Package Instance

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/3d932709abd0b5390efe67451653fc9efa9db677

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/3d932709abd0b5390efe67451653fc9efa9db677

reference_url

https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59

reference_url

https://github.com/FasterXML/jackson-databind/issues/2589

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2589

reference_url

https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386@%3Ccommits.turbine.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386@%3Ccommits.turbine.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a@%3Cnotifications.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a@%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6@%3Cjira.kafka.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6@%3Cjira.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1@%3Cjira.kafka.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1@%3Cjira.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1@%3Cdev.hive.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1@%3Cdev.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb@%3Ccommits.karaf.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb@%3Ccommits.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd@%3Cissues.flink.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd@%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71@%3Cjira.kafka.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71@%3Cjira.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042@%3Creviews.iotdb.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042@%3Creviews.iotdb.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956@%3Cjira.kafka.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956@%3Cjira.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805@%3Cnotifications.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805@%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61@%3Cdev.knox.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61@%3Cdev.knox.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cdev.kafka.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cdev.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cusers.kafka.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cusers.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb@%3Creviews.iotdb.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb@%3Creviews.iotdb.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4@%3Cnotifications.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4@%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07@%3Ccommits.iotdb.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07@%3Ccommits.iotdb.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8@%3Cnotifications.iotdb.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8@%3Cnotifications.iotdb.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e@%3Cjira.kafka.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e@%3Cjira.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60@%3Creviews.iotdb.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60@%3Creviews.iotdb.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5@%3Ccommits.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5@%3Ccommits.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3@%3Cuser.spark.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3@%3Cuser.spark.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cdev.kafka.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cdev.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cusers.kafka.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cusers.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0@%3Cdev.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0@%3Cdev.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22@%3Ccommits.karaf.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22@%3Ccommits.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7@%3Ccommits.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7@%3Ccommits.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a@%3Ccommits.tomee.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a@%3Ccommits.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130@%3Cjira.kafka.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130@%3Cjira.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3@%3Cissues.flink.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3@%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b@%3Cjira.kafka.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b@%3Cjira.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2@%3Cjira.kafka.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2@%3Cjira.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb@%3Cdev.knox.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb@%3Cdev.knox.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d@%3Ccommits.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d@%3Ccommits.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54@%3Cjira.kafka.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54@%3Cjira.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d@%3Cjira.kafka.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d@%3Cjira.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc@%3Ccommits.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc@%3Ccommits.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1@%3Ccommits.karaf.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1@%3Ccommits.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca@%3Cjira.kafka.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca@%3Cjira.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402@%3Ccommits.karaf.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402@%3Ccommits.karaf.apache.org%3E

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT

reference_url

https://security.netapp.com/advisory/ntap-20210108-0007

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210108-0007

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-25649

reference_id

CVE-2020-25649

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-25649

reference_url	https://access.redhat.com/errata/RHSA-2020:4312
reference_id	RHSA-2020:4312
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4312

reference_url	https://access.redhat.com/errata/RHSA-2020:4379
reference_id	RHSA-2020:4379
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4379

reference_url	https://access.redhat.com/errata/RHSA-2020:4401
reference_id	RHSA-2020:4401
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4401

reference_url	https://access.redhat.com/errata/RHSA-2020:4402
reference_id	RHSA-2020:4402
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4402

reference_url	https://access.redhat.com/errata/RHSA-2020:5340
reference_id	RHSA-2020:5340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5340

reference_url	https://access.redhat.com/errata/RHSA-2020:5341
reference_id	RHSA-2020:5341
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5341

reference_url	https://access.redhat.com/errata/RHSA-2020:5342
reference_id	RHSA-2020:5342
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5342

reference_url	https://access.redhat.com/errata/RHSA-2020:5344
reference_id	RHSA-2020:5344
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5344

reference_url	https://access.redhat.com/errata/RHSA-2020:5361
reference_id	RHSA-2020:5361
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5361

reference_url	https://access.redhat.com/errata/RHSA-2020:5410
reference_id	RHSA-2020:5410
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5410

reference_url	https://access.redhat.com/errata/RHSA-2020:5533
reference_id	RHSA-2020:5533
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5533

reference_url	https://access.redhat.com/errata/RHSA-2021:0381
reference_id	RHSA-2021:0381
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0381

reference_url	https://access.redhat.com/errata/RHSA-2021:0811
reference_id	RHSA-2021:0811
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0811

reference_url	https://access.redhat.com/errata/RHSA-2021:1260
reference_id	RHSA-2021:1260
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1260

reference_url	https://access.redhat.com/errata/RHSA-2021:1429
reference_id	RHSA-2021:1429
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1429

reference_url	https://access.redhat.com/errata/RHSA-2021:2039
reference_id	RHSA-2021:2039
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2039

reference_url	https://access.redhat.com/errata/RHSA-2021:2475
reference_id	RHSA-2021:2475
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2475

reference_url	https://access.redhat.com/errata/RHSA-2021:2476
reference_id	RHSA-2021:2476
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2476

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.7

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-vnh3-bvyq-13d6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.7

url	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.5.1
purl	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.5.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.5.1

aliases CVE-2020-25649, GHSA-288c-cq4h-88gq

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1z31-s1cu-bbh4

url VCID-314g-t8xy-5khg

vulnerability_id VCID-314g-t8xy-5khg

summary

jackson-databind mishandles the interaction between serialization gadgets and typing
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11619.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11619.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-11619

reference_id

reference_type

scores

value	0.01367
scoring_system	epss
scoring_elements	0.80535
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-11619

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2680

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2680

reference_url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html

reference_url

https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

https://security.netapp.com/advisory/ntap-20200511-0004

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200511-0004

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1826805
reference_id	1826805
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1826805

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-11619

reference_id

CVE-2020-11619

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-11619

reference_url	https://github.com/advisories/GHSA-27xj-rqx5-2255
reference_id	GHSA-27xj-rqx5-2255
reference_type
scores
url	https://github.com/advisories/GHSA-27xj-rqx5-2255

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2320
reference_id	RHSA-2020:2320
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2320

reference_url	https://access.redhat.com/errata/RHSA-2020:2565
reference_id	RHSA-2020:2565
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2565

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://access.redhat.com/errata/RHSA-2020:3196
reference_id	RHSA-2020:3196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3196

reference_url	https://access.redhat.com/errata/RHSA-2020:3197
reference_id	RHSA-2020:3197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3197

reference_url	https://access.redhat.com/errata/RHSA-2020:3779
reference_id	RHSA-2020:3779
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3779

reference_url	https://access.redhat.com/errata/RHSA-2020:4366
reference_id	RHSA-2020:4366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4366

reference_url	https://access.redhat.com/errata/RHSA-2020:5625
reference_id	RHSA-2020:5625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5625

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1z31-s1cu-bbh4

vulnerability	VCID-89dx-2s8k-mufw

vulnerability	VCID-dd77-bpcr-zfam

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-vnh3-bvyq-13d6

vulnerability	VCID-w5gg-jtut-qkcc

vulnerability	VCID-z9uf-p9w2-57fj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

aliases CVE-2020-11619, GHSA-27xj-rqx5-2255

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-314g-t8xy-5khg

url VCID-7svn-u8ub-4faw

vulnerability_id VCID-7svn-u8ub-4faw

summary

Deserialization of Untrusted Data
FasterXML jackson-databind lacks certain `xbean-reflect/JNDI` blocking, as demonstrated by `org.apache.xbean.propertyeditor.JndiConverter`.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8840.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8840.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8840

reference_id

reference_type

scores

value	0.08109
scoring_system	epss
scoring_elements	0.92304
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8840

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/74aba4042fce35ee0b91bd2847e788c10040d78b

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/74aba4042fce35ee0b91bd2847e788c10040d78b

reference_url

https://github.com/FasterXML/jackson-databind/commit/914e7c9f2cb8ce66724bf26a72adc7e958992497

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/914e7c9f2cb8ce66724bf26a72adc7e958992497

reference_url

https://github.com/FasterXML/jackson-databind/commit/9bb52c7122271df75435ec7e66ecf6b02b1ee14f

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/9bb52c7122271df75435ec7e66ecf6b02b1ee14f

reference_url

https://github.com/FasterXML/jackson-databind/issues/2620

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2620

reference_url

https://lists.apache.org/thread.html/r078e68a926ea6be12e8404e47f45aabf04bb4668e8265c0de41db6db@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r078e68a926ea6be12e8404e47f45aabf04bb4668e8265c0de41db6db@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1c09b9551f6953dbeca190a4c4b78198cdbb9825fce36f96fe3d8218@%3Cdev.tomee.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1c09b9551f6953dbeca190a4c4b78198cdbb9825fce36f96fe3d8218@%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1efc776fc6ce3387593deaa94bbdd296733b1b01408a39c8d1ab9e0e@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1efc776fc6ce3387593deaa94bbdd296733b1b01408a39c8d1ab9e0e@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2fa8046bd47fb407ca09b5107a80fa6147ba4ebe879caae5c98b7657@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r2fa8046bd47fb407ca09b5107a80fa6147ba4ebe879caae5c98b7657@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r319f19c74e06c201b9d4e8b282a4e4b2da6dcda022fb46f007dd00d3@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r319f19c74e06c201b9d4e8b282a4e4b2da6dcda022fb46f007dd00d3@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3539bd3a377991217d724879d239e16e86001c54160076408574e1da@%3Cnotifications.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3539bd3a377991217d724879d239e16e86001c54160076408574e1da@%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3d20a2660b36551fd8257d479941782af4a7169582449fac1704bde2@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3d20a2660b36551fd8257d479941782af4a7169582449fac1704bde2@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r428d068b2a4923f1a5a4f5fc6381b95205cfe7620169d16db78e9c71@%3Cnotifications.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r428d068b2a4923f1a5a4f5fc6381b95205cfe7620169d16db78e9c71@%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r446646c5588b10f5e02409ad580b12f314869009cdfbf844ca395cec@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r446646c5588b10f5e02409ad580b12f314869009cdfbf844ca395cec@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r46bebdeb59b8b7212d63a010ca445a9f5c4e9d64dcf693cab6f399d3@%3Ccommits.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r46bebdeb59b8b7212d63a010ca445a9f5c4e9d64dcf693cab6f399d3@%3Ccommits.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r5d8bea8e9d17b6efcf4a0e4e194e91ef46a99f505777a31a60da2b38@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r5d8bea8e9d17b6efcf4a0e4e194e91ef46a99f505777a31a60da2b38@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r65ee95fa09c831843bac81eaa582fdddc2b6119912a72d1c83a9b882@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r65ee95fa09c831843bac81eaa582fdddc2b6119912a72d1c83a9b882@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6fdd4c61a09a0c89f581b4ddb3dc6f154ab0c705fcfd0a7358b2e4e5@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6fdd4c61a09a0c89f581b4ddb3dc6f154ab0c705fcfd0a7358b2e4e5@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7762d69e85c58d6948823424017ef4c08f47de077644277fa18cc116@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r7762d69e85c58d6948823424017ef4c08f47de077644277fa18cc116@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220@%3Cdev.kafka.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220@%3Cdev.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8170007fd9b263d65b37d92a7b5d7bc357aedbb113a32838bc4a9485@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8170007fd9b263d65b37d92a7b5d7bc357aedbb113a32838bc4a9485@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1@%3Cjira.kafka.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1@%3Cjira.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r94930e39b60fff236160c1c4110fe884dc093044b067aa5fc98d7ee1@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r94930e39b60fff236160c1c4110fe884dc093044b067aa5fc98d7ee1@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9e59ebaf76fd00b2fa3ff5ebf18fe075ca9f4376216612c696f76718@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9e59ebaf76fd00b2fa3ff5ebf18fe075ca9f4376216612c696f76718@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9ecf211c22760b00967ebe158c6ed7dba9142078e2a630ab8904a5b7@%3Cdev.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9ecf211c22760b00967ebe158c6ed7dba9142078e2a630ab8904a5b7@%3Cdev.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra275f29615f35d5b40106d1582a41e5388b2a5131564e9e01a572987@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra275f29615f35d5b40106d1582a41e5388b2a5131564e9e01a572987@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rac5ee5d686818be7e7c430d35108ee01a88aae54f832d32f62431fd1@%3Cnotifications.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rac5ee5d686818be7e7c430d35108ee01a88aae54f832d32f62431fd1@%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb43f9a65150948a6bebd3cb77ee3e105d40db2820fd547528f4e7f89@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb43f9a65150948a6bebd3cb77ee3e105d40db2820fd547528f4e7f89@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb5eedf90ba3633e171a2ffdfe484651c9490dc5df74c8a29244cbc0e@%3Ccommits.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb5eedf90ba3633e171a2ffdfe484651c9490dc5df74c8a29244cbc0e@%3Ccommits.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb73708bf714ed6dbc1212da082e7703e586077f0c92f3940b2e82caf@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb73708bf714ed6dbc1212da082e7703e586077f0c92f3940b2e82caf@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb99c7321eba5d4c907beec46675d52827528b738cfafd48eb4d862f1@%3Cdev.tomee.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb99c7321eba5d4c907beec46675d52827528b738cfafd48eb4d862f1@%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2@%3Cdev.tomee.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2@%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc717fd6c65190f4e592345713f9ef0723fb7d71f624caa2a17caa26a@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc717fd6c65190f4e592345713f9ef0723fb7d71f624caa2a17caa26a@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rcc72b497e3dff2dc62ec9b89ceb90bc4e1b14fc56c3c252a6fcbb013@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rcc72b497e3dff2dc62ec9b89ceb90bc4e1b14fc56c3c252a6fcbb013@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rdea588d4a0ebf9cb7ce8c3a8f18d0d306507c4f8ba178dd3d20207b8@%3Cdev.tomee.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rdea588d4a0ebf9cb7ce8c3a8f18d0d306507c4f8ba178dd3d20207b8@%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rdf311f13e6356297e0ffe74397fdd25a3687b0a16e687c3ff5b834d8@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rdf311f13e6356297e0ffe74397fdd25a3687b0a16e687c3ff5b834d8@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rdf8d389271a291dde3b2f99c36918d6cb1e796958af626cc140fee23@%3Ccommits.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rdf8d389271a291dde3b2f99c36918d6cb1e796958af626cc140fee23@%3Ccommits.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/re7326b8655eab931f2a9ce074fd9a1a51b5db11456bee9b48e1e170c@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re7326b8655eab931f2a9ce074fd9a1a51b5db11456bee9b48e1e170c@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/re8ae2670ec456ef1c5a2a661a2838ab2cd00e9efa1e88c069f546f21@%3Ccommits.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re8ae2670ec456ef1c5a2a661a2838ab2cd00e9efa1e88c069f546f21@%3Ccommits.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf28ab6f224b48452afd567dfffb705fbda0fdbbf6535f6bc69d47e91@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf28ab6f224b48452afd567dfffb705fbda0fdbbf6535f6bc69d47e91@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfc1ccfe89332155b72ce17f13a2701d3e7b9ec213324ceb90e79a28a@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfc1ccfe89332155b72ce17f13a2701d3e7b9ec213324ceb90e79a28a@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html

reference_url

https://security.netapp.com/advisory/ntap-20200327-0002

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200327-0002

reference_url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fastjason-en

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fastjason-en

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1816330
reference_id	1816330
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1816330

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-8840

reference_id

CVE-2020-8840

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8840

reference_url	https://github.com/advisories/GHSA-4w82-r329-3q67
reference_id	GHSA-4w82-r329-3q67
reference_type
scores
url	https://github.com/advisories/GHSA-4w82-r329-3q67

reference_url	https://access.redhat.com/errata/RHSA-2020:1644
reference_id	RHSA-2020:1644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1644

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2511
reference_id	RHSA-2020:2511
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2511

reference_url	https://access.redhat.com/errata/RHSA-2020:2512
reference_id	RHSA-2020:2512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2512

reference_url	https://access.redhat.com/errata/RHSA-2020:2513
reference_id	RHSA-2020:2513
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2513

reference_url	https://access.redhat.com/errata/RHSA-2020:2515
reference_id	RHSA-2020:2515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2515

reference_url	https://access.redhat.com/errata/RHSA-2020:2813
reference_id	RHSA-2020:2813
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2813

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://access.redhat.com/errata/RHSA-2020:3196
reference_id	RHSA-2020:3196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3196

reference_url	https://access.redhat.com/errata/RHSA-2020:3197
reference_id	RHSA-2020:3197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3197

reference_url	https://access.redhat.com/errata/RHSA-2020:3637
reference_id	RHSA-2020:3637
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3637

reference_url	https://access.redhat.com/errata/RHSA-2020:3638
reference_id	RHSA-2020:3638
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3638

reference_url	https://access.redhat.com/errata/RHSA-2020:3639
reference_id	RHSA-2020:3639
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3639

reference_url	https://access.redhat.com/errata/RHSA-2020:3642
reference_id	RHSA-2020:3642
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3642

reference_url	https://access.redhat.com/errata/RHSA-2020:3779
reference_id	RHSA-2020:3779
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3779

reference_url	https://access.redhat.com/errata/RHSA-2020:4366
reference_id	RHSA-2020:4366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4366

reference_url	https://access.redhat.com/errata/RHSA-2025:1746
reference_id	RHSA-2025:1746
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1746

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.3

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1z31-s1cu-bbh4

vulnerability	VCID-314g-t8xy-5khg

vulnerability	VCID-89dx-2s8k-mufw

vulnerability	VCID-c1uz-emh5-9fhe

vulnerability	VCID-crra-28kn-mqab

vulnerability	VCID-dd77-bpcr-zfam

vulnerability	VCID-gxpn-pz3c-gugf

vulnerability	VCID-q6zd-khan-9yhj

vulnerability	VCID-q7ye-13eq-vuhy

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-rsg7-5tup-4bd1

vulnerability	VCID-ujnp-2f3v-s3h3

vulnerability	VCID-vnh3-bvyq-13d6

vulnerability	VCID-w5gg-jtut-qkcc

vulnerability	VCID-y3uj-myy6-kbha

vulnerability	VCID-z9uf-p9w2-57fj

vulnerability	VCID-zbfc-s76k-gfgv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.3

aliases CVE-2020-8840, GHSA-4w82-r329-3q67

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7svn-u8ub-4faw

url VCID-89dx-2s8k-mufw

vulnerability_id VCID-89dx-2s8k-mufw

summary

Deserialization of untrusted data in Jackson Databind
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14062.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14062.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-14062

reference_id

reference_type

scores

value	0.09872
scoring_system	epss
scoring_elements	0.93135
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-14062

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/840eae2ca81c597a0010b2126f32dce17d384b70

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/840eae2ca81c597a0010b2126f32dce17d384b70

reference_url

https://github.com/FasterXML/jackson-databind/commit/99001cdb6807b5c7b170ec6a9092ecbb618ae79c

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/99001cdb6807b5c7b170ec6a9092ecbb618ae79c

reference_url

https://github.com/FasterXML/jackson-databind/issues/2704

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2704

reference_url

https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html

reference_url

https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

https://security.netapp.com/advisory/ntap-20200702-0003

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200702-0003

reference_url

https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1848962
reference_id	1848962
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1848962

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-14062

reference_id

CVE-2020-14062

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-14062

reference_url	https://github.com/advisories/GHSA-c265-37vj-cwcc
reference_id	GHSA-c265-37vj-cwcc
reference_type
scores
url	https://github.com/advisories/GHSA-c265-37vj-cwcc

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://access.redhat.com/errata/RHSA-2020:3196
reference_id	RHSA-2020:3196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3196

reference_url	https://access.redhat.com/errata/RHSA-2020:3197
reference_id	RHSA-2020:3197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3197

reference_url	https://access.redhat.com/errata/RHSA-2020:4366
reference_id	RHSA-2020:4366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4366

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1z31-s1cu-bbh4

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-vnh3-bvyq-13d6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.5

aliases CVE-2020-14062, GHSA-c265-37vj-cwcc

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-89dx-2s8k-mufw

url VCID-c1uz-emh5-9fhe

vulnerability_id VCID-c1uz-emh5-9fhe

summary

Deserialization of Untrusted Data
FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing, related to `org.apache.activemq.*`.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11111.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11111.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-11111

reference_id

reference_type

scores

value	0.02082
scoring_system	epss
scoring_elements	0.84303
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-11111

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2664

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2664

reference_url

https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html

reference_url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

https://security.netapp.com/advisory/ntap-20200403-0002

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200403-0002

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1821304
reference_id	1821304
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1821304

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-11111

reference_id

CVE-2020-11111

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-11111

reference_url	https://access.redhat.com/errata/RHSA-2020:1523
reference_id	RHSA-2020:1523
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1523

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2333
reference_id	RHSA-2020:2333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2333

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://access.redhat.com/errata/RHSA-2020:3196
reference_id	RHSA-2020:3196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3196

reference_url	https://access.redhat.com/errata/RHSA-2020:3197
reference_id	RHSA-2020:3197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3197

reference_url	https://access.redhat.com/errata/RHSA-2020:3779
reference_id	RHSA-2020:3779
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3779

reference_url	https://access.redhat.com/errata/RHSA-2020:5625
reference_id	RHSA-2020:5625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5625

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1z31-s1cu-bbh4

vulnerability	VCID-89dx-2s8k-mufw

vulnerability	VCID-dd77-bpcr-zfam

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-vnh3-bvyq-13d6

vulnerability	VCID-w5gg-jtut-qkcc

vulnerability	VCID-z9uf-p9w2-57fj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

aliases CVE-2020-11111, GHSA-v3xw-c963-f5hc

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c1uz-emh5-9fhe

url VCID-crra-28kn-mqab

vulnerability_id VCID-crra-28kn-mqab

summary

jackson-databind mishandles the interaction between serialization gadgets and typing
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9546.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9546.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-9546

reference_id

reference_type

scores

value	0.0239
scoring_system	epss
scoring_elements	0.85309
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-9546

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2631

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2631

reference_url

https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html

reference_url

https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

https://security.netapp.com/advisory/ntap-20200904-0006

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200904-0006

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1816332
reference_id	1816332
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1816332

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-9546

reference_id

CVE-2020-9546

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-9546

reference_url	https://github.com/advisories/GHSA-5p34-5m6p-p58g
reference_id	GHSA-5p34-5m6p-p58g
reference_type
scores
url	https://github.com/advisories/GHSA-5p34-5m6p-p58g

reference_url	https://access.redhat.com/errata/RHSA-2020:1644
reference_id	RHSA-2020:1644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1644

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2511
reference_id	RHSA-2020:2511
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2511

reference_url	https://access.redhat.com/errata/RHSA-2020:2512
reference_id	RHSA-2020:2512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2512

reference_url	https://access.redhat.com/errata/RHSA-2020:2513
reference_id	RHSA-2020:2513
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2513

reference_url	https://access.redhat.com/errata/RHSA-2020:2515
reference_id	RHSA-2020:2515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2515

reference_url	https://access.redhat.com/errata/RHSA-2020:2813
reference_id	RHSA-2020:2813
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2813

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://access.redhat.com/errata/RHSA-2020:3196
reference_id	RHSA-2020:3196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3196

reference_url	https://access.redhat.com/errata/RHSA-2020:3197
reference_id	RHSA-2020:3197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3197

reference_url	https://access.redhat.com/errata/RHSA-2020:3637
reference_id	RHSA-2020:3637
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3637

reference_url	https://access.redhat.com/errata/RHSA-2020:3638
reference_id	RHSA-2020:3638
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3638

reference_url	https://access.redhat.com/errata/RHSA-2020:3639
reference_id	RHSA-2020:3639
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3639

reference_url	https://access.redhat.com/errata/RHSA-2020:3642
reference_id	RHSA-2020:3642
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3642

reference_url	https://access.redhat.com/errata/RHSA-2020:3779
reference_id	RHSA-2020:3779
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3779

reference_url	https://access.redhat.com/errata/RHSA-2020:4366
reference_id	RHSA-2020:4366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4366

reference_url	https://access.redhat.com/errata/RHSA-2025:1746
reference_id	RHSA-2025:1746
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1746

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1z31-s1cu-bbh4

vulnerability	VCID-89dx-2s8k-mufw

vulnerability	VCID-dd77-bpcr-zfam

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-vnh3-bvyq-13d6

vulnerability	VCID-w5gg-jtut-qkcc

vulnerability	VCID-z9uf-p9w2-57fj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

aliases CVE-2020-9546, GHSA-5p34-5m6p-p58g

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-crra-28kn-mqab

url VCID-dd77-bpcr-zfam

vulnerability_id VCID-dd77-bpcr-zfam

summary

Deserialization of untrusted data in Jackson Databind
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14195.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14195.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-14195

reference_id

reference_type

scores

value	0.09286
scoring_system	epss
scoring_elements	0.92895
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-14195

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88

reference_url

https://github.com/FasterXML/jackson-databind/commit/f6d9c664f6d481703138319f6a0f1fdbddb3a259

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/f6d9c664f6d481703138319f6a0f1fdbddb3a259

reference_url

https://github.com/FasterXML/jackson-databind/issues/2765

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2765

reference_url

https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html

reference_url

https://security.netapp.com/advisory/ntap-20200702-0003

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200702-0003

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1848958
reference_id	1848958
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1848958

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-14195

reference_id

CVE-2020-14195

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-14195

reference_url	https://github.com/advisories/GHSA-mc6h-4qgp-37qh
reference_id	GHSA-mc6h-4qgp-37qh
reference_type
scores
url	https://github.com/advisories/GHSA-mc6h-4qgp-37qh

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://access.redhat.com/errata/RHSA-2020:4366
reference_id	RHSA-2020:4366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4366

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1z31-s1cu-bbh4

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-vnh3-bvyq-13d6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.5

aliases CVE-2020-14195, GHSA-mc6h-4qgp-37qh

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dd77-bpcr-zfam

url VCID-gxpn-pz3c-gugf

vulnerability_id VCID-gxpn-pz3c-gugf

summary

jackson-databind mishandles the interaction between serialization gadgets and typing
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11113.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11113.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-11113

reference_id

reference_type

scores

value	0.60714
scoring_system	epss
scoring_elements	0.98319
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-11113

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88

reference_url

https://github.com/FasterXML/jackson-databind/commit/e2ba12d5d60715d95105e3e790fc234cfb59893d

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/e2ba12d5d60715d95105e3e790fc234cfb59893d

reference_url

https://github.com/FasterXML/jackson-databind/issues/2670

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2670

reference_url

https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html

reference_url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

https://security.netapp.com/advisory/ntap-20200403-0002

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200403-0002

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1821315
reference_id	1821315
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1821315

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-11113

reference_id

CVE-2020-11113

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-11113

reference_url	https://github.com/advisories/GHSA-9vvp-fxw6-jcxr
reference_id	GHSA-9vvp-fxw6-jcxr
reference_type
scores
url	https://github.com/advisories/GHSA-9vvp-fxw6-jcxr

reference_url	https://access.redhat.com/errata/RHSA-2020:1523
reference_id	RHSA-2020:1523
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1523

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2333
reference_id	RHSA-2020:2333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2333

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://access.redhat.com/errata/RHSA-2020:3196
reference_id	RHSA-2020:3196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3196

reference_url	https://access.redhat.com/errata/RHSA-2020:3197
reference_id	RHSA-2020:3197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3197

reference_url	https://access.redhat.com/errata/RHSA-2020:3779
reference_id	RHSA-2020:3779
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3779

reference_url	https://access.redhat.com/errata/RHSA-2020:3817
reference_id	RHSA-2020:3817
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3817

reference_url	https://access.redhat.com/errata/RHSA-2020:5625
reference_id	RHSA-2020:5625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5625

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1z31-s1cu-bbh4

vulnerability	VCID-89dx-2s8k-mufw

vulnerability	VCID-dd77-bpcr-zfam

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-vnh3-bvyq-13d6

vulnerability	VCID-w5gg-jtut-qkcc

vulnerability	VCID-z9uf-p9w2-57fj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

aliases CVE-2020-11113, GHSA-9vvp-fxw6-jcxr

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gxpn-pz3c-gugf

url VCID-q6zd-khan-9yhj

vulnerability_id VCID-q6zd-khan-9yhj

summary

jackson-databind mishandles the interaction between serialization gadgets and typing
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10968.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10968.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10968

reference_id

reference_type

scores

value	0.03824
scoring_system	epss
scoring_elements	0.88342
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10968

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/05d7e0e13f43e12db6a51726df12c8b4d8040676

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/05d7e0e13f43e12db6a51726df12c8b4d8040676

reference_url

https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88

reference_url

https://github.com/FasterXML/jackson-databind/issues/2662

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2662

reference_url

https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html

reference_url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

https://security.netapp.com/advisory/ntap-20200403-0002

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200403-0002

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1819208
reference_id	1819208
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1819208

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10968

reference_id

CVE-2020-10968

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10968

reference_url	https://github.com/advisories/GHSA-rf6r-2c4q-2vwg
reference_id	GHSA-rf6r-2c4q-2vwg
reference_type
scores
url	https://github.com/advisories/GHSA-rf6r-2c4q-2vwg

reference_url	https://access.redhat.com/errata/RHSA-2020:1523
reference_id	RHSA-2020:1523
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1523

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2333
reference_id	RHSA-2020:2333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2333

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://access.redhat.com/errata/RHSA-2020:3196
reference_id	RHSA-2020:3196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3196

reference_url	https://access.redhat.com/errata/RHSA-2020:3197
reference_id	RHSA-2020:3197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3197

reference_url	https://access.redhat.com/errata/RHSA-2020:3779
reference_id	RHSA-2020:3779
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3779

reference_url	https://access.redhat.com/errata/RHSA-2020:4366
reference_id	RHSA-2020:4366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4366

reference_url	https://access.redhat.com/errata/RHSA-2020:5625
reference_id	RHSA-2020:5625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5625

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1z31-s1cu-bbh4

vulnerability	VCID-89dx-2s8k-mufw

vulnerability	VCID-dd77-bpcr-zfam

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-vnh3-bvyq-13d6

vulnerability	VCID-w5gg-jtut-qkcc

vulnerability	VCID-z9uf-p9w2-57fj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

aliases CVE-2020-10968, GHSA-rf6r-2c4q-2vwg

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q6zd-khan-9yhj

url VCID-q7ye-13eq-vuhy

vulnerability_id VCID-q7ye-13eq-vuhy

summary

jackson-databind mishandles the interaction between serialization gadgets and typing
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10672.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10672.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10672

reference_id

reference_type

scores

value	0.39493
scoring_system	epss
scoring_elements	0.97379
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10672

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88

reference_url

https://github.com/FasterXML/jackson-databind/commit/592872f4235c7f2a3280725278da55544032f72d

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/592872f4235c7f2a3280725278da55544032f72d

reference_url

https://github.com/FasterXML/jackson-databind/issues/2659

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2659

reference_url

https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html

reference_url

https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

https://security.netapp.com/advisory/ntap-20200403-0002

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200403-0002

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1815495
reference_id	1815495
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1815495

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10672

reference_id

CVE-2020-10672

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10672

reference_url	https://github.com/advisories/GHSA-95cm-88f5-f2c7
reference_id	GHSA-95cm-88f5-f2c7
reference_type
scores
url	https://github.com/advisories/GHSA-95cm-88f5-f2c7

reference_url	https://access.redhat.com/errata/RHSA-2020:1644
reference_id	RHSA-2020:1644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1644

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2333
reference_id	RHSA-2020:2333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2333

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://access.redhat.com/errata/RHSA-2020:3196
reference_id	RHSA-2020:3196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3196

reference_url	https://access.redhat.com/errata/RHSA-2020:3197
reference_id	RHSA-2020:3197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3197

reference_url	https://access.redhat.com/errata/RHSA-2020:3461
reference_id	RHSA-2020:3461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3461

reference_url	https://access.redhat.com/errata/RHSA-2020:3462
reference_id	RHSA-2020:3462
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3462

reference_url	https://access.redhat.com/errata/RHSA-2020:3463
reference_id	RHSA-2020:3463
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3463

reference_url	https://access.redhat.com/errata/RHSA-2020:3464
reference_id	RHSA-2020:3464
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3464

reference_url	https://access.redhat.com/errata/RHSA-2020:3501
reference_id	RHSA-2020:3501
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3501

reference_url	https://access.redhat.com/errata/RHSA-2020:3637
reference_id	RHSA-2020:3637
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3637

reference_url	https://access.redhat.com/errata/RHSA-2020:3638
reference_id	RHSA-2020:3638
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3638

reference_url	https://access.redhat.com/errata/RHSA-2020:3639
reference_id	RHSA-2020:3639
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3639

reference_url	https://access.redhat.com/errata/RHSA-2020:3642
reference_id	RHSA-2020:3642
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3642

reference_url	https://access.redhat.com/errata/RHSA-2020:3779
reference_id	RHSA-2020:3779
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3779

reference_url	https://access.redhat.com/errata/RHSA-2025:1746
reference_id	RHSA-2025:1746
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1746

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1z31-s1cu-bbh4

vulnerability	VCID-89dx-2s8k-mufw

vulnerability	VCID-dd77-bpcr-zfam

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-vnh3-bvyq-13d6

vulnerability	VCID-w5gg-jtut-qkcc

vulnerability	VCID-z9uf-p9w2-57fj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

aliases CVE-2020-10672, GHSA-95cm-88f5-f2c7

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q7ye-13eq-vuhy

url VCID-qx3m-tcqj-ukc2

vulnerability_id VCID-qx3m-tcqj-ukc2

summary

Improper Control of Dynamically-Managed Code Resources
FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing, related to `org.apache.commons.dbcp2.datasources.SharedPoolDataSource.`

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35491.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35491.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35491

reference_id

reference_type

scores

value	0.06186
scoring_system	epss
scoring_elements	0.91007
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35491

reference_url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d

reference_url

https://github.com/FasterXML/jackson-databind/issues/2986

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2986

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20210122-0005

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210122-0005

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1909269
reference_id	1909269
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1909269

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-35491

reference_id

CVE-2020-35491

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-35491

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

fixed_packages

url	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8

aliases CVE-2020-35491, GHSA-r3gr-cxrf-hg25

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qx3m-tcqj-ukc2

url VCID-rfqz-nf3z-v3a3

vulnerability_id VCID-rfqz-nf3z-v3a3

summary

Deserialization of Untrusted Data
FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource`.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36187.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36187.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36187

reference_id

reference_type

scores

value	0.02335
scoring_system	epss
scoring_elements	0.85137
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36187

reference_url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1

reference_url

https://github.com/FasterXML/jackson-databind/issues/2997

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2997

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1913933
reference_id	1913933
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1913933

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-36187

reference_id

CVE-2020-36187

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-36187

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

fixed_packages

url	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8

aliases CVE-2020-36187, GHSA-r695-7vr9-jgc2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rfqz-nf3z-v3a3

url VCID-rsg7-5tup-4bd1

vulnerability_id VCID-rsg7-5tup-4bd1

summary

Deserialization of Untrusted Data
FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing, related to `org.apache.commons.proxy.provider.remoting.RmiProvider`.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11112.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11112.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-11112

reference_id

reference_type

scores

value	0.06772
scoring_system	epss
scoring_elements	0.91464
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-11112

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2666

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2666

reference_url

https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html

reference_url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

https://security.netapp.com/advisory/ntap-20200403-0002

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200403-0002

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1821311
reference_id	1821311
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1821311

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-11112

reference_id

CVE-2020-11112

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-11112

reference_url	https://access.redhat.com/errata/RHSA-2020:1523
reference_id	RHSA-2020:1523
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1523

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2333
reference_id	RHSA-2020:2333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2333

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://access.redhat.com/errata/RHSA-2020:3196
reference_id	RHSA-2020:3196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3196

reference_url	https://access.redhat.com/errata/RHSA-2020:3197
reference_id	RHSA-2020:3197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3197

reference_url	https://access.redhat.com/errata/RHSA-2020:3779
reference_id	RHSA-2020:3779
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3779

reference_url	https://access.redhat.com/errata/RHSA-2020:5625
reference_id	RHSA-2020:5625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5625

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1z31-s1cu-bbh4

vulnerability	VCID-89dx-2s8k-mufw

vulnerability	VCID-dd77-bpcr-zfam

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-vnh3-bvyq-13d6

vulnerability	VCID-w5gg-jtut-qkcc

vulnerability	VCID-z9uf-p9w2-57fj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

aliases CVE-2020-11112, GHSA-58pp-9c76-5625

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rsg7-5tup-4bd1

url VCID-ujnp-2f3v-s3h3

vulnerability_id VCID-ujnp-2f3v-s3h3

summary

Deserialization of Untrusted Data
FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing, related to `com.caucho.config.types.ResourceRef`.`

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10673.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10673.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10673

reference_id

reference_type

scores

value	0.20898
scoring_system	epss
scoring_elements	0.95733
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10673

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/1645efbd392989cf015f459a91c999e59c921b15

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/1645efbd392989cf015f459a91c999e59c921b15

reference_url

https://github.com/FasterXML/jackson-databind/issues/2660

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2660

reference_url

https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html

reference_url

https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

https://security.netapp.com/advisory/ntap-20200403-0002

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200403-0002

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1815470
reference_id	1815470
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1815470

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10673

reference_id

CVE-2020-10673

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10673

reference_url	https://access.redhat.com/errata/RHSA-2020:1644
reference_id	RHSA-2020:1644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1644

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://access.redhat.com/errata/RHSA-2020:3196
reference_id	RHSA-2020:3196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3196

reference_url	https://access.redhat.com/errata/RHSA-2020:3197
reference_id	RHSA-2020:3197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3197

reference_url	https://access.redhat.com/errata/RHSA-2020:3461
reference_id	RHSA-2020:3461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3461

reference_url	https://access.redhat.com/errata/RHSA-2020:3462
reference_id	RHSA-2020:3462
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3462

reference_url	https://access.redhat.com/errata/RHSA-2020:3463
reference_id	RHSA-2020:3463
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3463

reference_url	https://access.redhat.com/errata/RHSA-2020:3464
reference_id	RHSA-2020:3464
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3464

reference_url	https://access.redhat.com/errata/RHSA-2020:3501
reference_id	RHSA-2020:3501
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3501

reference_url	https://access.redhat.com/errata/RHSA-2020:3585
reference_id	RHSA-2020:3585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3585

reference_url	https://access.redhat.com/errata/RHSA-2020:3637
reference_id	RHSA-2020:3637
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3637

reference_url	https://access.redhat.com/errata/RHSA-2020:3638
reference_id	RHSA-2020:3638
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3638

reference_url	https://access.redhat.com/errata/RHSA-2020:3639
reference_id	RHSA-2020:3639
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3639

reference_url	https://access.redhat.com/errata/RHSA-2020:3642
reference_id	RHSA-2020:3642
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3642

reference_url	https://access.redhat.com/errata/RHSA-2020:3779
reference_id	RHSA-2020:3779
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3779

reference_url	https://access.redhat.com/errata/RHSA-2025:1746
reference_id	RHSA-2025:1746
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1746

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1z31-s1cu-bbh4

vulnerability	VCID-89dx-2s8k-mufw

vulnerability	VCID-dd77-bpcr-zfam

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-vnh3-bvyq-13d6

vulnerability	VCID-w5gg-jtut-qkcc

vulnerability	VCID-z9uf-p9w2-57fj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

aliases CVE-2020-10673, GHSA-fqwf-pjwf-7vqv

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ujnp-2f3v-s3h3

url VCID-uzry-ts4t-fbc8

vulnerability_id VCID-uzry-ts4t-fbc8

summary

Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20330.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20330.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-20330

reference_id

reference_type

scores

value	0.01914
scoring_system	epss
scoring_elements	0.83637
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-20330

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/eb254813cc822d0af015ce8fe05febf50721dc53

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/eb254813cc822d0af015ce8fe05febf50721dc53

reference_url

https://github.com/FasterXML/jackson-databind/commit/fc4214a883dc087070f25da738ef0d49c2f3387e

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/fc4214a883dc087070f25da738ef0d49c2f3387e

reference_url

https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2

reference_url

https://github.com/FasterXML/jackson-databind/issues/2526

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2526

reference_url

https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d@%3Cdev.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d@%3Cdev.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2c77dd6ab8344285bd8e481b57cf3029965a4b0036eefccef74cdd44@%3Cnotifications.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r2c77dd6ab8344285bd8e481b57cf3029965a4b0036eefccef74cdd44@%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3f8180d0d25a7c6473ebb9714b0c1d19a73f455ae70d0c5fefc17e6c@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3f8180d0d25a7c6473ebb9714b0c1d19a73f455ae70d0c5fefc17e6c@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r428735963bee7cb99877b88d3228e28ec28af64646455c4f3e7a3c94@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r428735963bee7cb99877b88d3228e28ec28af64646455c4f3e7a3c94@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r50f513772f12e1babf65c7c2b9c16425bac2d945351879e2e267517f@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r50f513772f12e1babf65c7c2b9c16425bac2d945351879e2e267517f@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r5c14fdcabdeaba258857bcb67198652e4dce1d33ddc590cd81d82393@%3Cdev.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r5c14fdcabdeaba258857bcb67198652e4dce1d33ddc590cd81d82393@%3Cdev.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7efbe7d04625425b3@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7efbe7d04625425b3@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r5d3d10fdf28110da3f9ac1b7d08d7e252f98d7d37ce0a6bd139a2e4f@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r5d3d10fdf28110da3f9ac1b7d08d7e252f98d7d37ce0a6bd139a2e4f@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r67f4d4c48197454b83d62afbed8bebbda3764e6e3a6e26a848961764@%3Ccommits.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r67f4d4c48197454b83d62afbed8bebbda3764e6e3a6e26a848961764@%3Ccommits.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r707d23bb9ee245f50aa909add0da6e8d8f24719b1278ddd99d2428b2@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r707d23bb9ee245f50aa909add0da6e8d8f24719b1278ddd99d2428b2@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7a0821b44247a1e6c6fe5f2943b90ebc4f80a8d1fb0aa9a8b29a59a2@%3Ccommits.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r7a0821b44247a1e6c6fe5f2943b90ebc4f80a8d1fb0aa9a8b29a59a2@%3Ccommits.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7fb123e7dad49af5886cfec7135c0fd5b74e4c67af029e1dc91ba744@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r7fb123e7dad49af5886cfec7135c0fd5b74e4c67af029e1dc91ba744@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8831b7fa5ca87a1cf23ee08d6dedb7877a964c1d2bd869af24056a63@%3Ccommits.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8831b7fa5ca87a1cf23ee08d6dedb7877a964c1d2bd869af24056a63@%3Ccommits.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r909c822409a276ba04dc2ae31179b16f6864ba02c4f9911bdffebf95@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r909c822409a276ba04dc2ae31179b16f6864ba02c4f9911bdffebf95@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra2e572f568de8df5ba151e6aebb225a0629faaf0476bf7c7ed877af8@%3Cnotifications.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra2e572f568de8df5ba151e6aebb225a0629faaf0476bf7c7ed877af8@%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra5ce96faec37c26b0aa15b4b6a8b1cbb145a748653e56ae83e9685d0@%3Cnotifications.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra5ce96faec37c26b0aa15b4b6a8b1cbb145a748653e56ae83e9685d0@%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra8a80dbc7319916946397823aec0d893d24713cbf7b5aee0e957298c@%3Cdev.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra8a80dbc7319916946397823aec0d893d24713cbf7b5aee0e957298c@%3Cdev.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb532fed78d031fff477fd840b81946f6d1200f93a63698dae65aa528@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb532fed78d031fff477fd840b81946f6d1200f93a63698dae65aa528@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd1f346227e11fc515914f3a7b20d81543e51e5822ba71baa0452634a@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd1f346227e11fc515914f3a7b20d81543e51e5822ba71baa0452634a@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd49cfa41bbb71ef33b53736a6af2aa8ba88c2106e30f2a34902a87d2@%3Cnotifications.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd49cfa41bbb71ef33b53736a6af2aa8ba88c2106e30f2a34902a87d2@%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd6c6fef14944f3dcfb58d35f9317eb1c32a700e86c1b5231e45d3d0b@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd6c6fef14944f3dcfb58d35f9317eb1c32a700e86c1b5231e45d3d0b@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfa57d9c2a27d3af14c69607fb1a3da00e758b2092aa88eb6a51b6e99@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfa57d9c2a27d3af14c69607fb1a3da00e758b2092aa88eb6a51b6e99@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html

reference_url

https://security.netapp.com/advisory/ntap-20200127-0004

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200127-0004

reference_url	https://security.netapp.com/advisory/ntap-20200127-0004/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200127-0004/

reference_url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1793154
reference_id	1793154
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1793154

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-20330

reference_id

CVE-2019-20330

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-20330

reference_url	https://github.com/advisories/GHSA-gww7-p5w4-wrfv
reference_id	GHSA-gww7-p5w4-wrfv
reference_type
scores
url	https://github.com/advisories/GHSA-gww7-p5w4-wrfv

reference_url	https://access.redhat.com/errata/RHSA-2020:0939
reference_id	RHSA-2020:0939
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0939

reference_url	https://access.redhat.com/errata/RHSA-2020:0951
reference_id	RHSA-2020:0951
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0951

reference_url	https://access.redhat.com/errata/RHSA-2020:1644
reference_id	RHSA-2020:1644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1644

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2333
reference_id	RHSA-2020:2333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2333

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://access.redhat.com/errata/RHSA-2020:3196
reference_id	RHSA-2020:3196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3196

reference_url	https://access.redhat.com/errata/RHSA-2020:3197
reference_id	RHSA-2020:3197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3197

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.2

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1z31-s1cu-bbh4

vulnerability	VCID-314g-t8xy-5khg

vulnerability	VCID-7svn-u8ub-4faw

vulnerability	VCID-89dx-2s8k-mufw

vulnerability	VCID-c1uz-emh5-9fhe

vulnerability	VCID-crra-28kn-mqab

vulnerability	VCID-dd77-bpcr-zfam

vulnerability	VCID-gxpn-pz3c-gugf

vulnerability	VCID-q6zd-khan-9yhj

vulnerability	VCID-q7ye-13eq-vuhy

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-rsg7-5tup-4bd1

vulnerability	VCID-ujnp-2f3v-s3h3

vulnerability	VCID-vnh3-bvyq-13d6

vulnerability	VCID-w5gg-jtut-qkcc

vulnerability	VCID-y3uj-myy6-kbha

vulnerability	VCID-z9uf-p9w2-57fj

vulnerability	VCID-zbfc-s76k-gfgv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.2

aliases CVE-2019-20330, GHSA-gww7-p5w4-wrfv

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uzry-ts4t-fbc8

url VCID-vnh3-bvyq-13d6

vulnerability_id VCID-vnh3-bvyq-13d6

summary

Deserialization of Untrusted Data
FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing, related to `org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.`

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35490.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35490.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35490

reference_id

reference_type

scores

value	0.04249
scoring_system	epss
scoring_elements	0.88986
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35490

reference_url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d

reference_url

https://github.com/FasterXML/jackson-databind/issues/2986

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2986

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20210122-0005

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210122-0005

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1909266
reference_id	1909266
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1909266

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-35490

reference_id

CVE-2020-35490

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-35490

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

fixed_packages

url	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8

aliases CVE-2020-35490, GHSA-wh8g-3j2c-rqj5

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vnh3-bvyq-13d6

url VCID-w5gg-jtut-qkcc

vulnerability_id VCID-w5gg-jtut-qkcc

summary

Deserialization of untrusted data in Jackson Databind
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14060.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14060.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-14060

reference_id

reference_type

scores

value	0.08934
scoring_system	epss
scoring_elements	0.92736
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-14060

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88

reference_url

https://github.com/FasterXML/jackson-databind/commit/ac7232e3f9004bdb4f11dcb5bc6c1fadf074f5f7

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/ac7232e3f9004bdb4f11dcb5bc6c1fadf074f5f7

reference_url

https://github.com/FasterXML/jackson-databind/commit/d1c67a0396e84c08d0558fbb843b5bd1f26e1921

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/d1c67a0396e84c08d0558fbb843b5bd1f26e1921

reference_url

https://github.com/FasterXML/jackson-databind/issues/2688

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2688

reference_url

https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html

reference_url

https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

https://security.netapp.com/advisory/ntap-20200702-0003

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200702-0003

reference_url

https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572314

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572314

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1848960
reference_id	1848960
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1848960

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-14060

reference_id

CVE-2020-14060

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-14060

reference_url	https://github.com/advisories/GHSA-j823-4qch-3rgm
reference_id	GHSA-j823-4qch-3rgm
reference_type
scores
url	https://github.com/advisories/GHSA-j823-4qch-3rgm

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://access.redhat.com/errata/RHSA-2020:3196
reference_id	RHSA-2020:3196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3196

reference_url	https://access.redhat.com/errata/RHSA-2020:3197
reference_id	RHSA-2020:3197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3197

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1z31-s1cu-bbh4

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-vnh3-bvyq-13d6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.5

aliases CVE-2020-14060, GHSA-j823-4qch-3rgm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w5gg-jtut-qkcc

url VCID-y3uj-myy6-kbha

vulnerability_id VCID-y3uj-myy6-kbha

summary

jackson-databind mishandles the interaction between serialization gadgets and typing
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11620.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11620.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-11620

reference_id

reference_type

scores

value	0.02182
scoring_system	epss
scoring_elements	0.84669
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-11620

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88

reference_url

https://github.com/FasterXML/jackson-databind/commit/77040d85e3eb6710508e6445640ae1a3d5e60c22

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/77040d85e3eb6710508e6445640ae1a3d5e60c22

reference_url

https://github.com/FasterXML/jackson-databind/issues/2682

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2682

reference_url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html

reference_url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

https://security.netapp.com/advisory/ntap-20200511-0004

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200511-0004

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1826798
reference_id	1826798
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1826798

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-11620

reference_id

CVE-2020-11620

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-11620

reference_url	https://github.com/advisories/GHSA-h4rc-386g-6m85
reference_id	GHSA-h4rc-386g-6m85
reference_type
scores
url	https://github.com/advisories/GHSA-h4rc-386g-6m85

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2320
reference_id	RHSA-2020:2320
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2320

reference_url	https://access.redhat.com/errata/RHSA-2020:2565
reference_id	RHSA-2020:2565
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2565

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://access.redhat.com/errata/RHSA-2020:3196
reference_id	RHSA-2020:3196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3196

reference_url	https://access.redhat.com/errata/RHSA-2020:3197
reference_id	RHSA-2020:3197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3197

reference_url	https://access.redhat.com/errata/RHSA-2020:3779
reference_id	RHSA-2020:3779
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3779

reference_url	https://access.redhat.com/errata/RHSA-2020:5625
reference_id	RHSA-2020:5625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5625

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1z31-s1cu-bbh4

vulnerability	VCID-89dx-2s8k-mufw

vulnerability	VCID-dd77-bpcr-zfam

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-vnh3-bvyq-13d6

vulnerability	VCID-w5gg-jtut-qkcc

vulnerability	VCID-z9uf-p9w2-57fj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

aliases CVE-2020-11620, GHSA-h4rc-386g-6m85

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y3uj-myy6-kbha

url VCID-z9uf-p9w2-57fj

vulnerability_id VCID-z9uf-p9w2-57fj

summary

Deserialization of Untrusted Data
FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14061.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14061.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-14061

reference_id

reference_type

scores

value	0.06308
scoring_system	epss
scoring_elements	0.91113
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-14061

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/5c8642aeae9c756b438ab7637c90ef3c77966e6e

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/5c8642aeae9c756b438ab7637c90ef3c77966e6e

reference_url

https://github.com/FasterXML/jackson-databind/issues/2698

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2698

reference_url

https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html

reference_url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

https://security.netapp.com/advisory/ntap-20200702-0003

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200702-0003

reference_url

https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1848966
reference_id	1848966
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1848966

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-14061

reference_id

CVE-2020-14061

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-14061

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://access.redhat.com/errata/RHSA-2020:3196
reference_id	RHSA-2020:3196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3196

reference_url	https://access.redhat.com/errata/RHSA-2020:3197
reference_id	RHSA-2020:3197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3197

reference_url	https://access.redhat.com/errata/RHSA-2020:4366
reference_id	RHSA-2020:4366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4366

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1z31-s1cu-bbh4

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-vnh3-bvyq-13d6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.5

aliases CVE-2020-14061, GHSA-c2q3-4qrh-fm48

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z9uf-p9w2-57fj

url VCID-zbfc-s76k-gfgv

vulnerability_id VCID-zbfc-s76k-gfgv

summary

jackson-databind mishandles the interaction between serialization gadgets and typing
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10969.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10969.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10969

reference_id

reference_type

scores

value	0.01035
scoring_system	epss
scoring_elements	0.77726
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10969

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/6ba48457984943df0de92c54144f7dcae01b1221

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/6ba48457984943df0de92c54144f7dcae01b1221

reference_url

https://github.com/FasterXML/jackson-databind/issues/2642

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2642

reference_url

https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html

reference_url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

https://security.netapp.com/advisory/ntap-20200403-0002

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200403-0002

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1819212
reference_id	1819212
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1819212

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10969

reference_id

CVE-2020-10969

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10969

reference_url	https://github.com/advisories/GHSA-758m-v56v-grj4
reference_id	GHSA-758m-v56v-grj4
reference_type
scores
url	https://github.com/advisories/GHSA-758m-v56v-grj4

reference_url	https://access.redhat.com/errata/RHSA-2020:1523
reference_id	RHSA-2020:1523
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1523

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2333
reference_id	RHSA-2020:2333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2333

reference_url	https://access.redhat.com/errata/RHSA-2020:2813
reference_id	RHSA-2020:2813
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2813

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://access.redhat.com/errata/RHSA-2020:3196
reference_id	RHSA-2020:3196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3196

reference_url	https://access.redhat.com/errata/RHSA-2020:3197
reference_id	RHSA-2020:3197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3197

reference_url	https://access.redhat.com/errata/RHSA-2020:3779
reference_id	RHSA-2020:3779
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3779

reference_url	https://access.redhat.com/errata/RHSA-2020:4366
reference_id	RHSA-2020:4366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4366

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1z31-s1cu-bbh4

vulnerability	VCID-89dx-2s8k-mufw

vulnerability	VCID-dd77-bpcr-zfam

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-vnh3-bvyq-13d6

vulnerability	VCID-w5gg-jtut-qkcc

vulnerability	VCID-z9uf-p9w2-57fj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

aliases CVE-2020-10969, GHSA-758m-v56v-grj4

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zbfc-s76k-gfgv

Fixing_vulnerabilities

url VCID-1uan-q6u8-affj

vulnerability_id VCID-1uan-q6u8-affj

summary

Improper Input Validation
A Polymorphic Typing issue was discovered in FasterXML jackson-databind. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the `commons-dbcp` jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of `org.apache.commons.dbcp.datasources.SharedPoolDataSource` and `org.apache.commons.dbcp.datasources.PerUserPoolDataSource` mishandling.

references

reference_url

https://access.redhat.com/errata/RHSA-2019:3901

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:3901

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16942.json

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16942.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-16942

reference_id

reference_type

scores

value	0.00426
scoring_system	epss
scoring_elements	0.62609
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-16942

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/328a0f833daf6baa443ac3b37c818a0204714b0b

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/328a0f833daf6baa443ac3b37c818a0204714b0b

reference_url

https://github.com/FasterXML/jackson-databind/commit/54aa38d87dcffa5ccc23e64922e9536c82c1b9c8

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/54aa38d87dcffa5ccc23e64922e9536c82c1b9c8

reference_url

https://github.com/FasterXML/jackson-databind/commit/9593e16cf5a3d289a9c584f7123639655de9ddac

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/9593e16cf5a3d289a9c584f7123639655de9ddac

reference_url

https://github.com/FasterXML/jackson-databind/commit/bc67eb11a7cf57561f861ff16f879f1fceb5779f

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/bc67eb11a7cf57561f861ff16f879f1fceb5779f

reference_url

https://github.com/FasterXML/jackson-databind/issues/2478

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2478

reference_url

https://issues.apache.org/jira/browse/GEODE-7255

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/GEODE-7255

reference_url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/7782a937c9259a58337ee36b2961f00e2d744feafc13084e176d0df5@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/7782a937c9259a58337ee36b2961f00e2d744feafc13084e176d0df5@%3Cissues.geode.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954@%3Cissues.geode.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b2e23c94f9dfef53e04c492e5d02e5c75201734be7adc73a49ef2370@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b2e23c94f9dfef53e04c492e5d02e5c75201734be7adc73a49ef2370@%3Cissues.geode.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT

reference_url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20191017-0006

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20191017-0006

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1758187
reference_id	1758187
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1758187

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941530
reference_id	941530
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941530

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-16942

reference_id

CVE-2019-16942

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-16942

reference_url	https://access.redhat.com/errata/RHSA-2020:0895
reference_id	RHSA-2020:0895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0895

reference_url	https://access.redhat.com/errata/RHSA-2020:0899
reference_id	RHSA-2020:0899
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0899

reference_url	https://access.redhat.com/errata/RHSA-2020:0939
reference_id	RHSA-2020:0939
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0939

reference_url	https://access.redhat.com/errata/RHSA-2020:1644
reference_id	RHSA-2020:1644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1644

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2321
reference_id	RHSA-2020:2321
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2321

reference_url	https://access.redhat.com/errata/RHSA-2020:2333
reference_id	RHSA-2020:2333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2333

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1uan-q6u8-affj

vulnerability	VCID-1z31-s1cu-bbh4

vulnerability	VCID-7svn-u8ub-4faw

vulnerability	VCID-88hx-kauy-4fcy

vulnerability	VCID-8ec9-5qt4-duat

vulnerability	VCID-8htk-33f4-4ufg

vulnerability	VCID-auzw-j1fc-jff8

vulnerability	VCID-cnns-pjex-4ybt

vulnerability	VCID-ez2q-xgz1-rkab

vulnerability	VCID-kdkp-1ucy-w3g1

vulnerability	VCID-m3y5-xa6w-83b6

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-tfky-edec-13gw

vulnerability	VCID-ujnp-2f3v-s3h3

vulnerability	VCID-uzry-ts4t-fbc8

vulnerability	VCID-vnh3-bvyq-13d6

vulnerability	VCID-vqke-p81x-sffn

vulnerability	VCID-w7nq-y9sx-nfcc

vulnerability	VCID-zm3q-aquc-pqg7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1uan-q6u8-affj

vulnerability	VCID-39mg-y1k8-xbf9

vulnerability	VCID-88hx-kauy-4fcy

vulnerability	VCID-8htk-33f4-4ufg

vulnerability	VCID-auzw-j1fc-jff8

vulnerability	VCID-cnns-pjex-4ybt

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-t79w-jeyp-suaw

vulnerability	VCID-u37s-5nn4-wqbx

vulnerability	VCID-vnh3-bvyq-13d6

vulnerability	VCID-vqke-p81x-sffn

vulnerability	VCID-w7nq-y9sx-nfcc

vulnerability	VCID-wqg8-5kwe-vuem

vulnerability	VCID-zbfc-s76k-gfgv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1z31-s1cu-bbh4

vulnerability	VCID-314g-t8xy-5khg

vulnerability	VCID-7svn-u8ub-4faw

vulnerability	VCID-89dx-2s8k-mufw

vulnerability	VCID-c1uz-emh5-9fhe

vulnerability	VCID-crra-28kn-mqab

vulnerability	VCID-dd77-bpcr-zfam

vulnerability	VCID-gxpn-pz3c-gugf

vulnerability	VCID-q6zd-khan-9yhj

vulnerability	VCID-q7ye-13eq-vuhy

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-rsg7-5tup-4bd1

vulnerability	VCID-ujnp-2f3v-s3h3

vulnerability	VCID-uzry-ts4t-fbc8

vulnerability	VCID-vnh3-bvyq-13d6

vulnerability	VCID-w5gg-jtut-qkcc

vulnerability	VCID-y3uj-myy6-kbha

vulnerability	VCID-z9uf-p9w2-57fj

vulnerability	VCID-zbfc-s76k-gfgv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1

aliases CVE-2019-16942, GHSA-mx7p-6679-8g3q

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1uan-q6u8-affj

url VCID-8htk-33f4-4ufg

vulnerability_id VCID-8htk-33f4-4ufg

summary

Improper Input Validation
A Polymorphic Typing issue was discovered in FasterXML jackson-databind. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of `com.p6spy.engine.spy.P6DataSource` mishandling.

references

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16943.json

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16943.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-16943

reference_id

reference_type

scores

value	0.01891
scoring_system	epss
scoring_elements	0.83533
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-16943

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/328a0f833daf6baa443ac3b37c818a0204714b0b

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/328a0f833daf6baa443ac3b37c818a0204714b0b

reference_url

https://github.com/FasterXML/jackson-databind/commit/bc67eb11a7cf57561f861ff16f879f1fceb5779f

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/bc67eb11a7cf57561f861ff16f879f1fceb5779f

reference_url

https://github.com/FasterXML/jackson-databind/issues/2478

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2478

reference_url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E

reference_url

https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT

reference_url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20191017-0006

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20191017-0006

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1758191
reference_id	1758191
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1758191

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941530
reference_id	941530
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941530

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-16943

reference_id

CVE-2019-16943

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-16943

reference_url	https://access.redhat.com/errata/RHSA-2020:0895
reference_id	RHSA-2020:0895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0895

reference_url	https://access.redhat.com/errata/RHSA-2020:0899
reference_id	RHSA-2020:0899
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0899

reference_url	https://access.redhat.com/errata/RHSA-2020:0939
reference_id	RHSA-2020:0939
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0939

reference_url	https://access.redhat.com/errata/RHSA-2020:1644
reference_id	RHSA-2020:1644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1644

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2321
reference_id	RHSA-2020:2321
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2321

reference_url	https://access.redhat.com/errata/RHSA-2020:2333
reference_id	RHSA-2020:2333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2333

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1uan-q6u8-affj

vulnerability	VCID-1z31-s1cu-bbh4

vulnerability	VCID-7svn-u8ub-4faw

vulnerability	VCID-88hx-kauy-4fcy

vulnerability	VCID-8ec9-5qt4-duat

vulnerability	VCID-8htk-33f4-4ufg

vulnerability	VCID-auzw-j1fc-jff8

vulnerability	VCID-cnns-pjex-4ybt

vulnerability	VCID-ez2q-xgz1-rkab

vulnerability	VCID-kdkp-1ucy-w3g1

vulnerability	VCID-m3y5-xa6w-83b6

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-tfky-edec-13gw

vulnerability	VCID-ujnp-2f3v-s3h3

vulnerability	VCID-uzry-ts4t-fbc8

vulnerability	VCID-vnh3-bvyq-13d6

vulnerability	VCID-vqke-p81x-sffn

vulnerability	VCID-w7nq-y9sx-nfcc

vulnerability	VCID-zm3q-aquc-pqg7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1uan-q6u8-affj

vulnerability	VCID-39mg-y1k8-xbf9

vulnerability	VCID-88hx-kauy-4fcy

vulnerability	VCID-8htk-33f4-4ufg

vulnerability	VCID-auzw-j1fc-jff8

vulnerability	VCID-cnns-pjex-4ybt

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-t79w-jeyp-suaw

vulnerability	VCID-u37s-5nn4-wqbx

vulnerability	VCID-vnh3-bvyq-13d6

vulnerability	VCID-vqke-p81x-sffn

vulnerability	VCID-w7nq-y9sx-nfcc

vulnerability	VCID-wqg8-5kwe-vuem

vulnerability	VCID-zbfc-s76k-gfgv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1z31-s1cu-bbh4

vulnerability	VCID-314g-t8xy-5khg

vulnerability	VCID-7svn-u8ub-4faw

vulnerability	VCID-89dx-2s8k-mufw

vulnerability	VCID-c1uz-emh5-9fhe

vulnerability	VCID-crra-28kn-mqab

vulnerability	VCID-dd77-bpcr-zfam

vulnerability	VCID-gxpn-pz3c-gugf

vulnerability	VCID-q6zd-khan-9yhj

vulnerability	VCID-q7ye-13eq-vuhy

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-rsg7-5tup-4bd1

vulnerability	VCID-ujnp-2f3v-s3h3

vulnerability	VCID-uzry-ts4t-fbc8

vulnerability	VCID-vnh3-bvyq-13d6

vulnerability	VCID-w5gg-jtut-qkcc

vulnerability	VCID-y3uj-myy6-kbha

vulnerability	VCID-z9uf-p9w2-57fj

vulnerability	VCID-zbfc-s76k-gfgv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1

aliases CVE-2019-16943, GHSA-fmmc-742q-jg75

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8htk-33f4-4ufg

url VCID-auzw-j1fc-jff8

vulnerability_id VCID-auzw-j1fc-jff8

summary

Improper Input Validation
A Polymorphic Typing issue was discovered in FasterXML jackson-databind. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the `apache-log4j-extra` in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.

references

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17531.json

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17531.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-17531

reference_id

reference_type

scores

value	0.01223
scoring_system	epss
scoring_elements	0.79444
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-17531

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url