Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/jackson-databind@2.9.8-1?distro=trixie
purl pkg:deb/debian/jackson-databind@2.9.8-1?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (10)
Vulnerability Summary Aliases
VCID-2x39-rsxh-rkgw Deserialization of Untrusted Data FasterXML jackson-databind might allow attackers to have unspecified impact by leveraging failure to block the `jboss-common-core` class from polymorphic deserialization. CVE-2018-19362
GHSA-c8hm-7hpq-7jhg
VCID-5r6v-ej7d-ubgv An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. CVE-2018-12022
GHSA-cjjf-94ff-43w7
VCID-6zee-aqcc-vfbp An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6. CVE-2018-11307
GHSA-qr7j-h6gg-jmgc
VCID-75mz-c1ds-vqed Deserialization of Untrusted Data FasterXML jackson-databind might allow remote attackers to execute arbitrary code by leveraging failure to block the `slf4j-ext` class from polymorphic deserialization. CVE-2018-14718
GHSA-645p-88qh-w398
VCID-fafy-ugq3-cfbn Server-Side Request Forgery (SSRF) FasterXML jackson-databind might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the `axis2-jaxws` class from polymorphic deserialization. CVE-2018-14721
GHSA-9mxf-g3x6-wv74
VCID-g6up-yqg8-nbep Deserialization of Untrusted Data FasterXML jackson-databind might allow remote attackers to execute arbitrary code by leveraging failure to block the `blaze-ds-opt` and `blaze-ds-core` classes from polymorphic deserialization. CVE-2018-14719
GHSA-4gq5-ch57-c2mg
VCID-g8gt-d7gz-13e6 Deserialization of Untrusted Data FasterXML jackson-databind might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. CVE-2018-19360
GHSA-f9hv-mg5h-xcw9
VCID-m7jp-7n22-4qg8 Deserialization of Untrusted Data FasterXML jackson-databind might allow attackers to have unspecified impact by leveraging failure to block the `openjpa` class from polymorphic deserialization. CVE-2018-19361
GHSA-mx9v-gmh4-mgqw
VCID-sw29-epz3-g7ep Improper Restriction of XML External Entity Reference FasterXML jackson-databind might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. CVE-2018-14720
GHSA-x2w5-5m2g-7h5m
VCID-zdwv-ycey-myfc An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. CVE-2018-12023
GHSA-6wqp-v4v6-c87c

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T13:21:23.392184+00:00 Debian Importer Fixing VCID-m7jp-7n22-4qg8 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T13:21:23.148050+00:00 Debian Importer Fixing VCID-6zee-aqcc-vfbp https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T13:14:02.369986+00:00 Debian Importer Fixing VCID-2x39-rsxh-rkgw https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:38:23.764635+00:00 Debian Importer Fixing VCID-fafy-ugq3-cfbn https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:32:43.928332+00:00 Debian Importer Fixing VCID-75mz-c1ds-vqed https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:01:41.093086+00:00 Debian Importer Fixing VCID-zdwv-ycey-myfc https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:17:48.853248+00:00 Debian Importer Fixing VCID-g8gt-d7gz-13e6 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:31:38.544512+00:00 Debian Importer Fixing VCID-g6up-yqg8-nbep https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:12:32.575977+00:00 Debian Importer Fixing VCID-5r6v-ej7d-ubgv https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:41:17.661689+00:00 Debian Importer Fixing VCID-sw29-epz3-g7ep https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T09:12:25.437165+00:00 Debian Importer Fixing VCID-m7jp-7n22-4qg8 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T09:12:25.253863+00:00 Debian Importer Fixing VCID-6zee-aqcc-vfbp https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T09:06:41.160227+00:00 Debian Importer Fixing VCID-2x39-rsxh-rkgw https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:39:39.321589+00:00 Debian Importer Fixing VCID-fafy-ugq3-cfbn https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:35:29.378337+00:00 Debian Importer Fixing VCID-75mz-c1ds-vqed https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:12:57.502218+00:00 Debian Importer Fixing VCID-zdwv-ycey-myfc https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:55:44.213152+00:00 Debian Importer Fixing VCID-g8gt-d7gz-13e6 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:21:08.283877+00:00 Debian Importer Fixing VCID-g6up-yqg8-nbep https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:09:42.465291+00:00 Debian Importer Fixing VCID-5r6v-ej7d-ubgv https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:50:22.005648+00:00 Debian Importer Fixing VCID-sw29-epz3-g7ep https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:27:45.956938+00:00 Debian Importer Fixing VCID-2x39-rsxh-rkgw https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:27:45.923339+00:00 Debian Importer Fixing VCID-m7jp-7n22-4qg8 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:27:45.889796+00:00 Debian Importer Fixing VCID-g8gt-d7gz-13e6 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:27:45.856038+00:00 Debian Importer Fixing VCID-fafy-ugq3-cfbn https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:27:45.822399+00:00 Debian Importer Fixing VCID-sw29-epz3-g7ep https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:27:45.788675+00:00 Debian Importer Fixing VCID-g6up-yqg8-nbep https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:27:45.754539+00:00 Debian Importer Fixing VCID-75mz-c1ds-vqed https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:27:45.720212+00:00 Debian Importer Fixing VCID-zdwv-ycey-myfc https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:27:45.685723+00:00 Debian Importer Fixing VCID-5r6v-ej7d-ubgv https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:27:45.651227+00:00 Debian Importer Fixing VCID-6zee-aqcc-vfbp https://security-tracker.debian.org/tracker/data/json 38.1.0