VulnerableCode Package Details - pkg:deb/debian/jackson-databind@2.10.0-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-bypv-wfhs-sbe4	Polymorphic Typing issue in FasterXML jackson-databind A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10, 2.8.11.5, and 2.6.7.3. It is related to `com.zaxxer.hikari.HikariConfig`.	CVE-2019-14540 GHSA-h822-r4r5-v8jg
VCID-jx9y-fyfm-bqdr	Polymorphic Typing issue in FasterXML jackson-databind A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10, 2.8.11.5, and 2.6.7.3. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.	CVE-2019-16335 GHSA-85cw-hj65-qqv9
VCID-svkb-adja-qfef	Improper Input Validation in jackson-databind A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10 and 2.8.11.5. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.	CVE-2019-17267 GHSA-f3j5-rmmp-3fc5
VCID-tm7y-tnx3-43dq	Polymorphic deserialization of malicious object in jackson-databind A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.	CVE-2019-14893 GHSA-qmqc-x3r4-6v39
VCID-x8c2-2u1w-yyfn	Polymorphic deserialization of malicious object in jackson-databind A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5, and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.	CVE-2019-14892 GHSA-cf6r-3wgc-h863

Vulnerability

Summary

Aliases

VCID-bypv-wfhs-sbe4

Polymorphic Typing issue in FasterXML jackson-databind A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10, 2.8.11.5, and 2.6.7.3. It is related to `com.zaxxer.hikari.HikariConfig`.

CVE-2019-14540
GHSA-h822-r4r5-v8jg

VCID-jx9y-fyfm-bqdr

CVE-2019-16335
GHSA-85cw-hj65-qqv9

VCID-svkb-adja-qfef

Improper Input Validation in jackson-databind A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10 and 2.8.11.5. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.

CVE-2019-17267
GHSA-f3j5-rmmp-3fc5

VCID-tm7y-tnx3-43dq

Polymorphic deserialization of malicious object in jackson-databind A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.

CVE-2019-14893
GHSA-qmqc-x3r4-6v39

VCID-x8c2-2u1w-yyfn

Polymorphic deserialization of malicious object in jackson-databind A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5, and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.

CVE-2019-14892
GHSA-cf6r-3wgc-h863

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:08:45.574139+00:00	Debian Importer	Fixing	VCID-tm7y-tnx3-43dq	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:40:21.362282+00:00	Debian Importer	Fixing	VCID-jx9y-fyfm-bqdr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:04:33.913067+00:00	Debian Importer	Fixing	VCID-x8c2-2u1w-yyfn	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:27:03.865344+00:00	Debian Importer	Fixing	VCID-bypv-wfhs-sbe4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:59:45.354761+00:00	Debian Importer	Fixing	VCID-svkb-adja-qfef	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:02:33.891734+00:00	Debian Importer	Fixing	VCID-tm7y-tnx3-43dq	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:41:07.481227+00:00	Debian Importer	Fixing	VCID-jx9y-fyfm-bqdr	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:45:40.441490+00:00	Debian Importer	Fixing	VCID-x8c2-2u1w-yyfn	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:18:19.055726+00:00	Debian Importer	Fixing	VCID-bypv-wfhs-sbe4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:01:56.574419+00:00	Debian Importer	Fixing	VCID-svkb-adja-qfef	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:27:46.517390+00:00	Debian Importer	Fixing	VCID-svkb-adja-qfef	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:27:46.396858+00:00	Debian Importer	Fixing	VCID-jx9y-fyfm-bqdr	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:27:46.359003+00:00	Debian Importer	Fixing	VCID-tm7y-tnx3-43dq	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:27:46.324334+00:00	Debian Importer	Fixing	VCID-x8c2-2u1w-yyfn	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:27:46.286809+00:00	Debian Importer	Fixing	VCID-bypv-wfhs-sbe4	https://security-tracker.debian.org/tracker/data/json	38.1.0