VulnerableCode Package Details - pkg:deb/debian/jackson-databind@2.11.1-1?distro=trixie

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/jackson-databind@2.11.1-1?distro=trixie

Essentials
History (57)

purl	pkg:deb/debian/jackson-databind@2.11.1-1?distro=trixie

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (19)

Vulnerability	Summary	Aliases
VCID-2qzn-mkhg-1qh3	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).	CVE-2020-11111 GHSA-v3xw-c963-f5hc
VCID-3qjf-azsa-fbek	Deserialization of untrusted data in Jackson Databind FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).	CVE-2020-14060 GHSA-j823-4qch-3rgm
VCID-3wa1-khqf-x7fv	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).	CVE-2020-10968 GHSA-rf6r-2c4q-2vwg
VCID-5qfd-jjh1-d3fx	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).	CVE-2020-10673 GHSA-fqwf-pjwf-7vqv
VCID-8h7y-y4pv-cyd3	jackson-databind vulnerable to unsafe deserialization The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.	CVE-2020-10650 GHSA-rpr3-cw39-3pxh GMS-2022-2955
VCID-9qdt-7p83-4yd8	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.	CVE-2020-10969 GHSA-758m-v56v-grj4
VCID-a5sk-5grx-eyaf	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).	CVE-2020-11619 GHSA-27xj-rqx5-2255
VCID-bydt-bkf4-rbh2	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).	CVE-2020-9546 GHSA-5p34-5m6p-p58g
VCID-jvp6-892x-nkc7	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).	CVE-2020-9548 GHSA-p43x-xfjf-5jhr
VCID-pnt3-1ssq-tqau	Deserialization of untrusted data in Jackson Databind FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).	CVE-2020-14061 GHSA-c2q3-4qrh-fm48
VCID-ruae-hqdg-m7ek	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4, 2.8.11.6, and 2.7.9.7 mishandles the interaction between serialization gadgets and typing, related to `com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig` (aka `ibatis-sqlmap`).	CVE-2020-9547 GHSA-q93h-jc49-78gg
VCID-tkej-jh51-s7g5	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).	CVE-2020-11112 GHSA-58pp-9c76-5625
VCID-twvp-wxff-zka2	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).	CVE-2020-11113 GHSA-9vvp-fxw6-jcxr
VCID-uygc-h93v-vuh8	Deserialization of untrusted data in Jackson Databind FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).	CVE-2020-14062 GHSA-c265-37vj-cwcc
VCID-w51e-ntqd-8bbg	XML External Entity (XXE) Injection in Jackson Databind A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.	CVE-2020-25649 GHSA-288c-cq4h-88gq
VCID-wdgx-34uc-2qa4	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).	CVE-2020-10672 GHSA-95cm-88f5-f2c7
VCID-x4fr-ena4-47fe	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).	CVE-2020-11620 GHSA-h4rc-386g-6m85
VCID-xnyb-nuwm-pkdr	Deserialization of Untrusted Data in jackson-databind FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.	CVE-2020-8840 GHSA-4w82-r329-3q67
VCID-ze79-6kcg-nfcp	Deserialization of untrusted data in Jackson Databind FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).	CVE-2020-14195 GHSA-mc6h-4qgp-37qh

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:26:56.957942+00:00	Debian Importer	Fixing	VCID-ze79-6kcg-nfcp	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T13:19:40.835330+00:00	Debian Importer	Fixing	VCID-twvp-wxff-zka2	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:54:40.846909+00:00	Debian Importer	Fixing	VCID-xnyb-nuwm-pkdr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:49:54.434522+00:00	Debian Importer	Fixing	VCID-2qzn-mkhg-1qh3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:27:21.889248+00:00	Debian Importer	Fixing	VCID-x4fr-ena4-47fe	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:00:43.977820+00:00	Debian Importer	Fixing	VCID-pnt3-1ssq-tqau	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:57:22.225477+00:00	Debian Importer	Fixing	VCID-w51e-ntqd-8bbg	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:36:07.773914+00:00	Debian Importer	Fixing	VCID-wdgx-34uc-2qa4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:28:15.977514+00:00	Debian Importer	Fixing	VCID-8h7y-y4pv-cyd3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:22:29.981817+00:00	Debian Importer	Fixing	VCID-jvp6-892x-nkc7	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:11:04.950603+00:00	Debian Importer	Fixing	VCID-uygc-h93v-vuh8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:08:20.142681+00:00	Debian Importer	Fixing	VCID-bydt-bkf4-rbh2	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:49:17.665948+00:00	Debian Importer	Fixing	VCID-9qdt-7p83-4yd8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:33:48.442919+00:00	Debian Importer	Fixing	VCID-3qjf-azsa-fbek	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:31:37.612943+00:00	Debian Importer	Fixing	VCID-tkej-jh51-s7g5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:11:32.185700+00:00	Debian Importer	Fixing	VCID-a5sk-5grx-eyaf	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:58:43.133006+00:00	Debian Importer	Fixing	VCID-3wa1-khqf-x7fv	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:51:55.069787+00:00	Debian Importer	Fixing	VCID-5qfd-jjh1-d3fx	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:38:42.432632+00:00	Debian Importer	Fixing	VCID-ruae-hqdg-m7ek	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:16:45.481836+00:00	Debian Importer	Fixing	VCID-ze79-6kcg-nfcp	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T09:11:03.739138+00:00	Debian Importer	Fixing	VCID-twvp-wxff-zka2	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:51:52.730334+00:00	Debian Importer	Fixing	VCID-xnyb-nuwm-pkdr	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:48:19.984256+00:00	Debian Importer	Fixing	VCID-2qzn-mkhg-1qh3	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:31:33.420406+00:00	Debian Importer	Fixing	VCID-x4fr-ena4-47fe	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:12:12.886228+00:00	Debian Importer	Fixing	VCID-pnt3-1ssq-tqau	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:09:43.405999+00:00	Debian Importer	Fixing	VCID-w51e-ntqd-8bbg	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:54:33.621970+00:00	Debian Importer	Fixing	VCID-wdgx-34uc-2qa4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:49:00.586054+00:00	Debian Importer	Fixing	VCID-8h7y-y4pv-cyd3	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:44:43.490592+00:00	Debian Importer	Fixing	VCID-jvp6-892x-nkc7	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:36:10.310826+00:00	Debian Importer	Fixing	VCID-uygc-h93v-vuh8	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:34:08.360839+00:00	Debian Importer	Fixing	VCID-bydt-bkf4-rbh2	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:19:31.492688+00:00	Debian Importer	Fixing	VCID-9qdt-7p83-4yd8	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:08:03.532497+00:00	Debian Importer	Fixing	VCID-3qjf-azsa-fbek	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:21:07.587111+00:00	Debian Importer	Fixing	VCID-tkej-jh51-s7g5	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:09:06.039971+00:00	Debian Importer	Fixing	VCID-a5sk-5grx-eyaf	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:01:19.530738+00:00	Debian Importer	Fixing	VCID-3wa1-khqf-x7fv	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:57:11.364384+00:00	Debian Importer	Fixing	VCID-5qfd-jjh1-d3fx	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:48:46.058109+00:00	Debian Importer	Fixing	VCID-ruae-hqdg-m7ek	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:27:47.838734+00:00	Debian Importer	Fixing	VCID-jvp6-892x-nkc7	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:27:47.804480+00:00	Debian Importer	Fixing	VCID-ruae-hqdg-m7ek	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:27:47.770817+00:00	Debian Importer	Fixing	VCID-bydt-bkf4-rbh2	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:27:47.737358+00:00	Debian Importer	Fixing	VCID-xnyb-nuwm-pkdr	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:27:47.172529+00:00	Debian Importer	Fixing	VCID-w51e-ntqd-8bbg	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:27:47.064541+00:00	Debian Importer	Fixing	VCID-ze79-6kcg-nfcp	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:27:47.029662+00:00	Debian Importer	Fixing	VCID-uygc-h93v-vuh8	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:27:46.995997+00:00	Debian Importer	Fixing	VCID-pnt3-1ssq-tqau	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:27:46.962596+00:00	Debian Importer	Fixing	VCID-3qjf-azsa-fbek	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:27:46.929289+00:00	Debian Importer	Fixing	VCID-x4fr-ena4-47fe	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:27:46.895198+00:00	Debian Importer	Fixing	VCID-a5sk-5grx-eyaf	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:27:46.861016+00:00	Debian Importer	Fixing	VCID-twvp-wxff-zka2	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:27:46.827112+00:00	Debian Importer	Fixing	VCID-tkej-jh51-s7g5	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:27:46.792775+00:00	Debian Importer	Fixing	VCID-2qzn-mkhg-1qh3	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:27:46.758461+00:00	Debian Importer	Fixing	VCID-9qdt-7p83-4yd8	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:27:46.724157+00:00	Debian Importer	Fixing	VCID-3wa1-khqf-x7fv	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:27:46.689602+00:00	Debian Importer	Fixing	VCID-5qfd-jjh1-d3fx	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:27:46.655558+00:00	Debian Importer	Fixing	VCID-wdgx-34uc-2qa4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:27:46.620897+00:00	Debian Importer	Fixing	VCID-8h7y-y4pv-cyd3	https://security-tracker.debian.org/tracker/data/json	38.1.0