Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
Typemaven
Namespacecom.fasterxml.jackson.core
Namejackson-databind
Version2.8.11.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.8.11.4
Latest_non_vulnerable_version2.16.0
Affected_by_vulnerabilities
0
url VCID-p52x-ese3-qkha
vulnerability_id VCID-p52x-ese3-qkha
summary 
Information Disclosure
A Polymorphic Typing issue was discovered in FasterXML jackson-databind. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.
references
0
reference_url https://github.com/FasterXML/jackson-databind/issues/2341
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/2341
1
reference_url https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12814
reference_id CVE-2019-12814
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-12814
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.4
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.4
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.9.1
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.9.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.9.1
aliases CVE-2019-12814
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p52x-ese3-qkha
Fixing_vulnerabilities
0
url VCID-18u1-9nc1-2feh
vulnerability_id VCID-18u1-9nc1-2feh
summary 
Deserialization of Untrusted Data
FasterXML jackson-databind might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
references
0
reference_url https://github.com/FasterXML/jackson-databind/issues/2186
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/2186
1
reference_url https://issues.apache.org/jira/browse/TINKERPOP-2121
reference_id
reference_type
scores
url https://issues.apache.org/jira/browse/TINKERPOP-2121
2
reference_url http://www.securityfocus.com/bid/107985
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/107985
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-19360
reference_id CVE-2018-19360
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-19360
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p52x-ese3-qkha
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5
2
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p52x-ese3-qkha
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
3
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
aliases CVE-2018-19360
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-18u1-9nc1-2feh
1
url VCID-8mns-fyju-dqdr
vulnerability_id VCID-8mns-fyju-dqdr
summary 
Deserialization of Untrusted Data
FasterXML jackson-databind might allow attackers to have unspecified impact by leveraging failure to block the `openjpa` class from polymorphic deserialization.
references
0
reference_url https://github.com/FasterXML/jackson-databind/issues/2186
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/2186
1
reference_url https://issues.apache.org/jira/browse/TINKERPOP-2121
reference_id
reference_type
scores
url https://issues.apache.org/jira/browse/TINKERPOP-2121
2
reference_url http://www.securityfocus.com/bid/107985
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/107985
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-19361
reference_id CVE-2018-19361
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-19361
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p52x-ese3-qkha
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5
2
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p52x-ese3-qkha
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
3
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
aliases CVE-2018-19361
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8mns-fyju-dqdr
2
url VCID-d6ez-jva8-hyag
vulnerability_id VCID-d6ez-jva8-hyag
summary 
Deserialization of Untrusted Data
FasterXML jackson-databind might allow attackers to have unspecified impact by leveraging failure to block the `jboss-common-core` class from polymorphic deserialization.
references
0
reference_url https://github.com/FasterXML/jackson-databind/issues/2186
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/2186
1
reference_url https://issues.apache.org/jira/browse/TINKERPOP-2121
reference_id
reference_type
scores
url https://issues.apache.org/jira/browse/TINKERPOP-2121
2
reference_url http://www.securityfocus.com/bid/107985
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/107985
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-19362
reference_id CVE-2018-19362
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-19362
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p52x-ese3-qkha
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5
2
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p52x-ese3-qkha
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3
3
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
aliases CVE-2018-19362
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d6ez-jva8-hyag
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3