VulnerableCode Package Details - pkg:deb/debian/jackson-databind@2.13.2.2-1?distro=trixie

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/jackson-databind@2.13.2.2-1?distro=trixie

purl	pkg:deb/debian/jackson-databind@2.13.2.2-1?distro=trixie

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-2cup-9gdn-yyhk	jackson-databind possible Denial of Service if using JDK serialization to serialize JsonNode jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.	CVE-2021-46877 GHSA-3x8x-79m2-3w2w
VCID-v6ek-y7cn-kycd	Uncontrolled Resource Consumption jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.	CVE-2020-36518 GHSA-57j2-w4cx-62h2

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:47:32.952705+00:00	Debian Importer	Fixing	VCID-v6ek-y7cn-kycd	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:02:34.463062+00:00	Debian Importer	Fixing	VCID-v6ek-y7cn-kycd	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:27:47.913276+00:00	Debian Importer	Fixing	VCID-2cup-9gdn-yyhk	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:27:47.701194+00:00	Debian Importer	Fixing	VCID-v6ek-y7cn-kycd	https://security-tracker.debian.org/tracker/data/json	38.1.0