Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.0
Typemaven
Namespacecom.fasterxml.jackson.core
Namejackson-databind
Version2.8.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.6.7.1
Latest_non_vulnerable_version2.16.0
Affected_by_vulnerabilities
0
url VCID-18u1-9nc1-2feh
vulnerability_id VCID-18u1-9nc1-2feh
summary 
Deserialization of Untrusted Data
FasterXML jackson-databind might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
references
0
reference_url https://github.com/FasterXML/jackson-databind/issues/2186
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/2186
1
reference_url https://issues.apache.org/jira/browse/TINKERPOP-2121
reference_id
reference_type
scores
url https://issues.apache.org/jira/browse/TINKERPOP-2121
2
reference_url http://www.securityfocus.com/bid/107985
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/107985
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-19360
reference_id CVE-2018-19360
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-19360
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p52x-ese3-qkha
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
aliases CVE-2018-19360
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-18u1-9nc1-2feh
1
url VCID-8ec9-5qt4-duat
vulnerability_id VCID-8ec9-5qt4-duat
summary 
Deserialization of Untrusted Data
FasterXML jackson-databind allows unauthenticated remote code execution. This is exploitable via two different gadgets that bypass a denylist.
references
0
reference_url https://github.com/FasterXML/jackson-databind/issues/1899
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/1899
1
reference_url https://security.netapp.com/advisory/ntap-20180423-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180423-0002/
2
reference_url https://www.debian.org/security/2018/dsa-4114
reference_id
reference_type
scores
url https://www.debian.org/security/2018/dsa-4114
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-5968
reference_id CVE-2018-5968
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-5968
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.1
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.1
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4
aliases CVE-2018-5968
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8ec9-5qt4-duat
2
url VCID-8mns-fyju-dqdr
vulnerability_id VCID-8mns-fyju-dqdr
summary 
Deserialization of Untrusted Data
FasterXML jackson-databind might allow attackers to have unspecified impact by leveraging failure to block the `openjpa` class from polymorphic deserialization.
references
0
reference_url https://github.com/FasterXML/jackson-databind/issues/2186
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/2186
1
reference_url https://issues.apache.org/jira/browse/TINKERPOP-2121
reference_id
reference_type
scores
url https://issues.apache.org/jira/browse/TINKERPOP-2121
2
reference_url http://www.securityfocus.com/bid/107985
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/107985
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-19361
reference_id CVE-2018-19361
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-19361
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p52x-ese3-qkha
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
aliases CVE-2018-19361
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8mns-fyju-dqdr
3
url VCID-d6ez-jva8-hyag
vulnerability_id VCID-d6ez-jva8-hyag
summary 
Deserialization of Untrusted Data
FasterXML jackson-databind might allow attackers to have unspecified impact by leveraging failure to block the `jboss-common-core` class from polymorphic deserialization.
references
0
reference_url https://github.com/FasterXML/jackson-databind/issues/2186
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/2186
1
reference_url https://issues.apache.org/jira/browse/TINKERPOP-2121
reference_id
reference_type
scores
url https://issues.apache.org/jira/browse/TINKERPOP-2121
2
reference_url http://www.securityfocus.com/bid/107985
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/107985
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-19362
reference_id CVE-2018-19362
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-19362
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p52x-ese3-qkha
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
aliases CVE-2018-19362
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d6ez-jva8-hyag
4
url VCID-ez2q-xgz1-rkab
vulnerability_id VCID-ez2q-xgz1-rkab
summary 
Deserialization of Untrusted Data
FasterXML jackson-databind allows unauthenticated remote code execution. This is exploitable by sending maliciously crafted JSON input to the `readValue` method of the `ObjectMapper`, bypassing a denylist that is ineffective if the `c3p0` libraries are available in the classpath.
references
0
reference_url https://github.com/FasterXML/jackson-databind/issues/1931
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/1931
1
reference_url https://security.netapp.com/advisory/ntap-20180328-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180328-0001/
2
reference_url https://www.debian.org/security/2018/dsa-4190
reference_id
reference_type
scores
url https://www.debian.org/security/2018/dsa-4190
3
reference_url http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
4
reference_url http://www.securityfocus.com/bid/103203
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/103203
5
reference_url http://www.securitytracker.com/id/1040693
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1040693
6
reference_url http://www.securitytracker.com/id/1041890
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1041890
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-7489
reference_id CVE-2018-7489
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-7489
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.1
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.1
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5
aliases CVE-2018-7489
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ez2q-xgz1-rkab
5
url VCID-kdkp-1ucy-w3g1
vulnerability_id VCID-kdkp-1ucy-w3g1
summary 
Deserialization of Untrusted Data
An issue was discovered in FasterXML jackson-databind. The use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11307
reference_id CVE-2018-11307
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-11307
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.2
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.2
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
aliases CVE-2018-11307
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kdkp-1ucy-w3g1
6
url VCID-m3y5-xa6w-83b6
vulnerability_id VCID-m3y5-xa6w-83b6
summary 
jackson-databind Deserialization of Untrusted Data vulnerability
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:0959
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHBA-2019:0959
1
reference_url https://access.redhat.com/errata/RHSA-2019:0782
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0782
2
reference_url https://access.redhat.com/errata/RHSA-2019:0877
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:0877
3
reference_url https://access.redhat.com/errata/RHSA-2019:1106
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1106
4
reference_url https://access.redhat.com/errata/RHSA-2019:1107
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1107
5
reference_url https://access.redhat.com/errata/RHSA-2019:1108
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1108
6
reference_url https://access.redhat.com/errata/RHSA-2019:1140
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1140
7
reference_url https://access.redhat.com/errata/RHSA-2019:1782
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1782
8
reference_url https://access.redhat.com/errata/RHSA-2019:1797
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1797
9
reference_url https://access.redhat.com/errata/RHSA-2019:1822
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1822
10
reference_url https://access.redhat.com/errata/RHSA-2019:1823
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1823
11
reference_url https://access.redhat.com/errata/RHSA-2019:2804
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2804
12
reference_url https://access.redhat.com/errata/RHSA-2019:2858
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2858
13
reference_url https://access.redhat.com/errata/RHSA-2019:3002
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3002
14
reference_url https://access.redhat.com/errata/RHSA-2019:3140
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3140
15
reference_url https://access.redhat.com/errata/RHSA-2019:3149
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3149
16
reference_url https://access.redhat.com/errata/RHSA-2019:3892
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3892
17
reference_url https://access.redhat.com/errata/RHSA-2019:4037
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:4037
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1671098
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1671098
19
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind
20
reference_url https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a
21
reference_url https://github.com/FasterXML/jackson-databind/commit/7487cf7eb14be2f65a1eb108e8629c07ef45e0a
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/commit/7487cf7eb14be2f65a1eb108e8629c07ef45e0a
22
reference_url https://github.com/FasterXML/jackson-databind/commit/bf261d404c2f79fd3406237710d40ebb03c99d84
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/commit/bf261d404c2f79fd3406237710d40ebb03c99d84
23
reference_url https://github.com/FasterXML/jackson-databind/issues/2052
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/2052
24
reference_url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
28
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC
29
reference_url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
url https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
30
reference_url https://seclists.org/bugtraq/2019/May/68
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/May/68
31
reference_url https://security.netapp.com/advisory/ntap-20190530-0003
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190530-0003
32
reference_url https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf
reference_id
reference_type
scores
url https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf
33
reference_url https://www.debian.org/security/2019/dsa-4452
reference_id
reference_type
scores
url https://www.debian.org/security/2019/dsa-4452
34
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuapr2020.html
35
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuoct2020.html
36
reference_url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
reference_id
reference_type
scores
url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
37
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
38
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12022
reference_id CVE-2018-12022
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-12022
39
reference_url https://github.com/advisories/GHSA-cjjf-94ff-43w7
reference_id GHSA-cjjf-94ff-43w7
reference_type
scores
url https://github.com/advisories/GHSA-cjjf-94ff-43w7
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.2
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.2
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6
aliases CVE-2018-12022, GHSA-cjjf-94ff-43w7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m3y5-xa6w-83b6
7
url VCID-p52x-ese3-qkha
vulnerability_id VCID-p52x-ese3-qkha
summary 
Information Disclosure
A Polymorphic Typing issue was discovered in FasterXML jackson-databind. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.
references
0
reference_url https://github.com/FasterXML/jackson-databind/issues/2341
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/2341
1
reference_url https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12814
reference_id CVE-2019-12814
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-12814
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.4
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.4
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.9.1
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.9.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.9.1
aliases CVE-2019-12814
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p52x-ese3-qkha
8
url VCID-rg7k-kaxv-2ubx
vulnerability_id VCID-rg7k-kaxv-2ubx
summary 
Deserialization of Untrusted Data
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the `readValue` method of the `ObjectMapper`.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1462702
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1462702
1
reference_url https://github.com/FasterXML/jackson-databind/issues/1599
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/1599
2
reference_url https://github.com/FasterXML/jackson-databind/issues/1723
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/1723
3
reference_url https://github.com/FasterXML/jackson-databind/issues/1737
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/1737
4
reference_url https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true
reference_id
reference_type
scores
url https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true
5
reference_url http://www.securityfocus.com/bid/99623
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/99623
6
reference_url http://www.securitytracker.com/id/1039744
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1039744
7
reference_url http://www.securitytracker.com/id/1039947
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1039947
8
reference_url http://www.securitytracker.com/id/1040360
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1040360
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7525
reference_id CVE-2017-7525
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7525
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.9
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.9
aliases CVE-2017-7525
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rg7k-kaxv-2ubx
9
url VCID-tfky-edec-13gw
vulnerability_id VCID-tfky-edec-13gw
summary 
Deserialization of Untrusted Data
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the `readValue` method of the `ObjectMapper`.
references
0
reference_url https://github.com/FasterXML/jackson-databind/issues/1680
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/1680
1
reference_url https://github.com/FasterXML/jackson-databind/issues/1737
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/1737
2
reference_url http://www.securityfocus.com/bid/103880
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/103880
3
reference_url http://www.securitytracker.com/id/1039769
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1039769
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-15095
reference_id CVE-2017-15095
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-15095
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.10
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.10
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.1
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.1
aliases CVE-2017-15095
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tfky-edec-13gw
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.0