Search for packages
| purl | pkg:deb/debian/jackson-databind@2.9.4-1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-bc2x-rwrd-tya6 | FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath. |
CVE-2017-17485
GHSA-rfx6-vp9g-rh7v |
| VCID-unwq-s63h-uuaw | FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist. |
CVE-2018-5968
GHSA-w3f4-3q6j-rh82 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T10:59:14.854512+00:00 | Debian Importer | Fixing | VCID-bc2x-rwrd-tya6 | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-16T09:27:23.928515+00:00 | Debian Importer | Fixing | VCID-unwq-s63h-uuaw | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-13T07:27:17.425927+00:00 | Debian Importer | Fixing | VCID-bc2x-rwrd-tya6 | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-11T18:18:29.945622+00:00 | Debian Importer | Fixing | VCID-unwq-s63h-uuaw | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-03T07:27:45.994936+00:00 | Debian Importer | Fixing | VCID-unwq-s63h-uuaw | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-03T07:27:45.571702+00:00 | Debian Importer | Fixing | VCID-bc2x-rwrd-tya6 | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |