Search for packages
| purl | pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-4an1-3hs5-3yd6 | Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. |
CVE-2020-36183
GHSA-9m6f-7xcq-8vf8 |
| VCID-4vx2-s262-ckbp | Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`. |
CVE-2020-36188
GHSA-f9xh-2qgp-cq57 |
| VCID-5te6-415m-c7df | Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. |
CVE-2020-24750
GHSA-qjw2-hr98-qgfh |
| VCID-7qga-wsz6-kqcn | Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. |
CVE-2020-36182
GHSA-89qr-369f-5m5x |
| VCID-8ns6-kacn-dkeg | Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource. |
CVE-2020-36189
GHSA-vfqx-33qm-g869 |
| VCID-cytp-mr4h-g3ds | Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. |
CVE-2020-36184
GHSA-m6x4-97wx-4q27 |
| VCID-ec58-s3nd-7yaz | Deserialization of untrusted data in jackson-databind A flaw was found in jackson-databind before 2.9.10.7 and 2.6.7.5. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
CVE-2021-20190
GHSA-5949-rw7g-wx7w |
| VCID-gtzx-y5f1-vye3 | Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`. |
CVE-2020-36181
GHSA-cvm9-fjm9-3572 |
| VCID-hwnx-vf4v-f3db | Code Injection in jackson-databind This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). |
CVE-2020-24616
GHSA-h3cw-g4mq-c5x2 |
| VCID-jcgb-bewy-4kff | Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`. |
CVE-2020-36185
GHSA-8w26-6f25-cm9x |
| VCID-swqd-uk56-wkat | Serialization gadgets exploit in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. |
CVE-2020-35491
GHSA-r3gr-cxrf-hg25 |
| VCID-u87p-2xgz-e3fj | Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. |
CVE-2020-36187
GHSA-r695-7vr9-jgc2 |
| VCID-uhnv-3cny-qkgx | Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`. |
CVE-2020-36179
GHSA-9gph-22xh-8x98 |
| VCID-ukwd-7rkh-sfhj | Deserialization of Untrusted Data FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). |
CVE-2020-35728
GHSA-5r5r-6hpj-8gg9 |
| VCID-wds4-urpb-euby | Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`. |
CVE-2020-36186
GHSA-v585-23hc-c647 |
| VCID-yp37-9z2d-akaj | Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS. |
CVE-2020-36180
GHSA-8c4j-34r4-xr8g |
| VCID-ypbt-p34k-hfbc | Serialization gadgets exploit in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. |
CVE-2020-35490
GHSA-wh8g-3j2c-rqj5 |