VulnerableCode Package Details - pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.00

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.00

purl	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.00
Tags	Ghost

Next non-vulnerable version	2.12.7.1
Latest non-vulnerable version	2.16.0
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-4an1-3hs5-3yd6 Aliases: CVE-2020-36183 GHSA-9m6f-7xcq-8vf8	Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.	2.9.10.8 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T15:59:06.570063+00:00	GHSA Importer	Affected by	VCID-4an1-3hs5-3yd6	https://github.com/advisories/GHSA-9m6f-7xcq-8vf8	38.0.0