Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-r92s-4m4x-dqc7
Summary
Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
Aliases
0
alias CVE-2020-36183
1
alias GHSA-9m6f-7xcq-8vf8
Fixed_packages
0
url pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
purl pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%3Fdistro=trixie
1
url pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2841-dnfz-2qgm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
purl pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0-1%3Fdistro=trixie
3
url pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
purl pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0%252Bds-1%3Fdistro=trixie
4
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-88hx-kauy-4fcy
2
vulnerability VCID-8ec9-5qt4-duat
3
vulnerability VCID-8htk-33f4-4ufg
4
vulnerability VCID-auzw-j1fc-jff8
5
vulnerability VCID-cnns-pjex-4ybt
6
vulnerability VCID-ez2q-xgz1-rkab
7
vulnerability VCID-kdkp-1ucy-w3g1
8
vulnerability VCID-m3y5-xa6w-83b6
9
vulnerability VCID-qx3m-tcqj-ukc2
10
vulnerability VCID-tfky-edec-13gw
11
vulnerability VCID-uzry-ts4t-fbc8
12
vulnerability VCID-vnh3-bvyq-13d6
13
vulnerability VCID-vqke-p81x-sffn
14
vulnerability VCID-w7nq-y9sx-nfcc
15
vulnerability VCID-zm3q-aquc-pqg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
5
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
Affected_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.0.0
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uan-q6u8-affj
1
vulnerability VCID-4mtm-6bjh-7ka1
2
vulnerability VCID-5887-pcyq-nkht
3
vulnerability VCID-58n5-hqdf-xff2
4
vulnerability VCID-62jb-3d7y-y7ae
5
vulnerability VCID-7pd3-dre3-wug9
6
vulnerability VCID-7svn-u8ub-4faw
7
vulnerability VCID-88hx-kauy-4fcy
8
vulnerability VCID-8ec9-5qt4-duat
9
vulnerability VCID-8htk-33f4-4ufg
10
vulnerability VCID-8kwc-sxvr-skgp
11
vulnerability VCID-auzw-j1fc-jff8
12
vulnerability VCID-cnns-pjex-4ybt
13
vulnerability VCID-d6ez-jva8-hyag
14
vulnerability VCID-ez2q-xgz1-rkab
15
vulnerability VCID-fjz8-msfe-27hv
16
vulnerability VCID-fkct-tzwg-mkh8
17
vulnerability VCID-fqzk-v2gt-s7am
18
vulnerability VCID-h324-unyb-sbac
19
vulnerability VCID-jrfy-e6wv-1kbc
20
vulnerability VCID-kdkp-1ucy-w3g1
21
vulnerability VCID-m3y5-xa6w-83b6
22
vulnerability VCID-nz1v-4hgs-6yge
23
vulnerability VCID-p52x-ese3-qkha
24
vulnerability VCID-qx3m-tcqj-ukc2
25
vulnerability VCID-r92s-4m4x-dqc7
26
vulnerability VCID-rfqz-nf3z-v3a3
27
vulnerability VCID-rg7k-kaxv-2ubx
28
vulnerability VCID-t4kd-zjrn-kueu
29
vulnerability VCID-t79w-jeyp-suaw
30
vulnerability VCID-tfky-edec-13gw
31
vulnerability VCID-ujnp-2f3v-s3h3
32
vulnerability VCID-uzry-ts4t-fbc8
33
vulnerability VCID-vnh3-bvyq-13d6
34
vulnerability VCID-vqke-p81x-sffn
35
vulnerability VCID-w7nq-y9sx-nfcc
36
vulnerability VCID-wqg8-5kwe-vuem
37
vulnerability VCID-xqz3-k7ts-juck
38
vulnerability VCID-zm3q-aquc-pqg7
39
vulnerability VCID-zvn3-zvr5-buhg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.0.0
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.00
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.00
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r92s-4m4x-dqc7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.00
2
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.0
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18u1-9nc1-2feh
1
vulnerability VCID-1uan-q6u8-affj
2
vulnerability VCID-2uzw-pn14-p7a1
3
vulnerability VCID-39mg-y1k8-xbf9
4
vulnerability VCID-4r6g-jwvd-1ke5
5
vulnerability VCID-4x8s-rj62-tqca
6
vulnerability VCID-62jb-3d7y-y7ae
7
vulnerability VCID-7pd3-dre3-wug9
8
vulnerability VCID-7svn-u8ub-4faw
9
vulnerability VCID-88hx-kauy-4fcy
10
vulnerability VCID-8ec9-5qt4-duat
11
vulnerability VCID-8htk-33f4-4ufg
12
vulnerability VCID-8mns-fyju-dqdr
13
vulnerability VCID-auzw-j1fc-jff8
14
vulnerability VCID-cnns-pjex-4ybt
15
vulnerability VCID-d6ez-jva8-hyag
16
vulnerability VCID-ez2q-xgz1-rkab
17
vulnerability VCID-fjz8-msfe-27hv
18
vulnerability VCID-fqzk-v2gt-s7am
19
vulnerability VCID-h324-unyb-sbac
20
vulnerability VCID-j1pk-ygx5-5bfd
21
vulnerability VCID-jrfy-e6wv-1kbc
22
vulnerability VCID-kdkp-1ucy-w3g1
23
vulnerability VCID-m3y5-xa6w-83b6
24
vulnerability VCID-p52x-ese3-qkha
25
vulnerability VCID-qx3m-tcqj-ukc2
26
vulnerability VCID-r92s-4m4x-dqc7
27
vulnerability VCID-rfqz-nf3z-v3a3
28
vulnerability VCID-rg7k-kaxv-2ubx
29
vulnerability VCID-s61k-e43h-13b5
30
vulnerability VCID-t4kd-zjrn-kueu
31
vulnerability VCID-t79w-jeyp-suaw
32
vulnerability VCID-tfky-edec-13gw
33
vulnerability VCID-u37s-5nn4-wqbx
34
vulnerability VCID-ujnp-2f3v-s3h3
35
vulnerability VCID-uzry-ts4t-fbc8
36
vulnerability VCID-vnh3-bvyq-13d6
37
vulnerability VCID-vqke-p81x-sffn
38
vulnerability VCID-w7nq-y9sx-nfcc
39
vulnerability VCID-wqg8-5kwe-vuem
40
vulnerability VCID-zbfc-s76k-gfgv
41
vulnerability VCID-zm3q-aquc-pqg7
42
vulnerability VCID-zvn3-zvr5-buhg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.0
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36183.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36183.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36183
reference_id
reference_type
scores
0
value 0.02241
scoring_system epss
scoring_elements 0.8489
published_at 2026-06-05T12:55:00Z
1
value 0.02241
scoring_system epss
scoring_elements 0.84867
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36183
2
reference_url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36183
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36183
4
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind
5
reference_url https://github.com/FasterXML/jackson-databind/commit/12e23c962ffb4cf1857c5461d72ae54cc8008f29
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/commit/12e23c962ffb4cf1857c5461d72ae54cc8008f29
6
reference_url https://github.com/FasterXML/jackson-databind/issues/3003
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FasterXML/jackson-databind/issues/3003
7
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
8
reference_url https://security.netapp.com/advisory/ntap-20210205-0005
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210205-0005
9
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
10
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
11
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
12
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
13
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
14
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1913927
reference_id 1913927
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1913927
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36183
reference_id CVE-2020-36183
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36183
17
reference_url https://github.com/advisories/GHSA-9m6f-7xcq-8vf8
reference_id GHSA-9m6f-7xcq-8vf8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9m6f-7xcq-8vf8
18
reference_url https://access.redhat.com/errata/RHSA-2021:1230
reference_id RHSA-2021:1230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1230
19
reference_url https://access.redhat.com/errata/RHSA-2021:1515
reference_id RHSA-2021:1515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1515
Weaknesses
0
cwe_id 502
name Deserialization of Untrusted Data
description The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-r92s-4m4x-dqc7