Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie

Type deb

Namespace debian

Name jackson-databind

Version 2.12.1-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2.13.2.2-1

Latest_non_vulnerable_version 2.14.0+ds-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-4an1-3hs5-3yd6

vulnerability_id VCID-4an1-3hs5-3yd6

summary

Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36183.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36183.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36183

reference_id

reference_type

scores

value	0.02061
scoring_system	epss
scoring_elements	0.8394
published_at	2026-04-21T12:55:00Z

value	0.02061
scoring_system	epss
scoring_elements	0.83939
published_at	2026-04-18T12:55:00Z

value	0.02061
scoring_system	epss
scoring_elements	0.8386
published_at	2026-04-02T12:55:00Z

value	0.02061
scoring_system	epss
scoring_elements	0.83846
published_at	2026-04-01T12:55:00Z

value	0.02061
scoring_system	epss
scoring_elements	0.83914
published_at	2026-04-13T12:55:00Z

value	0.02061
scoring_system	epss
scoring_elements	0.83918
published_at	2026-04-12T12:55:00Z

value	0.02061
scoring_system	epss
scoring_elements	0.83924
published_at	2026-04-11T12:55:00Z

value	0.02061
scoring_system	epss
scoring_elements	0.83907
published_at	2026-04-09T12:55:00Z

value	0.02061
scoring_system	epss
scoring_elements	0.83901
published_at	2026-04-08T12:55:00Z

value	0.02061
scoring_system	epss
scoring_elements	0.83877
published_at	2026-04-07T12:55:00Z

value	0.02061
scoring_system	epss
scoring_elements	0.83876
published_at	2026-04-04T12:55:00Z

value	0.02068
scoring_system	epss
scoring_elements	0.83988
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36183

reference_url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36183
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36183

reference_url

https://github.com/FasterXML/jackson-databind

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind

reference_url

https://github.com/FasterXML/jackson-databind/commit/12e23c962ffb4cf1857c5461d72ae54cc8008f29

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/12e23c962ffb4cf1857c5461d72ae54cc8008f29

reference_url

https://github.com/FasterXML/jackson-databind/issues/3003

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/3003

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_url	https://security.netapp.com/advisory/ntap-20210205-0005/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210205-0005/

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1913927
reference_id	1913927
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1913927

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-36183

reference_id

CVE-2020-36183

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-36183

reference_url

https://github.com/advisories/GHSA-9m6f-7xcq-8vf8

reference_id

GHSA-9m6f-7xcq-8vf8

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9m6f-7xcq-8vf8

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

fixed_packages

url	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%3Fdistro=trixie

url pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cup-9gdn-yyhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0-1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0%252Bds-1%3Fdistro=trixie

aliases CVE-2020-36183, GHSA-9m6f-7xcq-8vf8

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4an1-3hs5-3yd6

url VCID-4vx2-s262-ckbp

vulnerability_id VCID-4vx2-s262-ckbp

summary

Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36188.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36188.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36188

reference_id

reference_type

scores

value	0.0944
scoring_system	epss
scoring_elements	0.92818
published_at	2026-04-21T12:55:00Z

value	0.0944
scoring_system	epss
scoring_elements	0.92814
published_at	2026-04-18T12:55:00Z

value	0.0944
scoring_system	epss
scoring_elements	0.92783
published_at	2026-04-02T12:55:00Z

value	0.0944
scoring_system	epss
scoring_elements	0.92777
published_at	2026-04-01T12:55:00Z

value	0.0944
scoring_system	epss
scoring_elements	0.92813
published_at	2026-04-16T12:55:00Z

value	0.0944
scoring_system	epss
scoring_elements	0.92802
published_at	2026-04-12T12:55:00Z

value	0.0944
scoring_system	epss
scoring_elements	0.92803
published_at	2026-04-13T12:55:00Z

value	0.0944
scoring_system	epss
scoring_elements	0.92799
published_at	2026-04-09T12:55:00Z

value	0.0944
scoring_system	epss
scoring_elements	0.92795
published_at	2026-04-08T12:55:00Z

value	0.0944
scoring_system	epss
scoring_elements	0.92785
published_at	2026-04-07T12:55:00Z

value	0.0944
scoring_system	epss
scoring_elements	0.92788
published_at	2026-04-04T12:55:00Z

value	0.09471
scoring_system	epss
scoring_elements	0.92842
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36188

reference_url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36188
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36188

reference_url

https://github.com/FasterXML/jackson-databind

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind

reference_url

https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4

reference_url

https://github.com/FasterXML/jackson-databind/issues/2996

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2996

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_url	https://security.netapp.com/advisory/ntap-20210205-0005/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210205-0005/

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1913934
reference_id	1913934
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1913934

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-36188

reference_id

CVE-2020-36188

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-36188

reference_url

https://github.com/advisories/GHSA-f9xh-2qgp-cq57

reference_id

GHSA-f9xh-2qgp-cq57

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f9xh-2qgp-cq57

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

fixed_packages

url	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%3Fdistro=trixie

url pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cup-9gdn-yyhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0-1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0%252Bds-1%3Fdistro=trixie

aliases CVE-2020-36188, GHSA-f9xh-2qgp-cq57

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4vx2-s262-ckbp

url VCID-5te6-415m-c7df

vulnerability_id VCID-5te6-415m-c7df

summary

Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24750.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24750.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-24750

reference_id

reference_type

scores

value	0.01997
scoring_system	epss
scoring_elements	0.83705
published_at	2026-04-24T12:55:00Z

value	0.01997
scoring_system	epss
scoring_elements	0.83681
published_at	2026-04-21T12:55:00Z

value	0.01997
scoring_system	epss
scoring_elements	0.8368
published_at	2026-04-16T12:55:00Z

value	0.01997
scoring_system	epss
scoring_elements	0.8358
published_at	2026-04-01T12:55:00Z

value	0.01997
scoring_system	epss
scoring_elements	0.83645
published_at	2026-04-13T12:55:00Z

value	0.01997
scoring_system	epss
scoring_elements	0.8365
published_at	2026-04-12T12:55:00Z

value	0.01997
scoring_system	epss
scoring_elements	0.83657
published_at	2026-04-11T12:55:00Z

value	0.01997
scoring_system	epss
scoring_elements	0.8364
published_at	2026-04-09T12:55:00Z

value	0.01997
scoring_system	epss
scoring_elements	0.83632
published_at	2026-04-08T12:55:00Z

value	0.01997
scoring_system	epss
scoring_elements	0.83608
published_at	2026-04-07T12:55:00Z

value	0.01997
scoring_system	epss
scoring_elements	0.83606
published_at	2026-04-04T12:55:00Z

value	0.01997
scoring_system	epss
scoring_elements	0.83592
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-24750

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24750
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24750

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/FasterXML/jackson-databind

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind

reference_url

https://github.com/FasterXML/jackson-databind/commit/2118e71325486c68f089a9761c9d8a11b4ddd1cb

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/2118e71325486c68f089a9761c9d8a11b4ddd1cb

reference_url

https://github.com/FasterXML/jackson-databind/commit/6cc9f1a1af323cd156f5668a47e43bab324ae16f

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/6cc9f1a1af323cd156f5668a47e43bab324ae16f

reference_url

https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b

reference_url

https://github.com/FasterXML/jackson-databind/issues/2798

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2798

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20201009-0003

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20201009-0003

reference_url	https://security.netapp.com/advisory/ntap-20201009-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20201009-0003/

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1882310
reference_id	1882310
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1882310

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-24750

reference_id

CVE-2020-24750

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-24750

reference_url

https://github.com/advisories/GHSA-qjw2-hr98-qgfh

reference_id

GHSA-qjw2-hr98-qgfh

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qjw2-hr98-qgfh

reference_url	https://access.redhat.com/errata/RHSA-2020:4173
reference_id	RHSA-2020:4173
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4173

reference_url	https://access.redhat.com/errata/RHSA-2020:5635
reference_id	RHSA-2020:5635
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5635

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

fixed_packages

url	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%3Fdistro=trixie

url pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cup-9gdn-yyhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0-1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0%252Bds-1%3Fdistro=trixie

aliases CVE-2020-24750, GHSA-qjw2-hr98-qgfh

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5te6-415m-c7df

url VCID-7qga-wsz6-kqcn

vulnerability_id VCID-7qga-wsz6-kqcn

summary

Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36182.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36182.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36182

reference_id

reference_type

scores

value	0.02715
scoring_system	epss
scoring_elements	0.85936
published_at	2026-04-21T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85945
published_at	2026-04-18T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85941
published_at	2026-04-16T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85855
published_at	2026-04-01T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85922
published_at	2026-04-13T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85928
published_at	2026-04-12T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85931
published_at	2026-04-11T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85916
published_at	2026-04-09T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85906
published_at	2026-04-08T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85888
published_at	2026-04-07T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85884
published_at	2026-04-04T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85867
published_at	2026-04-02T12:55:00Z

value	0.02725
scoring_system	epss
scoring_elements	0.85975
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36182

reference_url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/

url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36182
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36182

reference_url

https://github.com/FasterXML/jackson-databind

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind

reference_url

https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b

reference_url

https://github.com/FasterXML/jackson-databind/issues/3004

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/

url

https://github.com/FasterXML/jackson-databind/issues/3004

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_url

https://security.netapp.com/advisory/ntap-20210205-0005/

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/

url

https://security.netapp.com/advisory/ntap-20210205-0005/

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1913926
reference_id	1913926
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1913926

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-36182

reference_id

CVE-2020-36182

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-36182

reference_url

https://github.com/advisories/GHSA-89qr-369f-5m5x

reference_id

GHSA-89qr-369f-5m5x

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-89qr-369f-5m5x

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

fixed_packages

url	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%3Fdistro=trixie

url pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cup-9gdn-yyhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0-1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0%252Bds-1%3Fdistro=trixie

aliases CVE-2020-36182, GHSA-89qr-369f-5m5x

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7qga-wsz6-kqcn

url VCID-8ns6-kacn-dkeg

vulnerability_id VCID-8ns6-kacn-dkeg

summary

Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36189.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36189.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36189

reference_id

reference_type

scores

value	0.03941
scoring_system	epss
scoring_elements	0.88352
published_at	2026-04-18T12:55:00Z

value	0.03941
scoring_system	epss
scoring_elements	0.88356
published_at	2026-04-16T12:55:00Z

value	0.03941
scoring_system	epss
scoring_elements	0.88297
published_at	2026-04-02T12:55:00Z

value	0.03941
scoring_system	epss
scoring_elements	0.88289
published_at	2026-04-01T12:55:00Z

value	0.03941
scoring_system	epss
scoring_elements	0.88343
published_at	2026-04-13T12:55:00Z

value	0.03941
scoring_system	epss
scoring_elements	0.88351
published_at	2026-04-21T12:55:00Z

value	0.03941
scoring_system	epss
scoring_elements	0.88341
published_at	2026-04-09T12:55:00Z

value	0.03941
scoring_system	epss
scoring_elements	0.88335
published_at	2026-04-08T12:55:00Z

value	0.03941
scoring_system	epss
scoring_elements	0.88315
published_at	2026-04-07T12:55:00Z

value	0.03941
scoring_system	epss
scoring_elements	0.88311
published_at	2026-04-04T12:55:00Z

value	0.03985
scoring_system	epss
scoring_elements	0.88432
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36189

reference_url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36189
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36189

reference_url

https://github.com/FasterXML/jackson-databind

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind

reference_url

https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4

reference_url

https://github.com/FasterXML/jackson-databind/issues/2996

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2996

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_url	https://security.netapp.com/advisory/ntap-20210205-0005/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210205-0005/

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1913937
reference_id	1913937
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1913937

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-36189

reference_id

CVE-2020-36189

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-36189

reference_url

https://github.com/advisories/GHSA-vfqx-33qm-g869

reference_id

GHSA-vfqx-33qm-g869

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vfqx-33qm-g869

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

fixed_packages

url	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%3Fdistro=trixie

url pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cup-9gdn-yyhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0-1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0%252Bds-1%3Fdistro=trixie

aliases CVE-2020-36189, GHSA-vfqx-33qm-g869

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8ns6-kacn-dkeg

url VCID-cytp-mr4h-g3ds

vulnerability_id VCID-cytp-mr4h-g3ds

summary

Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36184.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36184.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36184

reference_id

reference_type

scores

value	0.0691
scoring_system	epss
scoring_elements	0.91421
published_at	2026-04-21T12:55:00Z

value	0.0691
scoring_system	epss
scoring_elements	0.91419
published_at	2026-04-18T12:55:00Z

value	0.0691
scoring_system	epss
scoring_elements	0.91423
published_at	2026-04-16T12:55:00Z

value	0.0691
scoring_system	epss
scoring_elements	0.91354
published_at	2026-04-02T12:55:00Z

value	0.0691
scoring_system	epss
scoring_elements	0.91398
published_at	2026-04-13T12:55:00Z

value	0.0691
scoring_system	epss
scoring_elements	0.91399
published_at	2026-04-12T12:55:00Z

value	0.0691
scoring_system	epss
scoring_elements	0.91364
published_at	2026-04-04T12:55:00Z

value	0.0691
scoring_system	epss
scoring_elements	0.91348
published_at	2026-04-01T12:55:00Z

value	0.0691
scoring_system	epss
scoring_elements	0.91396
published_at	2026-04-11T12:55:00Z

value	0.0691
scoring_system	epss
scoring_elements	0.9139
published_at	2026-04-09T12:55:00Z

value	0.0691
scoring_system	epss
scoring_elements	0.91383
published_at	2026-04-08T12:55:00Z

value	0.0691
scoring_system	epss
scoring_elements	0.91371
published_at	2026-04-07T12:55:00Z

value	0.06933
scoring_system	epss
scoring_elements	0.91448
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36184

reference_url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/

url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36184
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36184

reference_url

https://github.com/FasterXML/jackson-databind

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind

reference_url

https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a

reference_url

https://github.com/FasterXML/jackson-databind/issues/2998

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/

url

https://github.com/FasterXML/jackson-databind/issues/2998

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_url

https://security.netapp.com/advisory/ntap-20210205-0005/

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/

url

https://security.netapp.com/advisory/ntap-20210205-0005/

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1913928
reference_id	1913928
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1913928

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-36184

reference_id

CVE-2020-36184

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-36184

reference_url

https://github.com/advisories/GHSA-m6x4-97wx-4q27

reference_id

GHSA-m6x4-97wx-4q27

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m6x4-97wx-4q27

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

fixed_packages

url	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%3Fdistro=trixie

url pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cup-9gdn-yyhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0-1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0%252Bds-1%3Fdistro=trixie

aliases CVE-2020-36184, GHSA-m6x4-97wx-4q27

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cytp-mr4h-g3ds

url VCID-ec58-s3nd-7yaz

vulnerability_id VCID-ec58-s3nd-7yaz

summary

Deserialization of untrusted data in jackson-databind
A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20190.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20190.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-20190

reference_id

reference_type

scores

value	0.00502
scoring_system	epss
scoring_elements	0.65976
published_at	2026-04-01T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66018
published_at	2026-04-02T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66109
published_at	2026-04-24T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66014
published_at	2026-04-07T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66094
published_at	2026-04-11T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66075
published_at	2026-04-09T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66063
published_at	2026-04-08T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66047
published_at	2026-04-04T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66101
published_at	2026-04-18T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66087
published_at	2026-04-16T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66052
published_at	2026-04-13T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66082
published_at	2026-04-12T12:55:00Z

value	0.00633
scoring_system	epss
scoring_elements	0.70382
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-20190

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1916633

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:35:59Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=1916633

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20190
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20190

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/FasterXML/jackson-databind

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind

reference_url

https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88

reference_url

https://github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a

reference_url

https://github.com/FasterXML/jackson-databind/issues/2854

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:35:59Z/

url

https://github.com/FasterXML/jackson-databind/issues/2854

reference_url

https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a@%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a@%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:35:59Z/

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-20190

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-20190

reference_url

https://security.netapp.com/advisory/ntap-20210219-0008

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210219-0008

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:35:59Z/

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://github.com/advisories/GHSA-5949-rw7g-wx7w

reference_id

GHSA-5949-rw7g-wx7w

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5949-rw7g-wx7w

reference_url

https://security.netapp.com/advisory/ntap-20210219-0008/

reference_id

ntap-20210219-0008

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:35:59Z/

url

https://security.netapp.com/advisory/ntap-20210219-0008/

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

fixed_packages

url	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%3Fdistro=trixie

url pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cup-9gdn-yyhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0-1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0%252Bds-1%3Fdistro=trixie

aliases CVE-2021-20190, GHSA-5949-rw7g-wx7w

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ec58-s3nd-7yaz

url VCID-gtzx-y5f1-vye3

vulnerability_id VCID-gtzx-y5f1-vye3

summary

Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36181.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36181.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36181

reference_id

reference_type

scores

value	0.05412
scoring_system	epss
scoring_elements	0.90156
published_at	2026-04-21T12:55:00Z

value	0.05412
scoring_system	epss
scoring_elements	0.9016
published_at	2026-04-18T12:55:00Z

value	0.05412
scoring_system	epss
scoring_elements	0.90143
published_at	2026-04-13T12:55:00Z

value	0.05412
scoring_system	epss
scoring_elements	0.90103
published_at	2026-04-02T12:55:00Z

value	0.05412
scoring_system	epss
scoring_elements	0.90119
published_at	2026-04-07T12:55:00Z

value	0.05412
scoring_system	epss
scoring_elements	0.90115
published_at	2026-04-04T12:55:00Z

value	0.05412
scoring_system	epss
scoring_elements	0.901
published_at	2026-04-01T12:55:00Z

value	0.05412
scoring_system	epss
scoring_elements	0.90148
published_at	2026-04-12T12:55:00Z

value	0.05412
scoring_system	epss
scoring_elements	0.90149
published_at	2026-04-11T12:55:00Z

value	0.05412
scoring_system	epss
scoring_elements	0.90141
published_at	2026-04-09T12:55:00Z

value	0.05412
scoring_system	epss
scoring_elements	0.90134
published_at	2026-04-08T12:55:00Z

value	0.0543
scoring_system	epss
scoring_elements	0.90197
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36181

reference_url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/

url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36181
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36181

reference_url

https://github.com/FasterXML/jackson-databind

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind

reference_url

https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b

reference_url

https://github.com/FasterXML/jackson-databind/issues/3004

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/

url

https://github.com/FasterXML/jackson-databind/issues/3004

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_url

https://security.netapp.com/advisory/ntap-20210205-0005/

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/

url

https://security.netapp.com/advisory/ntap-20210205-0005/

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1913874
reference_id	1913874
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1913874

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-36181

reference_id

CVE-2020-36181

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-36181

reference_url

https://github.com/advisories/GHSA-cvm9-fjm9-3572

reference_id

GHSA-cvm9-fjm9-3572

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cvm9-fjm9-3572

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

fixed_packages

url	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%3Fdistro=trixie

url pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cup-9gdn-yyhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0-1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0%252Bds-1%3Fdistro=trixie

aliases CVE-2020-36181, GHSA-cvm9-fjm9-3572

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gtzx-y5f1-vye3

url VCID-hwnx-vf4v-f3db

vulnerability_id VCID-hwnx-vf4v-f3db

summary

Code Injection in jackson-databind
This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24616.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24616.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-24616

reference_id

reference_type

scores

value	0.02676
scoring_system	epss
scoring_elements	0.8587
published_at	2026-04-24T12:55:00Z

value	0.02676
scoring_system	epss
scoring_elements	0.85853
published_at	2026-04-18T12:55:00Z

value	0.02676
scoring_system	epss
scoring_elements	0.85848
published_at	2026-04-21T12:55:00Z

value	0.02676
scoring_system	epss
scoring_elements	0.85829
published_at	2026-04-13T12:55:00Z

value	0.02676
scoring_system	epss
scoring_elements	0.85833
published_at	2026-04-12T12:55:00Z

value	0.02676
scoring_system	epss
scoring_elements	0.85837
published_at	2026-04-11T12:55:00Z

value	0.02676
scoring_system	epss
scoring_elements	0.85768
published_at	2026-04-02T12:55:00Z

value	0.02676
scoring_system	epss
scoring_elements	0.85756
published_at	2026-04-01T12:55:00Z

value	0.02676
scoring_system	epss
scoring_elements	0.85822
published_at	2026-04-09T12:55:00Z

value	0.02676
scoring_system	epss
scoring_elements	0.85811
published_at	2026-04-08T12:55:00Z

value	0.02676
scoring_system	epss
scoring_elements	0.85792
published_at	2026-04-07T12:55:00Z

value	0.02676
scoring_system	epss
scoring_elements	0.85787
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-24616

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24616
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24616

reference_url

https://github.com/FasterXML/jackson-databind

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind

reference_url

https://github.com/FasterXML/jackson-databind/commit/3d97153944f7de9c19c1b3637b33d3cf1fbbe4d7

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/3d97153944f7de9c19c1b3637b33d3cf1fbbe4d7

reference_url

https://github.com/FasterXML/jackson-databind/issues/2814

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2814

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

https://security.netapp.com/advisory/ntap-20200904-0006

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200904-0006

reference_url	https://security.netapp.com/advisory/ntap-20200904-0006/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200904-0006/

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1872707
reference_id	1872707
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1872707

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-24616

reference_id

CVE-2020-24616

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-24616

reference_url

https://github.com/advisories/GHSA-h3cw-g4mq-c5x2

reference_id

GHSA-h3cw-g4mq-c5x2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h3cw-g4mq-c5x2

fixed_packages

url	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%3Fdistro=trixie

url pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cup-9gdn-yyhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0-1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0%252Bds-1%3Fdistro=trixie

aliases CVE-2020-24616, GHSA-h3cw-g4mq-c5x2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hwnx-vf4v-f3db

url VCID-jcgb-bewy-4kff

vulnerability_id VCID-jcgb-bewy-4kff

summary

Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36185.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36185.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36185

reference_id

reference_type

scores

value	0.02715
scoring_system	epss
scoring_elements	0.85936
published_at	2026-04-21T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85945
published_at	2026-04-18T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85884
published_at	2026-04-04T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85941
published_at	2026-04-16T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85922
published_at	2026-04-13T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85928
published_at	2026-04-12T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85931
published_at	2026-04-11T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85916
published_at	2026-04-09T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85906
published_at	2026-04-08T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85888
published_at	2026-04-07T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85867
published_at	2026-04-02T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85855
published_at	2026-04-01T12:55:00Z

value	0.02725
scoring_system	epss
scoring_elements	0.85975
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36185

reference_url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36185
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36185

reference_url

https://github.com/FasterXML/jackson-databind

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind

reference_url

https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a

reference_url

https://github.com/FasterXML/jackson-databind/issues/2998

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2998

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_url	https://security.netapp.com/advisory/ntap-20210205-0005/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210205-0005/

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1913929
reference_id	1913929
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1913929

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-36185

reference_id

CVE-2020-36185

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-36185

reference_url

https://github.com/advisories/GHSA-8w26-6f25-cm9x

reference_id

GHSA-8w26-6f25-cm9x

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8w26-6f25-cm9x

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

fixed_packages

url	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%3Fdistro=trixie

url pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cup-9gdn-yyhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0-1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0%252Bds-1%3Fdistro=trixie

aliases CVE-2020-36185, GHSA-8w26-6f25-cm9x

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jcgb-bewy-4kff

url VCID-swqd-uk56-wkat

vulnerability_id VCID-swqd-uk56-wkat

summary

Serialization gadgets exploit in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35491.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35491.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35491

reference_id

reference_type

scores

value	0.05713
scoring_system	epss
scoring_elements	0.90453
published_at	2026-04-24T12:55:00Z

value	0.05713
scoring_system	epss
scoring_elements	0.90439
published_at	2026-04-21T12:55:00Z

value	0.05713
scoring_system	epss
scoring_elements	0.90441
published_at	2026-04-18T12:55:00Z

value	0.05713
scoring_system	epss
scoring_elements	0.90426
published_at	2026-04-13T12:55:00Z

value	0.05713
scoring_system	epss
scoring_elements	0.90433
published_at	2026-04-12T12:55:00Z

value	0.05713
scoring_system	epss
scoring_elements	0.90425
published_at	2026-04-09T12:55:00Z

value	0.05713
scoring_system	epss
scoring_elements	0.90419
published_at	2026-04-08T12:55:00Z

value	0.05713
scoring_system	epss
scoring_elements	0.90405
published_at	2026-04-07T12:55:00Z

value	0.05713
scoring_system	epss
scoring_elements	0.90401
published_at	2026-04-04T12:55:00Z

value	0.05713
scoring_system	epss
scoring_elements	0.90386
published_at	2026-04-01T12:55:00Z

value	0.05713
scoring_system	epss
scoring_elements	0.90388
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35491

reference_url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35491
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35491

reference_url

https://github.com/FasterXML/jackson-databind

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind

reference_url

https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d

reference_url

https://github.com/FasterXML/jackson-databind/issues/2986

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2986

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-35491

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-35491

reference_url

https://security.netapp.com/advisory/ntap-20210122-0005

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210122-0005

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1909269
reference_id	1909269
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1909269

reference_url

https://github.com/advisories/GHSA-r3gr-cxrf-hg25

reference_id

GHSA-r3gr-cxrf-hg25

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r3gr-cxrf-hg25

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

fixed_packages

url	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%3Fdistro=trixie

url pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cup-9gdn-yyhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0-1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0%252Bds-1%3Fdistro=trixie

aliases CVE-2020-35491, GHSA-r3gr-cxrf-hg25

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-swqd-uk56-wkat

url VCID-u87p-2xgz-e3fj

vulnerability_id VCID-u87p-2xgz-e3fj

summary

Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36187.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36187.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36187

reference_id

reference_type

scores

value	0.02147
scoring_system	epss
scoring_elements	0.84257
published_at	2026-04-21T12:55:00Z

value	0.02147
scoring_system	epss
scoring_elements	0.84252
published_at	2026-04-18T12:55:00Z

value	0.02147
scoring_system	epss
scoring_elements	0.8416
published_at	2026-04-01T12:55:00Z

value	0.02147
scoring_system	epss
scoring_elements	0.84238
published_at	2026-04-11T12:55:00Z

value	0.02147
scoring_system	epss
scoring_elements	0.8422
published_at	2026-04-09T12:55:00Z

value	0.02147
scoring_system	epss
scoring_elements	0.84214
published_at	2026-04-08T12:55:00Z

value	0.02147
scoring_system	epss
scoring_elements	0.84192
published_at	2026-04-07T12:55:00Z

value	0.02147
scoring_system	epss
scoring_elements	0.84191
published_at	2026-04-04T12:55:00Z

value	0.02147
scoring_system	epss
scoring_elements	0.84173
published_at	2026-04-02T12:55:00Z

value	0.02147
scoring_system	epss
scoring_elements	0.84251
published_at	2026-04-16T12:55:00Z

value	0.02147
scoring_system	epss
scoring_elements	0.84229
published_at	2026-04-13T12:55:00Z

value	0.02147
scoring_system	epss
scoring_elements	0.84232
published_at	2026-04-12T12:55:00Z

value	0.02155
scoring_system	epss
scoring_elements	0.84317
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36187

reference_url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36187
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36187

reference_url

https://github.com/FasterXML/jackson-databind

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind

reference_url

https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1

reference_url

https://github.com/FasterXML/jackson-databind/issues/2997

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2997

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-36187

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-36187

reference_url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_url	https://security.netapp.com/advisory/ntap-20210205-0005/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210205-0005/

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1913933
reference_id	1913933
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1913933

reference_url

https://github.com/advisories/GHSA-r695-7vr9-jgc2

reference_id

GHSA-r695-7vr9-jgc2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r695-7vr9-jgc2

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

fixed_packages

url	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%3Fdistro=trixie

url pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cup-9gdn-yyhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0-1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0%252Bds-1%3Fdistro=trixie

aliases CVE-2020-36187, GHSA-r695-7vr9-jgc2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u87p-2xgz-e3fj

url VCID-uhnv-3cny-qkgx

vulnerability_id VCID-uhnv-3cny-qkgx

summary

Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36179.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36179.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36179

reference_id

reference_type

scores

value	0.60256
scoring_system	epss
scoring_elements	0.98285
published_at	2026-04-24T12:55:00Z

value	0.60256
scoring_system	epss
scoring_elements	0.98283
published_at	2026-04-21T12:55:00Z

value	0.60256
scoring_system	epss
scoring_elements	0.98277
published_at	2026-04-13T12:55:00Z

value	0.60256
scoring_system	epss
scoring_elements	0.98276
published_at	2026-04-11T12:55:00Z

value	0.60256
scoring_system	epss
scoring_elements	0.98273
published_at	2026-04-09T12:55:00Z

value	0.60256
scoring_system	epss
scoring_elements	0.98272
published_at	2026-04-08T12:55:00Z

value	0.60256
scoring_system	epss
scoring_elements	0.98267
published_at	2026-04-07T12:55:00Z

value	0.60256
scoring_system	epss
scoring_elements	0.98264
published_at	2026-04-02T12:55:00Z

value	0.60256
scoring_system	epss
scoring_elements	0.98261
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36179

reference_url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/

url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36179
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36179

reference_url

https://github.com/FasterXML/jackson-databind

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind

reference_url

https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b

reference_url

https://github.com/FasterXML/jackson-databind/issues/3004

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/

url

https://github.com/FasterXML/jackson-databind/issues/3004

reference_url

https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436@%3Cissues.spark.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436@%3Cissues.spark.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_url

https://security.netapp.com/advisory/ntap-20210205-0005/

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/

url

https://security.netapp.com/advisory/ntap-20210205-0005/

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1913871
reference_id	1913871
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1913871

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-36179

reference_id

CVE-2020-36179

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-36179

reference_url

https://github.com/advisories/GHSA-9gph-22xh-8x98

reference_id

GHSA-9gph-22xh-8x98

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9gph-22xh-8x98

reference_url

https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436%40%3Cissues.spark.apache.org%3E

reference_id

rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436%40%3Cissues.spark.apache.org%3E

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/

url

https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436%40%3Cissues.spark.apache.org%3E

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

fixed_packages

url	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%3Fdistro=trixie

url pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cup-9gdn-yyhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0-1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0%252Bds-1%3Fdistro=trixie

aliases CVE-2020-36179, GHSA-9gph-22xh-8x98

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uhnv-3cny-qkgx

url VCID-ukwd-7rkh-sfhj

vulnerability_id VCID-ukwd-7rkh-sfhj

summary

Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35728.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35728.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35728

reference_id

reference_type

scores

value	0.39669
scoring_system	epss
scoring_elements	0.973
published_at	2026-04-04T12:55:00Z

value	0.39669
scoring_system	epss
scoring_elements	0.97296
published_at	2026-04-02T12:55:00Z

value	0.40254
scoring_system	epss
scoring_elements	0.97322
published_at	2026-04-01T12:55:00Z

value	0.40547
scoring_system	epss
scoring_elements	0.97356
published_at	2026-04-13T12:55:00Z

value	0.40547
scoring_system	epss
scoring_elements	0.97355
published_at	2026-04-12T12:55:00Z

value	0.40547
scoring_system	epss
scoring_elements	0.97351
published_at	2026-04-08T12:55:00Z

value	0.40547
scoring_system	epss
scoring_elements	0.97345
published_at	2026-04-07T12:55:00Z

value	0.40547
scoring_system	epss
scoring_elements	0.97352
published_at	2026-04-09T12:55:00Z

value	0.40547
scoring_system	epss
scoring_elements	0.97369
published_at	2026-04-24T12:55:00Z

value	0.40547
scoring_system	epss
scoring_elements	0.97367
published_at	2026-04-18T12:55:00Z

value	0.40547
scoring_system	epss
scoring_elements	0.97365
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35728

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35728
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35728

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/FasterXML/jackson-databind

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind

reference_url

https://github.com/FasterXML/jackson-databind/commit/1ca0388c2fb37ac6a06f1c188ae89c41e3e15e84

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/1ca0388c2fb37ac6a06f1c188ae89c41e3e15e84

reference_url

https://github.com/FasterXML/jackson-databind/issues/2999

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/

url

https://github.com/FasterXML/jackson-databind/issues/2999

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

https://security.netapp.com/advisory/ntap-20210129-0007

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210129-0007

reference_url

https://security.netapp.com/advisory/ntap-20210129-0007/

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/

url

https://security.netapp.com/advisory/ntap-20210129-0007/

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1911502
reference_id	1911502
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1911502

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-35728

reference_id

CVE-2020-35728

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-35728

reference_url

https://github.com/advisories/GHSA-5r5r-6hpj-8gg9

reference_id

GHSA-5r5r-6hpj-8gg9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5r5r-6hpj-8gg9

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

fixed_packages

url	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%3Fdistro=trixie

url pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cup-9gdn-yyhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0-1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0%252Bds-1%3Fdistro=trixie

aliases CVE-2020-35728, GHSA-5r5r-6hpj-8gg9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ukwd-7rkh-sfhj

url VCID-wds4-urpb-euby

vulnerability_id VCID-wds4-urpb-euby

summary

Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36186.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36186.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36186

reference_id

reference_type

scores

value	0.02413
scoring_system	epss
scoring_elements	0.85129
published_at	2026-04-18T12:55:00Z

value	0.02413
scoring_system	epss
scoring_elements	0.85126
published_at	2026-04-21T12:55:00Z

value	0.02413
scoring_system	epss
scoring_elements	0.85044
published_at	2026-04-02T12:55:00Z

value	0.02413
scoring_system	epss
scoring_elements	0.85031
published_at	2026-04-01T12:55:00Z

value	0.02413
scoring_system	epss
scoring_elements	0.85105
published_at	2026-04-13T12:55:00Z

value	0.02413
scoring_system	epss
scoring_elements	0.85108
published_at	2026-04-12T12:55:00Z

value	0.02413
scoring_system	epss
scoring_elements	0.8511
published_at	2026-04-11T12:55:00Z

value	0.02413
scoring_system	epss
scoring_elements	0.85094
published_at	2026-04-09T12:55:00Z

value	0.02413
scoring_system	epss
scoring_elements	0.85087
published_at	2026-04-08T12:55:00Z

value	0.02413
scoring_system	epss
scoring_elements	0.85065
published_at	2026-04-07T12:55:00Z

value	0.02413
scoring_system	epss
scoring_elements	0.85061
published_at	2026-04-04T12:55:00Z

value	0.02422
scoring_system	epss
scoring_elements	0.85177
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36186

reference_url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36186
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36186

reference_url

https://github.com/FasterXML/jackson-databind

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind

reference_url

https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1

reference_url

https://github.com/FasterXML/jackson-databind/issues/2997

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2997

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_url	https://security.netapp.com/advisory/ntap-20210205-0005/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210205-0005/

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1913931
reference_id	1913931
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1913931

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-36186

reference_id

CVE-2020-36186

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-36186

reference_url

https://github.com/advisories/GHSA-v585-23hc-c647

reference_id

GHSA-v585-23hc-c647

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v585-23hc-c647

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

fixed_packages

url	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%3Fdistro=trixie

url pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cup-9gdn-yyhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0-1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0%252Bds-1%3Fdistro=trixie

aliases CVE-2020-36186, GHSA-v585-23hc-c647

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wds4-urpb-euby

url VCID-yp37-9z2d-akaj

vulnerability_id VCID-yp37-9z2d-akaj

summary

Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36180.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36180.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36180

reference_id

reference_type

scores

value	0.02715
scoring_system	epss
scoring_elements	0.85855
published_at	2026-04-01T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85884
published_at	2026-04-04T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85867
published_at	2026-04-02T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85945
published_at	2026-04-18T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85941
published_at	2026-04-16T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85922
published_at	2026-04-13T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85928
published_at	2026-04-12T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85931
published_at	2026-04-11T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85916
published_at	2026-04-09T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85906
published_at	2026-04-08T12:55:00Z

value	0.02715
scoring_system	epss
scoring_elements	0.85888
published_at	2026-04-07T12:55:00Z

value	0.02725
scoring_system	epss
scoring_elements	0.85975
published_at	2026-04-24T12:55:00Z

value	0.0295
scoring_system	epss
scoring_elements	0.86474
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36180

reference_url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/

url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36180
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36180

reference_url

https://github.com/FasterXML/jackson-databind

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind

reference_url

https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b

reference_url

https://github.com/FasterXML/jackson-databind/issues/3004

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/

url

https://github.com/FasterXML/jackson-databind/issues/3004

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_url

https://security.netapp.com/advisory/ntap-20210205-0005/

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/

url

https://security.netapp.com/advisory/ntap-20210205-0005/

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1913872
reference_id	1913872
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1913872

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-36180

reference_id

CVE-2020-36180

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-36180

reference_url

https://github.com/advisories/GHSA-8c4j-34r4-xr8g

reference_id

GHSA-8c4j-34r4-xr8g

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8c4j-34r4-xr8g

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

fixed_packages

url	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%3Fdistro=trixie

url pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cup-9gdn-yyhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0-1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0%252Bds-1%3Fdistro=trixie

aliases CVE-2020-36180, GHSA-8c4j-34r4-xr8g

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yp37-9z2d-akaj

url VCID-ypbt-p34k-hfbc

vulnerability_id VCID-ypbt-p34k-hfbc

summary

Serialization gadgets exploit in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35490.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35490.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35490

reference_id

reference_type

scores

value	0.03916
scoring_system	epss
scoring_elements	0.88331
published_at	2026-04-24T12:55:00Z

value	0.03916
scoring_system	epss
scoring_elements	0.88313
published_at	2026-04-21T12:55:00Z

value	0.03916
scoring_system	epss
scoring_elements	0.88314
published_at	2026-04-18T12:55:00Z

value	0.03916
scoring_system	epss
scoring_elements	0.88317
published_at	2026-04-16T12:55:00Z

value	0.03916
scoring_system	epss
scoring_elements	0.88303
published_at	2026-04-13T12:55:00Z

value	0.03916
scoring_system	epss
scoring_elements	0.88311
published_at	2026-04-11T12:55:00Z

value	0.03916
scoring_system	epss
scoring_elements	0.88301
published_at	2026-04-09T12:55:00Z

value	0.03916
scoring_system	epss
scoring_elements	0.88295
published_at	2026-04-08T12:55:00Z

value	0.03916
scoring_system	epss
scoring_elements	0.88275
published_at	2026-04-07T12:55:00Z

value	0.03916
scoring_system	epss
scoring_elements	0.8827
published_at	2026-04-04T12:55:00Z

value	0.03916
scoring_system	epss
scoring_elements	0.88247
published_at	2026-04-01T12:55:00Z

value	0.03916
scoring_system	epss
scoring_elements	0.88254
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35490

reference_url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35490
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35490

reference_url

https://github.com/FasterXML/jackson-databind

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind

reference_url

https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d

reference_url

https://github.com/FasterXML/jackson-databind/issues/2986

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2986

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-35490

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-35490

reference_url

https://security.netapp.com/advisory/ntap-20210122-0005

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210122-0005

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1909266
reference_id	1909266
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1909266

reference_url

https://github.com/advisories/GHSA-wh8g-3j2c-rqj5

reference_id

GHSA-wh8g-3j2c-rqj5

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wh8g-3j2c-rqj5

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

fixed_packages

url	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%3Fdistro=trixie

url pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cup-9gdn-yyhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0-1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0%252Bds-1%3Fdistro=trixie

aliases CVE-2020-35490, GHSA-wh8g-3j2c-rqj5

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ypbt-p34k-hfbc

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%3Fdistro=trixie

Package Instance