VulnerableCode Package Details - pkg:deb/debian/jackson-databind@2.10.1-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-16af-yv1z-xufy	jackson-databind polymorphic typing issue A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.	CVE-2019-17531 GHSA-gjmw-vf9h-g25v
VCID-96pq-m4f3-zbad	Deserialization of Untrusted Data in jackson-databind FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.	CVE-2019-20330 GHSA-gww7-p5w4-wrfv

Vulnerability

Summary

Aliases

VCID-16af-yv1z-xufy

jackson-databind polymorphic typing issue A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.

CVE-2019-17531
GHSA-gjmw-vf9h-g25v

VCID-96pq-m4f3-zbad

Deserialization of Untrusted Data in jackson-databind FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.

CVE-2019-20330
GHSA-gww7-p5w4-wrfv

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T10:00:04.604287+00:00	Debian Importer	Fixing	VCID-96pq-m4f3-zbad	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:59:03.759339+00:00	Debian Importer	Fixing	VCID-16af-yv1z-xufy	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T06:42:14.628665+00:00	Debian Importer	Fixing	VCID-96pq-m4f3-zbad	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:01:32.331516+00:00	Debian Importer	Fixing	VCID-16af-yv1z-xufy	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:27:46.585783+00:00	Debian Importer	Fixing	VCID-96pq-m4f3-zbad	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:27:46.552113+00:00	Debian Importer	Fixing	VCID-16af-yv1z-xufy	https://security-tracker.debian.org/tracker/data/json	38.1.0