Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
Typemaven
Namespacecom.fasterxml.jackson.core
Namejackson-databind
Version2.9.8
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.9.9
Latest_non_vulnerable_version2.16.0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-18u1-9nc1-2feh
vulnerability_id VCID-18u1-9nc1-2feh
summary 
Deserialization of Untrusted Data
FasterXML jackson-databind might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
references
0
reference_url https://github.com/FasterXML/jackson-databind/issues/2186
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/2186
1
reference_url https://issues.apache.org/jira/browse/TINKERPOP-2121
reference_id
reference_type
scores
url https://issues.apache.org/jira/browse/TINKERPOP-2121
2
reference_url http://www.securityfocus.com/bid/107985
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/107985
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-19360
reference_id CVE-2018-19360
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-19360
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p52x-ese3-qkha
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5
2
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p52x-ese3-qkha
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
3
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
aliases CVE-2018-19360
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-18u1-9nc1-2feh
1
url VCID-8mns-fyju-dqdr
vulnerability_id VCID-8mns-fyju-dqdr
summary 
Deserialization of Untrusted Data
FasterXML jackson-databind might allow attackers to have unspecified impact by leveraging failure to block the `openjpa` class from polymorphic deserialization.
references
0
reference_url https://github.com/FasterXML/jackson-databind/issues/2186
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/2186
1
reference_url https://issues.apache.org/jira/browse/TINKERPOP-2121
reference_id
reference_type
scores
url https://issues.apache.org/jira/browse/TINKERPOP-2121
2
reference_url http://www.securityfocus.com/bid/107985
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/107985
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-19361
reference_id CVE-2018-19361
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-19361
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p52x-ese3-qkha
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5
2
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p52x-ese3-qkha
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
3
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
aliases CVE-2018-19361
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8mns-fyju-dqdr
2
url VCID-d6ez-jva8-hyag
vulnerability_id VCID-d6ez-jva8-hyag
summary 
Deserialization of Untrusted Data
FasterXML jackson-databind might allow attackers to have unspecified impact by leveraging failure to block the `jboss-common-core` class from polymorphic deserialization.
references
0
reference_url https://github.com/FasterXML/jackson-databind/issues/2186
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/2186
1
reference_url https://issues.apache.org/jira/browse/TINKERPOP-2121
reference_id
reference_type
scores
url https://issues.apache.org/jira/browse/TINKERPOP-2121
2
reference_url http://www.securityfocus.com/bid/107985
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/107985
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-19362
reference_id CVE-2018-19362
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-19362
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p52x-ese3-qkha
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5
2
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p52x-ese3-qkha
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
3
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
aliases CVE-2018-19362
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d6ez-jva8-hyag
3
url VCID-w7nq-y9sx-nfcc
vulnerability_id VCID-w7nq-y9sx-nfcc
summary 
Improper Input Validation
Fasterxml Jackson does not properly validate user input leading to a DoS. Specifically, deserializing malicious input of very large values in the nanoseconds field of a time value.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1665601
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1665601
1
reference_url https://github.com/FasterXML/jackson-modules-java8/issues/90
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-modules-java8/issues/90
2
reference_url https://github.com/FasterXML/jackson-modules-java8/pull/87
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-modules-java8/pull/87
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000873
reference_id CVE-2018-1000873
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000873
4
reference_url https://github.com/advisories/GHSA-h4x4-5qp2-wp46
reference_id GHSA-h4x4-5qp2-wp46
reference_type
scores
url https://github.com/advisories/GHSA-h4x4-5qp2-wp46
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
aliases CVE-2018-1000873, GHSA-h4x4-5qp2-wp46
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w7nq-y9sx-nfcc
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8