VulnerableCode Package Details - pkg:deb/debian/jackson-databind@2.10.0-2?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-8tmq-zbmb-m7h4	jackson-databind polymorphic typing issue A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.	CVE-2019-16943 GHSA-fmmc-742q-jg75
VCID-avut-gmwd-jqfp	Polymorphic Typing in FasterXML jackson-databind A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.	CVE-2019-16942 GHSA-mx7p-6679-8g3q

Vulnerability

Summary

Aliases

VCID-8tmq-zbmb-m7h4

jackson-databind polymorphic typing issue A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.

CVE-2019-16943
GHSA-fmmc-742q-jg75

VCID-avut-gmwd-jqfp

Polymorphic Typing in FasterXML jackson-databind A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.

CVE-2019-16942
GHSA-mx7p-6679-8g3q

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:43:53.480347+00:00	Debian Importer	Fixing	VCID-avut-gmwd-jqfp	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:46:08.240622+00:00	Debian Importer	Fixing	VCID-8tmq-zbmb-m7h4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:43:47.708229+00:00	Debian Importer	Fixing	VCID-avut-gmwd-jqfp	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:01:31.184519+00:00	Debian Importer	Fixing	VCID-8tmq-zbmb-m7h4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:27:46.480142+00:00	Debian Importer	Fixing	VCID-8tmq-zbmb-m7h4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:27:46.439440+00:00	Debian Importer	Fixing	VCID-avut-gmwd-jqfp	https://security-tracker.debian.org/tracker/data/json	38.1.0