Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
Typemaven
Namespacecom.fasterxml.jackson.core
Namejackson-databind
Version2.9.10.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.12.7.1
Latest_non_vulnerable_version2.16.0
Affected_by_vulnerabilities
0
url VCID-9h46-72hw-bkcr
vulnerability_id VCID-9h46-72hw-bkcr
summary Multiple vulnerabilities have been found in FasterXML jackson-databind, the worst of which could result in denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42003.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42003.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42003
reference_id
reference_type
scores
0
value 0.00319
scoring_system epss
scoring_elements 0.54935
published_at 2026-04-16T12:55:00Z
1
value 0.00319
scoring_system epss
scoring_elements 0.54897
published_at 2026-04-13T12:55:00Z
2
value 0.00319
scoring_system epss
scoring_elements 0.5492
published_at 2026-04-12T12:55:00Z
3
value 0.00319
scoring_system epss
scoring_elements 0.54939
published_at 2026-04-11T12:55:00Z
4
value 0.00319
scoring_system epss
scoring_elements 0.54926
published_at 2026-04-09T12:55:00Z
5
value 0.00319
scoring_system epss
scoring_elements 0.54928
published_at 2026-04-08T12:55:00Z
6
value 0.00319
scoring_system epss
scoring_elements 0.54883
published_at 2026-04-02T12:55:00Z
7
value 0.00319
scoring_system epss
scoring_elements 0.54909
published_at 2026-04-04T12:55:00Z
8
value 0.00319
scoring_system epss
scoring_elements 0.54878
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42003
2
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
8
reference_url https://github.com/FasterXML/jackson-databind/blob/2.13/release-notes/VERSION-2.x
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/blob/2.13/release-notes/VERSION-2.x
9
reference_url https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1
10
reference_url https://github.com/FasterXML/jackson-databind/commit/2c4a601c626f7790cad9d3c322d244e182838288
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/2c4a601c626f7790cad9d3c322d244e182838288
11
reference_url https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc
12
reference_url https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea
13
reference_url https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45
14
reference_url https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33
15
reference_url https://github.com/FasterXML/jackson-databind/commits/jackson-databind-2.4.0-rc1?after=75b97b8519f0d50c62523ad85170d80a197a2c86+174&branch=jackson-databind-2.4.0-rc1&qualified_name=refs%2Ftags%2Fjackson-databind-2.4.0-rc1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commits/jackson-databind-2.4.0-rc1?after=75b97b8519f0d50c62523ad85170d80a197a2c86+174&branch=jackson-databind-2.4.0-rc1&qualified_name=refs%2Ftags%2Fjackson-databind-2.4.0-rc1
16
reference_url https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.13.4.1...jackson-databind-2.13.4.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.13.4.1...jackson-databind-2.13.4.2
17
reference_url https://github.com/FasterXML/jackson-databind/issues/3590
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/3590
18
reference_url https://github.com/FasterXML/jackson-databind/issues/3627
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/3627
19
reference_url https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42003
21
reference_url https://security.netapp.com/advisory/ntap-20221124-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20221124-0004
22
reference_url https://www.debian.org/security/2022/dsa-5283
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5283
23
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2135244
reference_id 2135244
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2135244
24
reference_url https://github.com/advisories/GHSA-jjjh-jjxp-wpff
reference_id GHSA-jjjh-jjxp-wpff
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jjjh-jjxp-wpff
25
reference_url https://security.gentoo.org/glsa/202210-21
reference_id GLSA-202210-21
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202210-21
26
reference_url https://access.redhat.com/errata/RHSA-2022:7435
reference_id RHSA-2022:7435
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7435
27
reference_url https://access.redhat.com/errata/RHSA-2022:8781
reference_id RHSA-2022:8781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8781
28
reference_url https://access.redhat.com/errata/RHSA-2022:8876
reference_id RHSA-2022:8876
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8876
29
reference_url https://access.redhat.com/errata/RHSA-2022:8889
reference_id RHSA-2022:8889
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8889
30
reference_url https://access.redhat.com/errata/RHSA-2022:9023
reference_id RHSA-2022:9023
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:9023
31
reference_url https://access.redhat.com/errata/RHSA-2022:9032
reference_id RHSA-2022:9032
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:9032
32
reference_url https://access.redhat.com/errata/RHSA-2023:0189
reference_id RHSA-2023:0189
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0189
33
reference_url https://access.redhat.com/errata/RHSA-2023:0261
reference_id RHSA-2023:0261
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0261
34
reference_url https://access.redhat.com/errata/RHSA-2023:0264
reference_id RHSA-2023:0264
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0264
35
reference_url https://access.redhat.com/errata/RHSA-2023:0469
reference_id RHSA-2023:0469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0469
36
reference_url https://access.redhat.com/errata/RHSA-2023:0471
reference_id RHSA-2023:0471
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0471
37
reference_url https://access.redhat.com/errata/RHSA-2023:0552
reference_id RHSA-2023:0552
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0552
38
reference_url https://access.redhat.com/errata/RHSA-2023:0553
reference_id RHSA-2023:0553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0553
39
reference_url https://access.redhat.com/errata/RHSA-2023:0554
reference_id RHSA-2023:0554
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0554
40
reference_url https://access.redhat.com/errata/RHSA-2023:0556
reference_id RHSA-2023:0556
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0556
41
reference_url https://access.redhat.com/errata/RHSA-2023:0713
reference_id RHSA-2023:0713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0713
42
reference_url https://access.redhat.com/errata/RHSA-2023:1006
reference_id RHSA-2023:1006
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1006
43
reference_url https://access.redhat.com/errata/RHSA-2023:1064
reference_id RHSA-2023:1064
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1064
44
reference_url https://access.redhat.com/errata/RHSA-2023:1151
reference_id RHSA-2023:1151
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1151
45
reference_url https://access.redhat.com/errata/RHSA-2023:2097
reference_id RHSA-2023:2097
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2097
46
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
47
reference_url https://access.redhat.com/errata/RHSA-2023:3223
reference_id RHSA-2023:3223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3223
48
reference_url https://access.redhat.com/errata/RHSA-2023:3641
reference_id RHSA-2023:3641
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3641
49
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
50
reference_url https://access.redhat.com/errata/RHSA-2025:1746
reference_id RHSA-2025:1746
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1746
51
reference_url https://access.redhat.com/errata/RHSA-2025:1747
reference_id RHSA-2025:1747
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1747
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4.2
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4.2
aliases CVE-2022-42003, GHSA-jjjh-jjxp-wpff
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9h46-72hw-bkcr
1
url VCID-v2pq-1qhm-4qb9
vulnerability_id VCID-v2pq-1qhm-4qb9
summary Multiple vulnerabilities have been found in FasterXML jackson-databind, the worst of which could result in denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42004.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42004.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42004
reference_id
reference_type
scores
0
value 0.00273
scoring_system epss
scoring_elements 0.50708
published_at 2026-04-04T12:55:00Z
1
value 0.00273
scoring_system epss
scoring_elements 0.50683
published_at 2026-04-02T12:55:00Z
2
value 0.00273
scoring_system epss
scoring_elements 0.5076
published_at 2026-04-16T12:55:00Z
3
value 0.00273
scoring_system epss
scoring_elements 0.50735
published_at 2026-04-12T12:55:00Z
4
value 0.00273
scoring_system epss
scoring_elements 0.50758
published_at 2026-04-11T12:55:00Z
5
value 0.00273
scoring_system epss
scoring_elements 0.50716
published_at 2026-04-09T12:55:00Z
6
value 0.00273
scoring_system epss
scoring_elements 0.50719
published_at 2026-04-13T12:55:00Z
7
value 0.00273
scoring_system epss
scoring_elements 0.50664
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42004
2
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
8
reference_url https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88
9
reference_url https://github.com/FasterXML/jackson-databind/commit/35de19e7144c4df8ab178b800ba86e80c3d84252
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/35de19e7144c4df8ab178b800ba86e80c3d84252
10
reference_url https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea
11
reference_url https://github.com/FasterXML/jackson-databind/issues/3582
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/3582
12
reference_url https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-42004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-42004
14
reference_url https://security.netapp.com/advisory/ntap-20221118-0008
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20221118-0008
15
reference_url https://www.debian.org/security/2022/dsa-5283
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5283
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2135247
reference_id 2135247
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2135247
17
reference_url https://github.com/advisories/GHSA-rgv9-q543-rqg4
reference_id GHSA-rgv9-q543-rqg4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rgv9-q543-rqg4
18
reference_url https://security.gentoo.org/glsa/202210-21
reference_id GLSA-202210-21
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202210-21
19
reference_url https://access.redhat.com/errata/RHSA-2022:7435
reference_id RHSA-2022:7435
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7435
20
reference_url https://access.redhat.com/errata/RHSA-2022:8781
reference_id RHSA-2022:8781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8781
21
reference_url https://access.redhat.com/errata/RHSA-2022:8876
reference_id RHSA-2022:8876
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8876
22
reference_url https://access.redhat.com/errata/RHSA-2022:8889
reference_id RHSA-2022:8889
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8889
23
reference_url https://access.redhat.com/errata/RHSA-2022:9023
reference_id RHSA-2022:9023
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:9023
24
reference_url https://access.redhat.com/errata/RHSA-2022:9032
reference_id RHSA-2022:9032
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:9032
25
reference_url https://access.redhat.com/errata/RHSA-2023:0189
reference_id RHSA-2023:0189
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0189
26
reference_url https://access.redhat.com/errata/RHSA-2023:0264
reference_id RHSA-2023:0264
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0264
27
reference_url https://access.redhat.com/errata/RHSA-2023:0469
reference_id RHSA-2023:0469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0469
28
reference_url https://access.redhat.com/errata/RHSA-2023:0471
reference_id RHSA-2023:0471
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0471
29
reference_url https://access.redhat.com/errata/RHSA-2023:0552
reference_id RHSA-2023:0552
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0552
30
reference_url https://access.redhat.com/errata/RHSA-2023:0553
reference_id RHSA-2023:0553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0553
31
reference_url https://access.redhat.com/errata/RHSA-2023:0554
reference_id RHSA-2023:0554
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0554
32
reference_url https://access.redhat.com/errata/RHSA-2023:0556
reference_id RHSA-2023:0556
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0556
33
reference_url https://access.redhat.com/errata/RHSA-2023:0713
reference_id RHSA-2023:0713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0713
34
reference_url https://access.redhat.com/errata/RHSA-2023:1006
reference_id RHSA-2023:1006
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1006
35
reference_url https://access.redhat.com/errata/RHSA-2023:1064
reference_id RHSA-2023:1064
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1064
36
reference_url https://access.redhat.com/errata/RHSA-2023:2097
reference_id RHSA-2023:2097
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2097
37
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
38
reference_url https://access.redhat.com/errata/RHSA-2023:3223
reference_id RHSA-2023:3223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3223
39
reference_url https://access.redhat.com/errata/RHSA-2023:3641
reference_id RHSA-2023:3641
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3641
40
reference_url https://access.redhat.com/errata/RHSA-2023:3663
reference_id RHSA-2023:3663
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3663
41
reference_url https://access.redhat.com/errata/RHSA-2025:1746
reference_id RHSA-2025:1746
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1746
42
reference_url https://access.redhat.com/errata/RHSA-2025:1747
reference_id RHSA-2025:1747
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1747
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9h46-72hw-bkcr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4
aliases CVE-2022-42004, GHSA-rgv9-q543-rqg4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v2pq-1qhm-4qb9
2
url VCID-v6ek-y7cn-kycd
vulnerability_id VCID-v6ek-y7cn-kycd
summary 
Uncontrolled Resource Consumption
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36518.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36518.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36518
reference_id
reference_type
scores
0
value 0.00514
scoring_system epss
scoring_elements 0.66613
published_at 2026-04-16T12:55:00Z
1
value 0.00514
scoring_system epss
scoring_elements 0.66577
published_at 2026-04-13T12:55:00Z
2
value 0.00514
scoring_system epss
scoring_elements 0.66609
published_at 2026-04-12T12:55:00Z
3
value 0.00514
scoring_system epss
scoring_elements 0.66621
published_at 2026-04-11T12:55:00Z
4
value 0.00514
scoring_system epss
scoring_elements 0.66603
published_at 2026-04-09T12:55:00Z
5
value 0.00514
scoring_system epss
scoring_elements 0.66589
published_at 2026-04-08T12:55:00Z
6
value 0.00514
scoring_system epss
scoring_elements 0.66541
published_at 2026-04-07T12:55:00Z
7
value 0.00514
scoring_system epss
scoring_elements 0.66569
published_at 2026-04-04T12:55:00Z
8
value 0.00514
scoring_system epss
scoring_elements 0.66544
published_at 2026-04-02T12:55:00Z
9
value 0.00514
scoring_system epss
scoring_elements 0.66505
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36518
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
7
reference_url https://github.com/FasterXML/jackson-databind/commit/0a8157c6ca478b1bc7be4ba7dccdb3863275f0de
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/0a8157c6ca478b1bc7be4ba7dccdb3863275f0de
8
reference_url https://github.com/FasterXML/jackson-databind/commit/3cc52f82ecf943e06c1d7c3b078e405fb3923d2b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/3cc52f82ecf943e06c1d7c3b078e405fb3923d2b
9
reference_url https://github.com/FasterXML/jackson-databind/commit/8238ab41d0350fb915797c89d46777b4496b74fd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/8238ab41d0350fb915797c89d46777b4496b74fd
10
reference_url https://github.com/FasterXML/jackson-databind/commit/b3587924ee5d8695942f364d0d404d48d0ea6126
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/b3587924ee5d8695942f364d0d404d48d0ea6126
11
reference_url https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b
12
reference_url https://github.com/FasterXML/jackson-databind/issues/2816
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/
url https://github.com/FasterXML/jackson-databind/issues/2816
13
reference_url https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12
14
reference_url https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13
15
reference_url https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/
url https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html
16
reference_url https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/
url https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html
17
reference_url https://security.netapp.com/advisory/ntap-20220506-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220506-0004
18
reference_url https://www.debian.org/security/2022/dsa-5283
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/
url https://www.debian.org/security/2022/dsa-5283
19
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/
url https://www.oracle.com/security-alerts/cpuapr2022.html
20
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007109
reference_id 1007109
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007109
22
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2064698
reference_id 2064698
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2064698
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36518
reference_id CVE-2020-36518
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36518
24
reference_url https://github.com/advisories/GHSA-57j2-w4cx-62h2
reference_id GHSA-57j2-w4cx-62h2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-57j2-w4cx-62h2
25
reference_url https://security.netapp.com/advisory/ntap-20220506-0004/
reference_id ntap-20220506-0004
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/
url https://security.netapp.com/advisory/ntap-20220506-0004/
26
reference_url https://access.redhat.com/errata/RHSA-2022:2232
reference_id RHSA-2022:2232
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2232
27
reference_url https://access.redhat.com/errata/RHSA-2022:4918
reference_id RHSA-2022:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4918
28
reference_url https://access.redhat.com/errata/RHSA-2022:4919
reference_id RHSA-2022:4919
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4919
29
reference_url https://access.redhat.com/errata/RHSA-2022:4922
reference_id RHSA-2022:4922
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4922
30
reference_url https://access.redhat.com/errata/RHSA-2022:5029
reference_id RHSA-2022:5029
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5029
31
reference_url https://access.redhat.com/errata/RHSA-2022:5101
reference_id RHSA-2022:5101
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5101
32
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
33
reference_url https://access.redhat.com/errata/RHSA-2022:5596
reference_id RHSA-2022:5596
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5596
34
reference_url https://access.redhat.com/errata/RHSA-2022:6407
reference_id RHSA-2022:6407
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6407
35
reference_url https://access.redhat.com/errata/RHSA-2022:6782
reference_id RHSA-2022:6782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6782
36
reference_url https://access.redhat.com/errata/RHSA-2022:6783
reference_id RHSA-2022:6783
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6783
37
reference_url https://access.redhat.com/errata/RHSA-2022:6787
reference_id RHSA-2022:6787
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6787
38
reference_url https://access.redhat.com/errata/RHSA-2022:6819
reference_id RHSA-2022:6819
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6819
39
reference_url https://access.redhat.com/errata/RHSA-2022:7409
reference_id RHSA-2022:7409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7409
40
reference_url https://access.redhat.com/errata/RHSA-2022:7410
reference_id RHSA-2022:7410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7410
41
reference_url https://access.redhat.com/errata/RHSA-2022:7411
reference_id RHSA-2022:7411
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7411
42
reference_url https://access.redhat.com/errata/RHSA-2022:7417
reference_id RHSA-2022:7417
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7417
43
reference_url https://access.redhat.com/errata/RHSA-2022:7435
reference_id RHSA-2022:7435
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7435
44
reference_url https://access.redhat.com/errata/RHSA-2022:8781
reference_id RHSA-2022:8781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8781
45
reference_url https://access.redhat.com/errata/RHSA-2022:8889
reference_id RHSA-2022:8889
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8889
46
reference_url https://access.redhat.com/errata/RHSA-2023:0264
reference_id RHSA-2023:0264
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0264
47
reference_url https://access.redhat.com/errata/RHSA-2023:2312
reference_id RHSA-2023:2312
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2312
48
reference_url https://access.redhat.com/errata/RHSA-2023:3223
reference_id RHSA-2023:3223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3223
49
reference_url https://access.redhat.com/errata/RHSA-2024:3061
reference_id RHSA-2024:3061
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3061
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9h46-72hw-bkcr
1
vulnerability VCID-v2pq-1qhm-4qb9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2.1
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9h46-72hw-bkcr
1
vulnerability VCID-v2pq-1qhm-4qb9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2.1
aliases CVE-2020-36518, GHSA-57j2-w4cx-62h2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v6ek-y7cn-kycd
Fixing_vulnerabilities
0
url VCID-4an1-3hs5-3yd6
vulnerability_id VCID-4an1-3hs5-3yd6
summary 
Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36183.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36183.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36183
reference_id
reference_type
scores
0
value 0.02061
scoring_system epss
scoring_elements 0.83939
published_at 2026-04-16T12:55:00Z
1
value 0.02061
scoring_system epss
scoring_elements 0.83914
published_at 2026-04-13T12:55:00Z
2
value 0.02061
scoring_system epss
scoring_elements 0.83918
published_at 2026-04-12T12:55:00Z
3
value 0.02061
scoring_system epss
scoring_elements 0.83924
published_at 2026-04-11T12:55:00Z
4
value 0.02061
scoring_system epss
scoring_elements 0.83907
published_at 2026-04-09T12:55:00Z
5
value 0.02061
scoring_system epss
scoring_elements 0.83901
published_at 2026-04-08T12:55:00Z
6
value 0.02061
scoring_system epss
scoring_elements 0.83877
published_at 2026-04-07T12:55:00Z
7
value 0.02061
scoring_system epss
scoring_elements 0.83876
published_at 2026-04-04T12:55:00Z
8
value 0.02061
scoring_system epss
scoring_elements 0.83846
published_at 2026-04-01T12:55:00Z
9
value 0.02061
scoring_system epss
scoring_elements 0.8386
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36183
2
reference_url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36183
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36183
4
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
5
reference_url https://github.com/FasterXML/jackson-databind/commit/12e23c962ffb4cf1857c5461d72ae54cc8008f29
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/12e23c962ffb4cf1857c5461d72ae54cc8008f29
6
reference_url https://github.com/FasterXML/jackson-databind/issues/3003
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/3003
7
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
8
reference_url https://security.netapp.com/advisory/ntap-20210205-0005
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210205-0005
9
reference_url https://security.netapp.com/advisory/ntap-20210205-0005/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210205-0005/
10
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
11
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
12
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
13
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
14
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
15
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1913927
reference_id 1913927
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1913927
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36183
reference_id CVE-2020-36183
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36183
18
reference_url https://github.com/advisories/GHSA-9m6f-7xcq-8vf8
reference_id GHSA-9m6f-7xcq-8vf8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9m6f-7xcq-8vf8
19
reference_url https://access.redhat.com/errata/RHSA-2021:1230
reference_id RHSA-2021:1230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1230
20
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16af-yv1z-xufy
1
vulnerability VCID-5r6v-ej7d-ubgv
2
vulnerability VCID-6zee-aqcc-vfbp
3
vulnerability VCID-8h7y-y4pv-cyd3
4
vulnerability VCID-8jw8-6tev-aqgm
5
vulnerability VCID-8tmq-zbmb-m7h4
6
vulnerability VCID-96pq-m4f3-zbad
7
vulnerability VCID-9h46-72hw-bkcr
8
vulnerability VCID-avut-gmwd-jqfp
9
vulnerability VCID-bypv-wfhs-sbe4
10
vulnerability VCID-ceub-d4s9-dkcd
11
vulnerability VCID-cytp-mr4h-g3ds
12
vulnerability VCID-hwnx-vf4v-f3db
13
vulnerability VCID-jcgb-bewy-4kff
14
vulnerability VCID-jx9y-fyfm-bqdr
15
vulnerability VCID-svkb-adja-qfef
16
vulnerability VCID-swqd-uk56-wkat
17
vulnerability VCID-tm7y-tnx3-43dq
18
vulnerability VCID-ukwd-7rkh-sfhj
19
vulnerability VCID-unwq-s63h-uuaw
20
vulnerability VCID-v2pq-1qhm-4qb9
21
vulnerability VCID-v6ek-y7cn-kycd
22
vulnerability VCID-wds4-urpb-euby
23
vulnerability VCID-x6g1-qw1v-jbas
24
vulnerability VCID-ypbt-p34k-hfbc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9h46-72hw-bkcr
1
vulnerability VCID-v2pq-1qhm-4qb9
2
vulnerability VCID-v6ek-y7cn-kycd
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-36183, GHSA-9m6f-7xcq-8vf8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4an1-3hs5-3yd6
1
url VCID-4vx2-s262-ckbp
vulnerability_id VCID-4vx2-s262-ckbp
summary 
Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36188.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36188.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36188
reference_id
reference_type
scores
0
value 0.0944
scoring_system epss
scoring_elements 0.92813
published_at 2026-04-16T12:55:00Z
1
value 0.0944
scoring_system epss
scoring_elements 0.92802
published_at 2026-04-12T12:55:00Z
2
value 0.0944
scoring_system epss
scoring_elements 0.92803
published_at 2026-04-13T12:55:00Z
3
value 0.0944
scoring_system epss
scoring_elements 0.92799
published_at 2026-04-09T12:55:00Z
4
value 0.0944
scoring_system epss
scoring_elements 0.92795
published_at 2026-04-08T12:55:00Z
5
value 0.0944
scoring_system epss
scoring_elements 0.92785
published_at 2026-04-07T12:55:00Z
6
value 0.0944
scoring_system epss
scoring_elements 0.92788
published_at 2026-04-04T12:55:00Z
7
value 0.0944
scoring_system epss
scoring_elements 0.92777
published_at 2026-04-01T12:55:00Z
8
value 0.0944
scoring_system epss
scoring_elements 0.92783
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36188
2
reference_url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36188
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36188
4
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
5
reference_url https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4
6
reference_url https://github.com/FasterXML/jackson-databind/issues/2996
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2996
7
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
8
reference_url https://security.netapp.com/advisory/ntap-20210205-0005
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210205-0005
9
reference_url https://security.netapp.com/advisory/ntap-20210205-0005/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210205-0005/
10
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
11
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
12
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
13
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
14
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
15
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1913934
reference_id 1913934
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1913934
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36188
reference_id CVE-2020-36188
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36188
18
reference_url https://github.com/advisories/GHSA-f9xh-2qgp-cq57
reference_id GHSA-f9xh-2qgp-cq57
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f9xh-2qgp-cq57
19
reference_url https://access.redhat.com/errata/RHSA-2021:1230
reference_id RHSA-2021:1230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1230
20
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16af-yv1z-xufy
1
vulnerability VCID-5r6v-ej7d-ubgv
2
vulnerability VCID-6zee-aqcc-vfbp
3
vulnerability VCID-8h7y-y4pv-cyd3
4
vulnerability VCID-8jw8-6tev-aqgm
5
vulnerability VCID-8tmq-zbmb-m7h4
6
vulnerability VCID-96pq-m4f3-zbad
7
vulnerability VCID-9h46-72hw-bkcr
8
vulnerability VCID-avut-gmwd-jqfp
9
vulnerability VCID-bypv-wfhs-sbe4
10
vulnerability VCID-ceub-d4s9-dkcd
11
vulnerability VCID-cytp-mr4h-g3ds
12
vulnerability VCID-hwnx-vf4v-f3db
13
vulnerability VCID-jcgb-bewy-4kff
14
vulnerability VCID-jx9y-fyfm-bqdr
15
vulnerability VCID-svkb-adja-qfef
16
vulnerability VCID-swqd-uk56-wkat
17
vulnerability VCID-tm7y-tnx3-43dq
18
vulnerability VCID-ukwd-7rkh-sfhj
19
vulnerability VCID-unwq-s63h-uuaw
20
vulnerability VCID-v2pq-1qhm-4qb9
21
vulnerability VCID-v6ek-y7cn-kycd
22
vulnerability VCID-wds4-urpb-euby
23
vulnerability VCID-x6g1-qw1v-jbas
24
vulnerability VCID-ypbt-p34k-hfbc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9h46-72hw-bkcr
1
vulnerability VCID-v2pq-1qhm-4qb9
2
vulnerability VCID-v6ek-y7cn-kycd
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-36188, GHSA-f9xh-2qgp-cq57
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4vx2-s262-ckbp
2
url VCID-7qga-wsz6-kqcn
vulnerability_id VCID-7qga-wsz6-kqcn
summary 
Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36182.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36182.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36182
reference_id
reference_type
scores
0
value 0.02715
scoring_system epss
scoring_elements 0.85941
published_at 2026-04-16T12:55:00Z
1
value 0.02715
scoring_system epss
scoring_elements 0.85922
published_at 2026-04-13T12:55:00Z
2
value 0.02715
scoring_system epss
scoring_elements 0.85928
published_at 2026-04-12T12:55:00Z
3
value 0.02715
scoring_system epss
scoring_elements 0.85931
published_at 2026-04-11T12:55:00Z
4
value 0.02715
scoring_system epss
scoring_elements 0.85916
published_at 2026-04-09T12:55:00Z
5
value 0.02715
scoring_system epss
scoring_elements 0.85906
published_at 2026-04-08T12:55:00Z
6
value 0.02715
scoring_system epss
scoring_elements 0.85888
published_at 2026-04-07T12:55:00Z
7
value 0.02715
scoring_system epss
scoring_elements 0.85884
published_at 2026-04-04T12:55:00Z
8
value 0.02715
scoring_system epss
scoring_elements 0.85867
published_at 2026-04-02T12:55:00Z
9
value 0.02715
scoring_system epss
scoring_elements 0.85855
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36182
2
reference_url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/
url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36182
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36182
4
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
5
reference_url https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b
6
reference_url https://github.com/FasterXML/jackson-databind/issues/3004
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/
url https://github.com/FasterXML/jackson-databind/issues/3004
7
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
8
reference_url https://security.netapp.com/advisory/ntap-20210205-0005
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210205-0005
9
reference_url https://security.netapp.com/advisory/ntap-20210205-0005/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/
url https://security.netapp.com/advisory/ntap-20210205-0005/
10
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/
url https://www.oracle.com/security-alerts/cpuApr2021.html
11
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/
url https://www.oracle.com/security-alerts/cpuapr2022.html
12
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/
url https://www.oracle.com/security-alerts/cpujan2022.html
13
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/
url https://www.oracle.com//security-alerts/cpujul2021.html
14
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
15
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/
url https://www.oracle.com/security-alerts/cpuoct2021.html
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1913926
reference_id 1913926
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1913926
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36182
reference_id CVE-2020-36182
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36182
18
reference_url https://github.com/advisories/GHSA-89qr-369f-5m5x
reference_id GHSA-89qr-369f-5m5x
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-89qr-369f-5m5x
19
reference_url https://access.redhat.com/errata/RHSA-2021:1230
reference_id RHSA-2021:1230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1230
20
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16af-yv1z-xufy
1
vulnerability VCID-5r6v-ej7d-ubgv
2
vulnerability VCID-6zee-aqcc-vfbp
3
vulnerability VCID-8h7y-y4pv-cyd3
4
vulnerability VCID-8jw8-6tev-aqgm
5
vulnerability VCID-8tmq-zbmb-m7h4
6
vulnerability VCID-96pq-m4f3-zbad
7
vulnerability VCID-9h46-72hw-bkcr
8
vulnerability VCID-avut-gmwd-jqfp
9
vulnerability VCID-bypv-wfhs-sbe4
10
vulnerability VCID-ceub-d4s9-dkcd
11
vulnerability VCID-cytp-mr4h-g3ds
12
vulnerability VCID-hwnx-vf4v-f3db
13
vulnerability VCID-jcgb-bewy-4kff
14
vulnerability VCID-jx9y-fyfm-bqdr
15
vulnerability VCID-svkb-adja-qfef
16
vulnerability VCID-swqd-uk56-wkat
17
vulnerability VCID-tm7y-tnx3-43dq
18
vulnerability VCID-ukwd-7rkh-sfhj
19
vulnerability VCID-unwq-s63h-uuaw
20
vulnerability VCID-v2pq-1qhm-4qb9
21
vulnerability VCID-v6ek-y7cn-kycd
22
vulnerability VCID-wds4-urpb-euby
23
vulnerability VCID-x6g1-qw1v-jbas
24
vulnerability VCID-ypbt-p34k-hfbc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9h46-72hw-bkcr
1
vulnerability VCID-v2pq-1qhm-4qb9
2
vulnerability VCID-v6ek-y7cn-kycd
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-36182, GHSA-89qr-369f-5m5x
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7qga-wsz6-kqcn
3
url VCID-8ns6-kacn-dkeg
vulnerability_id VCID-8ns6-kacn-dkeg
summary 
Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36189.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36189.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36189
reference_id
reference_type
scores
0
value 0.03941
scoring_system epss
scoring_elements 0.88356
published_at 2026-04-16T12:55:00Z
1
value 0.03941
scoring_system epss
scoring_elements 0.88343
published_at 2026-04-13T12:55:00Z
2
value 0.03941
scoring_system epss
scoring_elements 0.88351
published_at 2026-04-11T12:55:00Z
3
value 0.03941
scoring_system epss
scoring_elements 0.88341
published_at 2026-04-09T12:55:00Z
4
value 0.03941
scoring_system epss
scoring_elements 0.88335
published_at 2026-04-08T12:55:00Z
5
value 0.03941
scoring_system epss
scoring_elements 0.88315
published_at 2026-04-07T12:55:00Z
6
value 0.03941
scoring_system epss
scoring_elements 0.88311
published_at 2026-04-04T12:55:00Z
7
value 0.03941
scoring_system epss
scoring_elements 0.88289
published_at 2026-04-01T12:55:00Z
8
value 0.03941
scoring_system epss
scoring_elements 0.88297
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36189
2
reference_url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36189
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36189
4
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
5
reference_url https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4
6
reference_url https://github.com/FasterXML/jackson-databind/issues/2996
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2996
7
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
8
reference_url https://security.netapp.com/advisory/ntap-20210205-0005
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210205-0005
9
reference_url https://security.netapp.com/advisory/ntap-20210205-0005/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210205-0005/
10
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
11
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
12
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
13
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
14
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
15
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1913937
reference_id 1913937
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1913937
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36189
reference_id CVE-2020-36189
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36189
18
reference_url https://github.com/advisories/GHSA-vfqx-33qm-g869
reference_id GHSA-vfqx-33qm-g869
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vfqx-33qm-g869
19
reference_url https://access.redhat.com/errata/RHSA-2021:1230
reference_id RHSA-2021:1230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1230
20
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16af-yv1z-xufy
1
vulnerability VCID-5r6v-ej7d-ubgv
2
vulnerability VCID-6zee-aqcc-vfbp
3
vulnerability VCID-8h7y-y4pv-cyd3
4
vulnerability VCID-8jw8-6tev-aqgm
5
vulnerability VCID-8tmq-zbmb-m7h4
6
vulnerability VCID-96pq-m4f3-zbad
7
vulnerability VCID-9h46-72hw-bkcr
8
vulnerability VCID-avut-gmwd-jqfp
9
vulnerability VCID-bypv-wfhs-sbe4
10
vulnerability VCID-ceub-d4s9-dkcd
11
vulnerability VCID-cytp-mr4h-g3ds
12
vulnerability VCID-hwnx-vf4v-f3db
13
vulnerability VCID-jcgb-bewy-4kff
14
vulnerability VCID-jx9y-fyfm-bqdr
15
vulnerability VCID-svkb-adja-qfef
16
vulnerability VCID-swqd-uk56-wkat
17
vulnerability VCID-tm7y-tnx3-43dq
18
vulnerability VCID-ukwd-7rkh-sfhj
19
vulnerability VCID-unwq-s63h-uuaw
20
vulnerability VCID-v2pq-1qhm-4qb9
21
vulnerability VCID-v6ek-y7cn-kycd
22
vulnerability VCID-wds4-urpb-euby
23
vulnerability VCID-x6g1-qw1v-jbas
24
vulnerability VCID-ypbt-p34k-hfbc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9h46-72hw-bkcr
1
vulnerability VCID-v2pq-1qhm-4qb9
2
vulnerability VCID-v6ek-y7cn-kycd
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-36189, GHSA-vfqx-33qm-g869
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8ns6-kacn-dkeg
4
url VCID-cytp-mr4h-g3ds
vulnerability_id VCID-cytp-mr4h-g3ds
summary 
Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36184.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36184.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36184
reference_id
reference_type
scores
0
value 0.0691
scoring_system epss
scoring_elements 0.91423
published_at 2026-04-16T12:55:00Z
1
value 0.0691
scoring_system epss
scoring_elements 0.91398
published_at 2026-04-13T12:55:00Z
2
value 0.0691
scoring_system epss
scoring_elements 0.91399
published_at 2026-04-12T12:55:00Z
3
value 0.0691
scoring_system epss
scoring_elements 0.91396
published_at 2026-04-11T12:55:00Z
4
value 0.0691
scoring_system epss
scoring_elements 0.91348
published_at 2026-04-01T12:55:00Z
5
value 0.0691
scoring_system epss
scoring_elements 0.9139
published_at 2026-04-09T12:55:00Z
6
value 0.0691
scoring_system epss
scoring_elements 0.91383
published_at 2026-04-08T12:55:00Z
7
value 0.0691
scoring_system epss
scoring_elements 0.91371
published_at 2026-04-07T12:55:00Z
8
value 0.0691
scoring_system epss
scoring_elements 0.91364
published_at 2026-04-04T12:55:00Z
9
value 0.0691
scoring_system epss
scoring_elements 0.91354
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36184
2
reference_url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/
url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36184
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36184
4
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
5
reference_url https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a
6
reference_url https://github.com/FasterXML/jackson-databind/issues/2998
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/
url https://github.com/FasterXML/jackson-databind/issues/2998
7
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
8
reference_url https://security.netapp.com/advisory/ntap-20210205-0005
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210205-0005
9
reference_url https://security.netapp.com/advisory/ntap-20210205-0005/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/
url https://security.netapp.com/advisory/ntap-20210205-0005/
10
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/
url https://www.oracle.com/security-alerts/cpuApr2021.html
11
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/
url https://www.oracle.com/security-alerts/cpuapr2022.html
12
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/
url https://www.oracle.com/security-alerts/cpujan2022.html
13
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/
url https://www.oracle.com//security-alerts/cpujul2021.html
14
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
15
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/
url https://www.oracle.com/security-alerts/cpuoct2021.html
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1913928
reference_id 1913928
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1913928
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36184
reference_id CVE-2020-36184
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36184
18
reference_url https://github.com/advisories/GHSA-m6x4-97wx-4q27
reference_id GHSA-m6x4-97wx-4q27
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m6x4-97wx-4q27
19
reference_url https://access.redhat.com/errata/RHSA-2021:1230
reference_id RHSA-2021:1230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1230
20
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9h46-72hw-bkcr
1
vulnerability VCID-v2pq-1qhm-4qb9
2
vulnerability VCID-v6ek-y7cn-kycd
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-36184, GHSA-m6x4-97wx-4q27
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cytp-mr4h-g3ds
5
url VCID-gtzx-y5f1-vye3
vulnerability_id VCID-gtzx-y5f1-vye3
summary 
Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36181.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36181.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36181
reference_id
reference_type
scores
0
value 0.05412
scoring_system epss
scoring_elements 0.9016
published_at 2026-04-16T12:55:00Z
1
value 0.05412
scoring_system epss
scoring_elements 0.90143
published_at 2026-04-13T12:55:00Z
2
value 0.05412
scoring_system epss
scoring_elements 0.90148
published_at 2026-04-12T12:55:00Z
3
value 0.05412
scoring_system epss
scoring_elements 0.90149
published_at 2026-04-11T12:55:00Z
4
value 0.05412
scoring_system epss
scoring_elements 0.90141
published_at 2026-04-09T12:55:00Z
5
value 0.05412
scoring_system epss
scoring_elements 0.90134
published_at 2026-04-08T12:55:00Z
6
value 0.05412
scoring_system epss
scoring_elements 0.90119
published_at 2026-04-07T12:55:00Z
7
value 0.05412
scoring_system epss
scoring_elements 0.90115
published_at 2026-04-04T12:55:00Z
8
value 0.05412
scoring_system epss
scoring_elements 0.90103
published_at 2026-04-02T12:55:00Z
9
value 0.05412
scoring_system epss
scoring_elements 0.901
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36181
2
reference_url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/
url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36181
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36181
4
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
5
reference_url https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b
6
reference_url https://github.com/FasterXML/jackson-databind/issues/3004
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/
url https://github.com/FasterXML/jackson-databind/issues/3004
7
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
8
reference_url https://security.netapp.com/advisory/ntap-20210205-0005
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210205-0005
9
reference_url https://security.netapp.com/advisory/ntap-20210205-0005/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/
url https://security.netapp.com/advisory/ntap-20210205-0005/
10
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/
url https://www.oracle.com/security-alerts/cpuApr2021.html
11
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/
url https://www.oracle.com/security-alerts/cpuapr2022.html
12
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/
url https://www.oracle.com/security-alerts/cpujan2022.html
13
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/
url https://www.oracle.com//security-alerts/cpujul2021.html
14
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
15
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/
url https://www.oracle.com/security-alerts/cpuoct2021.html
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1913874
reference_id 1913874
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1913874
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36181
reference_id CVE-2020-36181
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36181
18
reference_url https://github.com/advisories/GHSA-cvm9-fjm9-3572
reference_id GHSA-cvm9-fjm9-3572
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cvm9-fjm9-3572
19
reference_url https://access.redhat.com/errata/RHSA-2021:1230
reference_id RHSA-2021:1230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1230
20
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16af-yv1z-xufy
1
vulnerability VCID-5r6v-ej7d-ubgv
2
vulnerability VCID-6zee-aqcc-vfbp
3
vulnerability VCID-8h7y-y4pv-cyd3
4
vulnerability VCID-8jw8-6tev-aqgm
5
vulnerability VCID-8tmq-zbmb-m7h4
6
vulnerability VCID-96pq-m4f3-zbad
7
vulnerability VCID-9h46-72hw-bkcr
8
vulnerability VCID-avut-gmwd-jqfp
9
vulnerability VCID-bypv-wfhs-sbe4
10
vulnerability VCID-ceub-d4s9-dkcd
11
vulnerability VCID-cytp-mr4h-g3ds
12
vulnerability VCID-hwnx-vf4v-f3db
13
vulnerability VCID-jcgb-bewy-4kff
14
vulnerability VCID-jx9y-fyfm-bqdr
15
vulnerability VCID-svkb-adja-qfef
16
vulnerability VCID-swqd-uk56-wkat
17
vulnerability VCID-tm7y-tnx3-43dq
18
vulnerability VCID-ukwd-7rkh-sfhj
19
vulnerability VCID-unwq-s63h-uuaw
20
vulnerability VCID-v2pq-1qhm-4qb9
21
vulnerability VCID-v6ek-y7cn-kycd
22
vulnerability VCID-wds4-urpb-euby
23
vulnerability VCID-x6g1-qw1v-jbas
24
vulnerability VCID-ypbt-p34k-hfbc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9h46-72hw-bkcr
1
vulnerability VCID-v2pq-1qhm-4qb9
2
vulnerability VCID-v6ek-y7cn-kycd
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-36181, GHSA-cvm9-fjm9-3572
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gtzx-y5f1-vye3
6
url VCID-jcgb-bewy-4kff
vulnerability_id VCID-jcgb-bewy-4kff
summary 
Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36185.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36185.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36185
reference_id
reference_type
scores
0
value 0.02715
scoring_system epss
scoring_elements 0.85941
published_at 2026-04-16T12:55:00Z
1
value 0.02715
scoring_system epss
scoring_elements 0.85922
published_at 2026-04-13T12:55:00Z
2
value 0.02715
scoring_system epss
scoring_elements 0.85928
published_at 2026-04-12T12:55:00Z
3
value 0.02715
scoring_system epss
scoring_elements 0.85931
published_at 2026-04-11T12:55:00Z
4
value 0.02715
scoring_system epss
scoring_elements 0.85916
published_at 2026-04-09T12:55:00Z
5
value 0.02715
scoring_system epss
scoring_elements 0.85906
published_at 2026-04-08T12:55:00Z
6
value 0.02715
scoring_system epss
scoring_elements 0.85888
published_at 2026-04-07T12:55:00Z
7
value 0.02715
scoring_system epss
scoring_elements 0.85884
published_at 2026-04-04T12:55:00Z
8
value 0.02715
scoring_system epss
scoring_elements 0.85855
published_at 2026-04-01T12:55:00Z
9
value 0.02715
scoring_system epss
scoring_elements 0.85867
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36185
2
reference_url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36185
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36185
4
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
5
reference_url https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a
6
reference_url https://github.com/FasterXML/jackson-databind/issues/2998
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2998
7
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
8
reference_url https://security.netapp.com/advisory/ntap-20210205-0005
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210205-0005
9
reference_url https://security.netapp.com/advisory/ntap-20210205-0005/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210205-0005/
10
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
11
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
12
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
13
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
14
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
15
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1913929
reference_id 1913929
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1913929
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36185
reference_id CVE-2020-36185
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36185
18
reference_url https://github.com/advisories/GHSA-8w26-6f25-cm9x
reference_id GHSA-8w26-6f25-cm9x
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8w26-6f25-cm9x
19
reference_url https://access.redhat.com/errata/RHSA-2021:1230
reference_id RHSA-2021:1230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1230
20
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9h46-72hw-bkcr
1
vulnerability VCID-v2pq-1qhm-4qb9
2
vulnerability VCID-v6ek-y7cn-kycd
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-36185, GHSA-8w26-6f25-cm9x
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jcgb-bewy-4kff
7
url VCID-swqd-uk56-wkat
vulnerability_id VCID-swqd-uk56-wkat
summary 
Serialization gadgets exploit in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35491.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35491.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35491
reference_id
reference_type
scores
0
value 0.05713
scoring_system epss
scoring_elements 0.90441
published_at 2026-04-16T12:55:00Z
1
value 0.05713
scoring_system epss
scoring_elements 0.90426
published_at 2026-04-13T12:55:00Z
2
value 0.05713
scoring_system epss
scoring_elements 0.90433
published_at 2026-04-12T12:55:00Z
3
value 0.05713
scoring_system epss
scoring_elements 0.90425
published_at 2026-04-09T12:55:00Z
4
value 0.05713
scoring_system epss
scoring_elements 0.90419
published_at 2026-04-08T12:55:00Z
5
value 0.05713
scoring_system epss
scoring_elements 0.90405
published_at 2026-04-07T12:55:00Z
6
value 0.05713
scoring_system epss
scoring_elements 0.90401
published_at 2026-04-04T12:55:00Z
7
value 0.05713
scoring_system epss
scoring_elements 0.90386
published_at 2026-04-01T12:55:00Z
8
value 0.05713
scoring_system epss
scoring_elements 0.90388
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35491
2
reference_url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35491
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35491
4
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
5
reference_url https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d
6
reference_url https://github.com/FasterXML/jackson-databind/issues/2986
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2986
7
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-35491
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-35491
9
reference_url https://security.netapp.com/advisory/ntap-20210122-0005
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210122-0005
10
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
11
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
12
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
13
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
14
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
15
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1909269
reference_id 1909269
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1909269
17
reference_url https://github.com/advisories/GHSA-r3gr-cxrf-hg25
reference_id GHSA-r3gr-cxrf-hg25
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r3gr-cxrf-hg25
18
reference_url https://access.redhat.com/errata/RHSA-2021:1230
reference_id RHSA-2021:1230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1230
19
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9h46-72hw-bkcr
1
vulnerability VCID-v2pq-1qhm-4qb9
2
vulnerability VCID-v6ek-y7cn-kycd
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-35491, GHSA-r3gr-cxrf-hg25
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-swqd-uk56-wkat
8
url VCID-u87p-2xgz-e3fj
vulnerability_id VCID-u87p-2xgz-e3fj
summary 
Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36187.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36187.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36187
reference_id
reference_type
scores
0
value 0.02147
scoring_system epss
scoring_elements 0.84251
published_at 2026-04-16T12:55:00Z
1
value 0.02147
scoring_system epss
scoring_elements 0.84229
published_at 2026-04-13T12:55:00Z
2
value 0.02147
scoring_system epss
scoring_elements 0.84232
published_at 2026-04-12T12:55:00Z
3
value 0.02147
scoring_system epss
scoring_elements 0.84238
published_at 2026-04-11T12:55:00Z
4
value 0.02147
scoring_system epss
scoring_elements 0.8422
published_at 2026-04-09T12:55:00Z
5
value 0.02147
scoring_system epss
scoring_elements 0.84214
published_at 2026-04-08T12:55:00Z
6
value 0.02147
scoring_system epss
scoring_elements 0.84192
published_at 2026-04-07T12:55:00Z
7
value 0.02147
scoring_system epss
scoring_elements 0.84191
published_at 2026-04-04T12:55:00Z
8
value 0.02147
scoring_system epss
scoring_elements 0.8416
published_at 2026-04-01T12:55:00Z
9
value 0.02147
scoring_system epss
scoring_elements 0.84173
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36187
2
reference_url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36187
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36187
4
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
5
reference_url https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1
6
reference_url https://github.com/FasterXML/jackson-databind/issues/2997
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2997
7
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36187
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36187
9
reference_url https://security.netapp.com/advisory/ntap-20210205-0005
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210205-0005
10
reference_url https://security.netapp.com/advisory/ntap-20210205-0005/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210205-0005/
11
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
12
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
13
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
14
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
15
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
16
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1913933
reference_id 1913933
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1913933
18
reference_url https://github.com/advisories/GHSA-r695-7vr9-jgc2
reference_id GHSA-r695-7vr9-jgc2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r695-7vr9-jgc2
19
reference_url https://access.redhat.com/errata/RHSA-2021:1230
reference_id RHSA-2021:1230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1230
20
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16af-yv1z-xufy
1
vulnerability VCID-5r6v-ej7d-ubgv
2
vulnerability VCID-6zee-aqcc-vfbp
3
vulnerability VCID-8h7y-y4pv-cyd3
4
vulnerability VCID-8jw8-6tev-aqgm
5
vulnerability VCID-8tmq-zbmb-m7h4
6
vulnerability VCID-96pq-m4f3-zbad
7
vulnerability VCID-9h46-72hw-bkcr
8
vulnerability VCID-avut-gmwd-jqfp
9
vulnerability VCID-bypv-wfhs-sbe4
10
vulnerability VCID-ceub-d4s9-dkcd
11
vulnerability VCID-cytp-mr4h-g3ds
12
vulnerability VCID-hwnx-vf4v-f3db
13
vulnerability VCID-jcgb-bewy-4kff
14
vulnerability VCID-jx9y-fyfm-bqdr
15
vulnerability VCID-svkb-adja-qfef
16
vulnerability VCID-swqd-uk56-wkat
17
vulnerability VCID-tm7y-tnx3-43dq
18
vulnerability VCID-ukwd-7rkh-sfhj
19
vulnerability VCID-unwq-s63h-uuaw
20
vulnerability VCID-v2pq-1qhm-4qb9
21
vulnerability VCID-v6ek-y7cn-kycd
22
vulnerability VCID-wds4-urpb-euby
23
vulnerability VCID-x6g1-qw1v-jbas
24
vulnerability VCID-ypbt-p34k-hfbc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9h46-72hw-bkcr
1
vulnerability VCID-v2pq-1qhm-4qb9
2
vulnerability VCID-v6ek-y7cn-kycd
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-36187, GHSA-r695-7vr9-jgc2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u87p-2xgz-e3fj
9
url VCID-uhnv-3cny-qkgx
vulnerability_id VCID-uhnv-3cny-qkgx
summary 
Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36179.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36179.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36179
reference_id
reference_type
scores
0
value 0.60256
scoring_system epss
scoring_elements 0.98283
published_at 2026-04-16T12:55:00Z
1
value 0.60256
scoring_system epss
scoring_elements 0.98277
published_at 2026-04-13T12:55:00Z
2
value 0.60256
scoring_system epss
scoring_elements 0.98276
published_at 2026-04-11T12:55:00Z
3
value 0.60256
scoring_system epss
scoring_elements 0.98273
published_at 2026-04-09T12:55:00Z
4
value 0.60256
scoring_system epss
scoring_elements 0.98261
published_at 2026-04-01T12:55:00Z
5
value 0.60256
scoring_system epss
scoring_elements 0.98267
published_at 2026-04-07T12:55:00Z
6
value 0.60256
scoring_system epss
scoring_elements 0.98264
published_at 2026-04-02T12:55:00Z
7
value 0.60256
scoring_system epss
scoring_elements 0.98272
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36179
2
reference_url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/
url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36179
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36179
4
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
5
reference_url https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b
6
reference_url https://github.com/FasterXML/jackson-databind/issues/3004
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/
url https://github.com/FasterXML/jackson-databind/issues/3004
7
reference_url https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436@%3Cissues.spark.apache.org%3E
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436@%3Cissues.spark.apache.org%3E
8
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
9
reference_url https://security.netapp.com/advisory/ntap-20210205-0005
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210205-0005
10
reference_url https://security.netapp.com/advisory/ntap-20210205-0005/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/
url https://security.netapp.com/advisory/ntap-20210205-0005/
11
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/
url https://www.oracle.com/security-alerts/cpuApr2021.html
12
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/
url https://www.oracle.com/security-alerts/cpuapr2022.html
13
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/
url https://www.oracle.com/security-alerts/cpujan2022.html
14
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/
url https://www.oracle.com//security-alerts/cpujul2021.html
15
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
16
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/
url https://www.oracle.com/security-alerts/cpuoct2021.html
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1913871
reference_id 1913871
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1913871
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36179
reference_id CVE-2020-36179
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36179
19
reference_url https://github.com/advisories/GHSA-9gph-22xh-8x98
reference_id GHSA-9gph-22xh-8x98
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9gph-22xh-8x98
20
reference_url https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436%40%3Cissues.spark.apache.org%3E
reference_id rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436%40%3Cissues.spark.apache.org%3E
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/
url https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436%40%3Cissues.spark.apache.org%3E
21
reference_url https://access.redhat.com/errata/RHSA-2021:1230
reference_id RHSA-2021:1230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1230
22
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16af-yv1z-xufy
1
vulnerability VCID-5r6v-ej7d-ubgv
2
vulnerability VCID-6zee-aqcc-vfbp
3
vulnerability VCID-8h7y-y4pv-cyd3
4
vulnerability VCID-8jw8-6tev-aqgm
5
vulnerability VCID-8tmq-zbmb-m7h4
6
vulnerability VCID-96pq-m4f3-zbad
7
vulnerability VCID-9h46-72hw-bkcr
8
vulnerability VCID-avut-gmwd-jqfp
9
vulnerability VCID-bypv-wfhs-sbe4
10
vulnerability VCID-ceub-d4s9-dkcd
11
vulnerability VCID-cytp-mr4h-g3ds
12
vulnerability VCID-hwnx-vf4v-f3db
13
vulnerability VCID-jcgb-bewy-4kff
14
vulnerability VCID-jx9y-fyfm-bqdr
15
vulnerability VCID-svkb-adja-qfef
16
vulnerability VCID-swqd-uk56-wkat
17
vulnerability VCID-tm7y-tnx3-43dq
18
vulnerability VCID-ukwd-7rkh-sfhj
19
vulnerability VCID-unwq-s63h-uuaw
20
vulnerability VCID-v2pq-1qhm-4qb9
21
vulnerability VCID-v6ek-y7cn-kycd
22
vulnerability VCID-wds4-urpb-euby
23
vulnerability VCID-x6g1-qw1v-jbas
24
vulnerability VCID-ypbt-p34k-hfbc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9h46-72hw-bkcr
1
vulnerability VCID-v2pq-1qhm-4qb9
2
vulnerability VCID-v6ek-y7cn-kycd
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-36179, GHSA-9gph-22xh-8x98
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uhnv-3cny-qkgx
10
url VCID-ukwd-7rkh-sfhj
vulnerability_id VCID-ukwd-7rkh-sfhj
summary 
Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35728.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35728.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35728
reference_id
reference_type
scores
0
value 0.39669
scoring_system epss
scoring_elements 0.97296
published_at 2026-04-02T12:55:00Z
1
value 0.39669
scoring_system epss
scoring_elements 0.973
published_at 2026-04-04T12:55:00Z
2
value 0.40254
scoring_system epss
scoring_elements 0.97322
published_at 2026-04-01T12:55:00Z
3
value 0.40547
scoring_system epss
scoring_elements 0.97352
published_at 2026-04-09T12:55:00Z
4
value 0.40547
scoring_system epss
scoring_elements 0.97345
published_at 2026-04-07T12:55:00Z
5
value 0.40547
scoring_system epss
scoring_elements 0.97351
published_at 2026-04-08T12:55:00Z
6
value 0.40547
scoring_system epss
scoring_elements 0.97365
published_at 2026-04-16T12:55:00Z
7
value 0.40547
scoring_system epss
scoring_elements 0.97356
published_at 2026-04-13T12:55:00Z
8
value 0.40547
scoring_system epss
scoring_elements 0.97355
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35728
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35728
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35728
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
5
reference_url https://github.com/FasterXML/jackson-databind/commit/1ca0388c2fb37ac6a06f1c188ae89c41e3e15e84
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/1ca0388c2fb37ac6a06f1c188ae89c41e3e15e84
6
reference_url https://github.com/FasterXML/jackson-databind/issues/2999
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/
url https://github.com/FasterXML/jackson-databind/issues/2999
7
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
8
reference_url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
9
reference_url https://security.netapp.com/advisory/ntap-20210129-0007
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210129-0007
10
reference_url https://security.netapp.com/advisory/ntap-20210129-0007/
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/
url https://security.netapp.com/advisory/ntap-20210129-0007/
11
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/
url https://www.oracle.com/security-alerts/cpuApr2021.html
12
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/
url https://www.oracle.com/security-alerts/cpuapr2022.html
13
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/
url https://www.oracle.com/security-alerts/cpujan2022.html
14
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/
url https://www.oracle.com//security-alerts/cpujul2021.html
15
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
16
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/
url https://www.oracle.com/security-alerts/cpuoct2021.html
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1911502
reference_id 1911502
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1911502
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-35728
reference_id CVE-2020-35728
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-35728
19
reference_url https://github.com/advisories/GHSA-5r5r-6hpj-8gg9
reference_id GHSA-5r5r-6hpj-8gg9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5r5r-6hpj-8gg9
20
reference_url https://access.redhat.com/errata/RHSA-2021:1230
reference_id RHSA-2021:1230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1230
21
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9h46-72hw-bkcr
1
vulnerability VCID-v2pq-1qhm-4qb9
2
vulnerability VCID-v6ek-y7cn-kycd
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-35728, GHSA-5r5r-6hpj-8gg9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ukwd-7rkh-sfhj
11
url VCID-wds4-urpb-euby
vulnerability_id VCID-wds4-urpb-euby
summary 
Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36186.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36186.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36186
reference_id
reference_type
scores
0
value 0.02413
scoring_system epss
scoring_elements 0.85126
published_at 2026-04-16T12:55:00Z
1
value 0.02413
scoring_system epss
scoring_elements 0.85105
published_at 2026-04-13T12:55:00Z
2
value 0.02413
scoring_system epss
scoring_elements 0.85108
published_at 2026-04-12T12:55:00Z
3
value 0.02413
scoring_system epss
scoring_elements 0.8511
published_at 2026-04-11T12:55:00Z
4
value 0.02413
scoring_system epss
scoring_elements 0.85094
published_at 2026-04-09T12:55:00Z
5
value 0.02413
scoring_system epss
scoring_elements 0.85087
published_at 2026-04-08T12:55:00Z
6
value 0.02413
scoring_system epss
scoring_elements 0.85065
published_at 2026-04-07T12:55:00Z
7
value 0.02413
scoring_system epss
scoring_elements 0.85061
published_at 2026-04-04T12:55:00Z
8
value 0.02413
scoring_system epss
scoring_elements 0.85031
published_at 2026-04-01T12:55:00Z
9
value 0.02413
scoring_system epss
scoring_elements 0.85044
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36186
2
reference_url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36186
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36186
4
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
5
reference_url https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1
6
reference_url https://github.com/FasterXML/jackson-databind/issues/2997
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2997
7
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
8
reference_url https://security.netapp.com/advisory/ntap-20210205-0005
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210205-0005
9
reference_url https://security.netapp.com/advisory/ntap-20210205-0005/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210205-0005/
10
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
11
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
12
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
13
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
14
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
15
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1913931
reference_id 1913931
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1913931
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36186
reference_id CVE-2020-36186
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36186
18
reference_url https://github.com/advisories/GHSA-v585-23hc-c647
reference_id GHSA-v585-23hc-c647
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v585-23hc-c647
19
reference_url https://access.redhat.com/errata/RHSA-2021:1230
reference_id RHSA-2021:1230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1230
20
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9h46-72hw-bkcr
1
vulnerability VCID-v2pq-1qhm-4qb9
2
vulnerability VCID-v6ek-y7cn-kycd
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-36186, GHSA-v585-23hc-c647
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wds4-urpb-euby
12
url VCID-yp37-9z2d-akaj
vulnerability_id VCID-yp37-9z2d-akaj
summary 
Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36180.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36180.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36180
reference_id
reference_type
scores
0
value 0.02715
scoring_system epss
scoring_elements 0.85941
published_at 2026-04-16T12:55:00Z
1
value 0.02715
scoring_system epss
scoring_elements 0.85922
published_at 2026-04-13T12:55:00Z
2
value 0.02715
scoring_system epss
scoring_elements 0.85928
published_at 2026-04-12T12:55:00Z
3
value 0.02715
scoring_system epss
scoring_elements 0.85931
published_at 2026-04-11T12:55:00Z
4
value 0.02715
scoring_system epss
scoring_elements 0.85916
published_at 2026-04-09T12:55:00Z
5
value 0.02715
scoring_system epss
scoring_elements 0.85906
published_at 2026-04-08T12:55:00Z
6
value 0.02715
scoring_system epss
scoring_elements 0.85888
published_at 2026-04-07T12:55:00Z
7
value 0.02715
scoring_system epss
scoring_elements 0.85884
published_at 2026-04-04T12:55:00Z
8
value 0.02715
scoring_system epss
scoring_elements 0.85867
published_at 2026-04-02T12:55:00Z
9
value 0.02715
scoring_system epss
scoring_elements 0.85855
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36180
2
reference_url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/
url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36180
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36180
4
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
5
reference_url https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b
6
reference_url https://github.com/FasterXML/jackson-databind/issues/3004
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/
url https://github.com/FasterXML/jackson-databind/issues/3004
7
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
8
reference_url https://security.netapp.com/advisory/ntap-20210205-0005
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210205-0005
9
reference_url https://security.netapp.com/advisory/ntap-20210205-0005/
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/
url https://security.netapp.com/advisory/ntap-20210205-0005/
10
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/
url https://www.oracle.com/security-alerts/cpuApr2021.html
11
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/
url https://www.oracle.com/security-alerts/cpuapr2022.html
12
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/
url https://www.oracle.com/security-alerts/cpujan2022.html
13
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/
url https://www.oracle.com//security-alerts/cpujul2021.html
14
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
15
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/
url https://www.oracle.com/security-alerts/cpuoct2021.html
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1913872
reference_id 1913872
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1913872
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36180
reference_id CVE-2020-36180
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36180
18
reference_url https://github.com/advisories/GHSA-8c4j-34r4-xr8g
reference_id GHSA-8c4j-34r4-xr8g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8c4j-34r4-xr8g
19
reference_url https://access.redhat.com/errata/RHSA-2021:1230
reference_id RHSA-2021:1230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1230
20
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16af-yv1z-xufy
1
vulnerability VCID-5r6v-ej7d-ubgv
2
vulnerability VCID-6zee-aqcc-vfbp
3
vulnerability VCID-8h7y-y4pv-cyd3
4
vulnerability VCID-8jw8-6tev-aqgm
5
vulnerability VCID-8tmq-zbmb-m7h4
6
vulnerability VCID-96pq-m4f3-zbad
7
vulnerability VCID-9h46-72hw-bkcr
8
vulnerability VCID-avut-gmwd-jqfp
9
vulnerability VCID-bypv-wfhs-sbe4
10
vulnerability VCID-ceub-d4s9-dkcd
11
vulnerability VCID-cytp-mr4h-g3ds
12
vulnerability VCID-hwnx-vf4v-f3db
13
vulnerability VCID-jcgb-bewy-4kff
14
vulnerability VCID-jx9y-fyfm-bqdr
15
vulnerability VCID-svkb-adja-qfef
16
vulnerability VCID-swqd-uk56-wkat
17
vulnerability VCID-tm7y-tnx3-43dq
18
vulnerability VCID-ukwd-7rkh-sfhj
19
vulnerability VCID-unwq-s63h-uuaw
20
vulnerability VCID-v2pq-1qhm-4qb9
21
vulnerability VCID-v6ek-y7cn-kycd
22
vulnerability VCID-wds4-urpb-euby
23
vulnerability VCID-x6g1-qw1v-jbas
24
vulnerability VCID-ypbt-p34k-hfbc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9h46-72hw-bkcr
1
vulnerability VCID-v2pq-1qhm-4qb9
2
vulnerability VCID-v6ek-y7cn-kycd
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-36180, GHSA-8c4j-34r4-xr8g
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yp37-9z2d-akaj
13
url VCID-ypbt-p34k-hfbc
vulnerability_id VCID-ypbt-p34k-hfbc
summary 
Serialization gadgets exploit in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35490.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35490.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35490
reference_id
reference_type
scores
0
value 0.03916
scoring_system epss
scoring_elements 0.88317
published_at 2026-04-16T12:55:00Z
1
value 0.03916
scoring_system epss
scoring_elements 0.88303
published_at 2026-04-13T12:55:00Z
2
value 0.03916
scoring_system epss
scoring_elements 0.88311
published_at 2026-04-11T12:55:00Z
3
value 0.03916
scoring_system epss
scoring_elements 0.88301
published_at 2026-04-09T12:55:00Z
4
value 0.03916
scoring_system epss
scoring_elements 0.88295
published_at 2026-04-08T12:55:00Z
5
value 0.03916
scoring_system epss
scoring_elements 0.88275
published_at 2026-04-07T12:55:00Z
6
value 0.03916
scoring_system epss
scoring_elements 0.8827
published_at 2026-04-04T12:55:00Z
7
value 0.03916
scoring_system epss
scoring_elements 0.88247
published_at 2026-04-01T12:55:00Z
8
value 0.03916
scoring_system epss
scoring_elements 0.88254
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35490
2
reference_url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35490
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35490
4
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
5
reference_url https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d
6
reference_url https://github.com/FasterXML/jackson-databind/issues/2986
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/2986
7
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-35490
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-35490
9
reference_url https://security.netapp.com/advisory/ntap-20210122-0005
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210122-0005
10
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
11
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
12
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
13
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
14
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
15
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1909266
reference_id 1909266
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1909266
17
reference_url https://github.com/advisories/GHSA-wh8g-3j2c-rqj5
reference_id GHSA-wh8g-3j2c-rqj5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wh8g-3j2c-rqj5
18
reference_url https://access.redhat.com/errata/RHSA-2021:1230
reference_id RHSA-2021:1230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1230
19
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9h46-72hw-bkcr
1
vulnerability VCID-v2pq-1qhm-4qb9
2
vulnerability VCID-v6ek-y7cn-kycd
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-35490, GHSA-wh8g-3j2c-rqj5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ypbt-p34k-hfbc
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8