Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/59746?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/59746?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5", "type": "maven", "namespace": "com.fasterxml.jackson.core", "name": "jackson-databind", "version": "2.6.7.5", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.7.9.1", "latest_non_vulnerable_version": "2.16.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41829?format=api", "vulnerability_id": "VCID-4r6g-jwvd-1ke5", "summary": "Unsafe Deserialization in jackson-databind\nFasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.", "references": [ { "reference_url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/2996", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/issues/2996" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210205-0005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210205-0005" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36189", "reference_id": "CVE-2020-36189", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36189" }, { "reference_url": "https://github.com/advisories/GHSA-vfqx-33qm-g869", "reference_id": "GHSA-vfqx-33qm-g869", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vfqx-33qm-g869" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59746?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/59594?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8" } ], "aliases": [ "CVE-2020-36189", "GHSA-vfqx-33qm-g869" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4r6g-jwvd-1ke5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41842?format=api", "vulnerability_id": "VCID-fjz8-msfe-27hv", "summary": "Unsafe Deserialization in jackson-databind\nFasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.", "references": [ { "reference_url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/3004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/issues/3004" }, { "reference_url": "https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436@%3Cissues.spark.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436@%3Cissues.spark.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210205-0005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210205-0005" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36179", "reference_id": "CVE-2020-36179", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36179" }, { "reference_url": "https://github.com/advisories/GHSA-9gph-22xh-8x98", "reference_id": "GHSA-9gph-22xh-8x98", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9gph-22xh-8x98" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59746?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/59594?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8" } ], "aliases": [ "CVE-2020-36179", "GHSA-9gph-22xh-8x98" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fjz8-msfe-27hv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41835?format=api", "vulnerability_id": "VCID-fqzk-v2gt-s7am", "summary": "Unsafe Deserialization in jackson-databind\nFasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.", "references": [ { "reference_url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/3004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/issues/3004" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210205-0005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210205-0005" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36182", "reference_id": "CVE-2020-36182", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36182" }, { "reference_url": "https://github.com/advisories/GHSA-89qr-369f-5m5x", "reference_id": "GHSA-89qr-369f-5m5x", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-89qr-369f-5m5x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59746?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/59594?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8" } ], "aliases": [ "CVE-2020-36182", "GHSA-89qr-369f-5m5x" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fqzk-v2gt-s7am" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41828?format=api", "vulnerability_id": "VCID-h324-unyb-sbac", "summary": "Unsafe Deserialization in jackson-databind\nFasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.", "references": [ { "reference_url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/2996", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/issues/2996" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210205-0005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210205-0005" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36188", "reference_id": "CVE-2020-36188", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36188" }, { "reference_url": "https://github.com/advisories/GHSA-f9xh-2qgp-cq57", "reference_id": "GHSA-f9xh-2qgp-cq57", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f9xh-2qgp-cq57" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59746?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/59594?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8" } ], "aliases": [ "CVE-2020-36188", "GHSA-f9xh-2qgp-cq57" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h324-unyb-sbac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41841?format=api", "vulnerability_id": "VCID-jrfy-e6wv-1kbc", "summary": "Unsafe Deserialization in jackson-databind\nFasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.", "references": [ { "reference_url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/3004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/issues/3004" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210205-0005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210205-0005" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36181", "reference_id": "CVE-2020-36181", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36181" }, { "reference_url": "https://github.com/advisories/GHSA-cvm9-fjm9-3572", "reference_id": "GHSA-cvm9-fjm9-3572", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cvm9-fjm9-3572" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59746?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/59594?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8" } ], "aliases": [ "CVE-2020-36181", "GHSA-cvm9-fjm9-3572" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jrfy-e6wv-1kbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41825?format=api", "vulnerability_id": "VCID-r92s-4m4x-dqc7", "summary": "Unsafe Deserialization in jackson-databind\nFasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.", "references": [ { "reference_url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/12e23c962ffb4cf1857c5461d72ae54cc8008f29", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/commit/12e23c962ffb4cf1857c5461d72ae54cc8008f29" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/3003", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/issues/3003" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210205-0005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210205-0005" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36183", "reference_id": "CVE-2020-36183", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36183" }, { "reference_url": "https://github.com/advisories/GHSA-9m6f-7xcq-8vf8", "reference_id": "GHSA-9m6f-7xcq-8vf8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9m6f-7xcq-8vf8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59746?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/59594?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8" } ], "aliases": [ "CVE-2020-36183", "GHSA-9m6f-7xcq-8vf8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r92s-4m4x-dqc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41830?format=api", "vulnerability_id": "VCID-s61k-e43h-13b5", "summary": "Unsafe Deserialization in jackson-databind\nFasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.", "references": [ { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/2118e71325486c68f089a9761c9d8a11b4ddd1cb", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/commit/2118e71325486c68f089a9761c9d8a11b4ddd1cb" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/6cc9f1a1af323cd156f5668a47e43bab324ae16f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/commit/6cc9f1a1af323cd156f5668a47e43bab324ae16f" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/2798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/issues/2798" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20201009-0003", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20201009-0003" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24750", "reference_id": "CVE-2020-24750", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24750" }, { "reference_url": "https://github.com/advisories/GHSA-qjw2-hr98-qgfh", "reference_id": "GHSA-qjw2-hr98-qgfh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qjw2-hr98-qgfh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59746?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/59753?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6" } ], "aliases": [ "CVE-2020-24750", "GHSA-qjw2-hr98-qgfh" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s61k-e43h-13b5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41836?format=api", "vulnerability_id": "VCID-zvn3-zvr5-buhg", "summary": "Unsafe Deserialization in jackson-databind\nFasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "references": [ { "reference_url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "reference_url": "https://github.com/FasterXML/jackson-databind", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b" }, { "reference_url": "https://github.com/FasterXML/jackson-databind/issues/3004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FasterXML/jackson-databind/issues/3004" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210205-0005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210205-0005" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36180", "reference_id": "CVE-2020-36180", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36180" }, { "reference_url": "https://github.com/advisories/GHSA-8c4j-34r4-xr8g", "reference_id": "GHSA-8c4j-34r4-xr8g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8c4j-34r4-xr8g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59746?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/59594?format=api", "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8" } ], "aliases": [ "CVE-2020-36180", "GHSA-8c4j-34r4-xr8g" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zvn3-zvr5-buhg" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5" }