vnh3-bvyq-13d6
20
vulnerability VCID-vqke-p81x-sffn
21
vulnerability VCID-w1c4-c4xs-yba4
22
vulnerability VCID-w7nq-y9sx-nfcc
23
vulnerability VCID-wqg8-5kwe-vuem
24
vulnerability VCID-xqz3-k7ts-juck
25
vulnerability VCID-zbfc-s76k-gfgv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-1z31-s1cu-bbh4
2
vulnerability VCID-314g-t8xy-5khg
3
vulnerability VCID-5887-pcyq-nkht
4
vulnerability VCID-7svn-u8ub-4faw
5
vulnerability VCID-89dx-2s8k-mufw
6
vulnerability VCID-8fr2-v728-cfcc
7
vulnerability VCID-8htk-33f4-4ufg
8
vulnerability VCID-8kwc-sxvr-skgp
9
vulnerability VCID-auzw-j1fc-jff8
10
vulnerability VCID-c1uz-emh5-9fhe
11
vulnerability VCID-crra-28kn-mqab
12
vulnerability VCID-dd77-bpcr-zfam
13
vulnerability VCID-fkct-tzwg-mkh8
14
vulnerability VCID-gxpn-pz3c-gugf
15
vulnerability VCID-nz1v-4hgs-6yge
16
vulnerability VCID-q6zd-khan-9yhj
17
vulnerability VCID-q7ye-13eq-vuhy
18
vulnerability VCID-qx3m-tcqj-ukc2
19
vulnerability VCID-r92s-4m4x-dqc7
20
vulnerability VCID-r94a-3fq2-efdg
21
vulnerability VCID-rfqz-nf3z-v3a3
22
vulnerability VCID-rsg7-5tup-4bd1
23
vulnerability VCID-s61k-e43h-13b5
24
vulnerability VCID-skd6-gqh8-sbba
25
vulnerability VCID-ujnp-2f3v-s3h3
26
vulnerability VCID-uzry-ts4t-fbc8
27
vulnerability VCID-vnh3-bvyq-13d6
28
vulnerability VCID-w1c4-c4xs-yba4
29
vulnerability VCID-w5gg-jtut-qkcc
30
vulnerability VCID-xqz3-k7ts-juck
31
vulnerability VCID-y3uj-myy6-kbha
32
vulnerability VCID-z9uf-p9w2-57fj
33
vulnerability VCID-zbfc-s76k-gfgv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10
aliases CVE-2019-14893, GHSA-qmqc-x3r4-6v39
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zm3q-aquc-pqg7
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.0-rc4