VulnerableCode Package Details - pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6

Search for packages

Vulnerability	Summary	Fixed by
VCID-9h46-72hw-bkcr Aliases: CVE-2022-42003 GHSA-jjjh-jjxp-wpff	Multiple vulnerabilities have been found in FasterXML jackson-databind, the worst of which could result in denial of service.	2.12.7.1 Affected by 0 other vulnerabilities. 2.13.4.2 Affected by 0 other vulnerabilities.
VCID-v2pq-1qhm-4qb9 Aliases: CVE-2022-42004 GHSA-rgv9-q543-rqg4	Multiple vulnerabilities have been found in FasterXML jackson-databind, the worst of which could result in denial of service.	2.12.7.1 Affected by 0 other vulnerabilities. 2.13.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-v6ek-y7cn-kycd Aliases: CVE-2020-36518 GHSA-57j2-w4cx-62h2	Uncontrolled Resource Consumption jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.	2.12.6.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.13.2.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-9h46-72hw-bkcr
Aliases:
CVE-2022-42003
GHSA-jjjh-jjxp-wpff

Multiple vulnerabilities have been found in FasterXML jackson-databind, the worst of which could result in denial of service.

2.12.7.1
Affected by 0 other vulnerabilities.

2.13.4.2
Affected by 0 other vulnerabilities.

VCID-v2pq-1qhm-4qb9
Aliases:
CVE-2022-42004
GHSA-rgv9-q543-rqg4

Multiple vulnerabilities have been found in FasterXML jackson-databind, the worst of which could result in denial of service.

2.12.7.1
Affected by 0 other vulnerabilities.

2.13.4
Affected by 1 other vulnerability.

VCID-v6ek-y7cn-kycd
Aliases:
CVE-2020-36518
GHSA-57j2-w4cx-62h2

Uncontrolled Resource Consumption jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

2.12.6.1
Affected by 2 other vulnerabilities.

2.13.2.1
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2cup-9gdn-yyhk	jackson-databind possible Denial of Service if using JDK serialization to serialize JsonNode jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.	CVE-2021-46877 GHSA-3x8x-79m2-3w2w

Vulnerability

Summary

Aliases

VCID-2cup-9gdn-yyhk

jackson-databind possible Denial of Service if using JDK serialization to serialize JsonNode jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.

CVE-2021-46877
GHSA-3x8x-79m2-3w2w

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-11T23:42:29.493347+00:00	GitLab Importer	Fixing	VCID-2cup-9gdn-yyhk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2021-46877.yml	38.3.0
2026-04-11T23:28:43.228898+00:00	GitLab Importer	Affected by	VCID-v2pq-1qhm-4qb9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2022-42004.yml	38.3.0
2026-04-11T23:28:42.419357+00:00	GitLab Importer	Affected by	VCID-9h46-72hw-bkcr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2022-42003.yml	38.3.0
2026-04-11T22:57:49.291026+00:00	GitLab Importer	Affected by	VCID-v6ek-y7cn-kycd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36518.yml	38.3.0
2026-04-02T23:46:23.854730+00:00	GitLab Importer	Fixing	VCID-2cup-9gdn-yyhk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2021-46877.yml	38.1.0
2026-04-02T23:34:27.173822+00:00	GitLab Importer	Affected by	VCID-v2pq-1qhm-4qb9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2022-42004.yml	38.1.0
2026-04-02T23:34:26.420235+00:00	GitLab Importer	Affected by	VCID-9h46-72hw-bkcr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2022-42003.yml	38.1.0
2026-04-02T23:06:41.229839+00:00	GitLab Importer	Affected by	VCID-v6ek-y7cn-kycd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36518.yml	38.1.0
2026-04-02T16:59:08.671453+00:00	GHSA Importer	Fixing	VCID-2cup-9gdn-yyhk	https://github.com/advisories/GHSA-3x8x-79m2-3w2w	38.1.0
2026-04-01T17:56:28.652758+00:00	GitLab Importer	Affected by	VCID-v2pq-1qhm-4qb9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2022-42004.yml	38.0.0
2026-04-01T17:56:27.843824+00:00	GitLab Importer	Affected by	VCID-9h46-72hw-bkcr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2022-42003.yml	38.0.0
2026-04-01T17:25:55.544883+00:00	GitLab Importer	Affected by	VCID-v6ek-y7cn-kycd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36518.yml	38.0.0
2026-04-01T12:58:32.224250+00:00	GithubOSV Importer	Fixing	VCID-2cup-9gdn-yyhk	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-3x8x-79m2-3w2w/GHSA-3x8x-79m2-3w2w.json	38.0.0
2026-04-01T12:51:01.256883+00:00	GitLab Importer	Fixing	VCID-2cup-9gdn-yyhk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2021-46877.yml	38.0.0