VulnerableCode Package Details - pkg:deb/debian/jackson-databind@2.9.9.3-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-6xn4-4gfc-tbgj	Deserialization of untrusted data in FasterXML jackson-databind A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2, 2.8.11.4, 2.7.9.6, and 2.6.7.3. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.	CVE-2019-14439 GHSA-gwp4-hfv6-p7hw
VCID-wg36-q48g-mkds	Deserialization of untrusted data in FasterXML jackson-databind SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2, 2.8.11.4, and 2.7.9.6 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.	CVE-2019-14379 GHSA-6fpp-rgj9-8rwc

Vulnerability

Summary

Aliases

VCID-6xn4-4gfc-tbgj

Deserialization of untrusted data in FasterXML jackson-databind A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2, 2.8.11.4, 2.7.9.6, and 2.6.7.3. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.

CVE-2019-14439
GHSA-gwp4-hfv6-p7hw

VCID-wg36-q48g-mkds

Deserialization of untrusted data in FasterXML jackson-databind SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2, 2.8.11.4, and 2.7.9.6 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.

CVE-2019-14379
GHSA-6fpp-rgj9-8rwc

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:18:54.587515+00:00	Debian Importer	Fixing	VCID-wg36-q48g-mkds	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:42:26.152760+00:00	Debian Importer	Fixing	VCID-6xn4-4gfc-tbgj	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:10:27.205210+00:00	Debian Importer	Fixing	VCID-wg36-q48g-mkds	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:42:41.267787+00:00	Debian Importer	Fixing	VCID-6xn4-4gfc-tbgj	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:27:46.244298+00:00	Debian Importer	Fixing	VCID-6xn4-4gfc-tbgj	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:27:46.204428+00:00	Debian Importer	Fixing	VCID-wg36-q48g-mkds	https://security-tracker.debian.org/tracker/data/json	38.1.0