VulnerableCode Package Details - pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1

Essentials
History (105)

purl	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1

Next non-vulnerable version	2.12.7.1
Latest non-vulnerable version	2.16.0
Risk	4.5

Vulnerabilities affecting this package (30)

Vulnerability	Summary	Fixed by
VCID-2qzn-mkhg-1qh3 Aliases: CVE-2020-11111 GHSA-v3xw-c963-f5hc	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).	2.9.10.4 Affected by 17 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-3qjf-azsa-fbek Aliases: CVE-2020-14060 GHSA-j823-4qch-3rgm	Deserialization of untrusted data in Jackson Databind FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).	2.9.10.5 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-3wa1-khqf-x7fv Aliases: CVE-2020-10968 GHSA-rf6r-2c4q-2vwg	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).	2.9.10.4 Affected by 17 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-5qfd-jjh1-d3fx Aliases: CVE-2020-10673 GHSA-fqwf-pjwf-7vqv	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 and 2.6.7.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).	2.9.10.4 Affected by 17 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-5te6-415m-c7df Aliases: CVE-2020-24750 GHSA-qjw2-hr98-qgfh	Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.	2.9.10.6 Affected by 11 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-8h7y-y4pv-cyd3 Aliases: CVE-2020-10650 GHSA-rpr3-cw39-3pxh GMS-2022-2955	jackson-databind vulnerable to unsafe deserialization The com.fasterxml.jackson.core:jackson-databind library before version 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.	2.9.10.4 Affected by 17 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-96pq-m4f3-zbad Aliases: CVE-2019-20330 GHSA-gww7-p5w4-wrfv	Deserialization of Untrusted Data in jackson-databind FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5, and 2.9.x before 2.9.10.2 lacks certain `net.sf.ehcache` blocking.	2.9.10.2 Affected by 29 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-9h46-72hw-bkcr Aliases: CVE-2022-42003 GHSA-jjjh-jjxp-wpff	Multiple vulnerabilities have been found in FasterXML jackson-databind, the worst of which could result in denial of service.	2.12.7.1 Affected by 0 other vulnerabilities. 2.13.4.2 Affected by 0 other vulnerabilities.
VCID-9qdt-7p83-4yd8 Aliases: CVE-2020-10969 GHSA-758m-v56v-grj4	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.	2.9.10.4 Affected by 17 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-a5sk-5grx-eyaf Aliases: CVE-2020-11619 GHSA-27xj-rqx5-2255	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).	2.9.10.4 Affected by 17 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-bydt-bkf4-rbh2 Aliases: CVE-2020-9546 GHSA-5p34-5m6p-p58g	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).	2.9.10.4 Affected by 17 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-cytp-mr4h-g3ds Aliases: CVE-2020-36184 GHSA-m6x4-97wx-4q27	Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.	2.9.10.8 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-hwnx-vf4v-f3db Aliases: CVE-2020-24616 GHSA-h3cw-g4mq-c5x2	Code Injection in jackson-databind This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).	2.9.10.6 Affected by 11 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-jcgb-bewy-4kff Aliases: CVE-2020-36185 GHSA-8w26-6f25-cm9x	Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.	2.9.10.8 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-pnt3-1ssq-tqau Aliases: CVE-2020-14061 GHSA-c2q3-4qrh-fm48	Deserialization of untrusted data in Jackson Databind FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).	2.9.10.5 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-swqd-uk56-wkat Aliases: CVE-2020-35491 GHSA-r3gr-cxrf-hg25	Serialization gadgets exploit in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.	2.9.10.8 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-tkej-jh51-s7g5 Aliases: CVE-2020-11112 GHSA-58pp-9c76-5625	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).	2.9.10.4 Affected by 17 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-twvp-wxff-zka2 Aliases: CVE-2020-11113 GHSA-9vvp-fxw6-jcxr	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).	2.9.10.4 Affected by 17 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-u87p-2xgz-e3fj Aliases: CVE-2020-36187 GHSA-r695-7vr9-jgc2	Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.	2.9.10.8 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ukwd-7rkh-sfhj Aliases: CVE-2020-35728 GHSA-5r5r-6hpj-8gg9	Deserialization of Untrusted Data FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).	2.9.10.8 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-uygc-h93v-vuh8 Aliases: CVE-2020-14062 GHSA-c265-37vj-cwcc	Deserialization of untrusted data in Jackson Databind FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).	2.9.10.5 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-v2pq-1qhm-4qb9 Aliases: CVE-2022-42004 GHSA-rgv9-q543-rqg4	Multiple vulnerabilities have been found in FasterXML jackson-databind, the worst of which could result in denial of service.	2.12.7.1 Affected by 0 other vulnerabilities. 2.13.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-v6ek-y7cn-kycd Aliases: CVE-2020-36518 GHSA-57j2-w4cx-62h2	Uncontrolled Resource Consumption jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.	2.12.6.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.13.2.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-w51e-ntqd-8bbg Aliases: CVE-2020-25649 GHSA-288c-cq4h-88gq	XML External Entity (XXE) Injection in Jackson Databind A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.	2.9.10.7 Affected by 10 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.10.5.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-wdgx-34uc-2qa4 Aliases: CVE-2020-10672 GHSA-95cm-88f5-f2c7	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).	2.9.10.4 Affected by 17 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-wds4-urpb-euby Aliases: CVE-2020-36186 GHSA-v585-23hc-c647	Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.	2.9.10.8 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-x4fr-ena4-47fe Aliases: CVE-2020-11620 GHSA-h4rc-386g-6m85	jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).	2.9.10.4 Affected by 17 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xnyb-nuwm-pkdr Aliases: CVE-2020-8840 GHSA-4w82-r329-3q67	Deserialization of Untrusted Data in jackson-databind FasterXML jackson-databind 2.x before 2.6.7.4, 2.7.x before 2.7.9.7, 2.8.x before 2.8.11.5 and 2.9.x before 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.	2.9.10.3 Affected by 28 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ypbt-p34k-hfbc Aliases: CVE-2020-35490 GHSA-wh8g-3j2c-rqj5	Serialization gadgets exploit in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.	2.9.10.8 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ze79-6kcg-nfcp Aliases: CVE-2020-14195 GHSA-mc6h-4qgp-37qh	Deserialization of untrusted data in Jackson Databind FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).	2.9.10.5 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (3)

Vulnerability	Summary	Aliases
VCID-16af-yv1z-xufy	jackson-databind polymorphic typing issue A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.	CVE-2019-17531 GHSA-gjmw-vf9h-g25v
VCID-8tmq-zbmb-m7h4	jackson-databind polymorphic typing issue A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.	CVE-2019-16943 GHSA-fmmc-742q-jg75
VCID-avut-gmwd-jqfp	Polymorphic Typing in FasterXML jackson-databind A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.	CVE-2019-16942 GHSA-mx7p-6679-8g3q

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-11T23:28:43.106759+00:00	GitLab Importer	Affected by	VCID-v2pq-1qhm-4qb9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2022-42004.yml	38.3.0
2026-04-11T23:28:42.296529+00:00	GitLab Importer	Affected by	VCID-9h46-72hw-bkcr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2022-42003.yml	38.3.0
2026-04-11T23:21:36.384018+00:00	GitLab Importer	Affected by	VCID-8h7y-y4pv-cyd3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/GMS-2022-2955.yml	38.3.0
2026-04-11T22:57:49.165797+00:00	GitLab Importer	Affected by	VCID-v6ek-y7cn-kycd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36518.yml	38.3.0
2026-04-11T22:49:47.234390+00:00	GitLab Importer	Affected by	VCID-cytp-mr4h-g3ds	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36184.yml	38.3.0
2026-04-11T22:49:46.555514+00:00	GitLab Importer	Affected by	VCID-hwnx-vf4v-f3db	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-24616.yml	38.3.0
2026-04-11T22:49:45.838386+00:00	GitLab Importer	Affected by	VCID-ukwd-7rkh-sfhj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-35728.yml	38.3.0
2026-04-11T22:49:44.359355+00:00	GitLab Importer	Affected by	VCID-jcgb-bewy-4kff	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36185.yml	38.3.0
2026-04-11T22:49:43.191512+00:00	GitLab Importer	Affected by	VCID-5te6-415m-c7df	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-24750.yml	38.3.0
2026-04-11T22:48:30.264384+00:00	GitLab Importer	Affected by	VCID-wds4-urpb-euby	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36186.yml	38.3.0
2026-04-11T22:27:46.405938+00:00	GitLab Importer	Affected by	VCID-u87p-2xgz-e3fj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36187.yml	38.3.0
2026-04-11T22:27:27.201884+00:00	GitLab Importer	Affected by	VCID-swqd-uk56-wkat	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-35491.yml	38.3.0
2026-04-11T22:27:26.539047+00:00	GitLab Importer	Affected by	VCID-ypbt-p34k-hfbc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-35490.yml	38.3.0
2026-04-11T22:26:53.479753+00:00	GitLab Importer	Affected by	VCID-w51e-ntqd-8bbg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-25649.yml	38.3.0
2026-04-11T22:16:04.461304+00:00	GitLab Importer	Affected by	VCID-uygc-h93v-vuh8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-14062.yml	38.3.0
2026-04-11T22:16:03.796981+00:00	GitLab Importer	Affected by	VCID-ze79-6kcg-nfcp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-14195.yml	38.3.0
2026-04-11T22:16:03.577992+00:00	GitLab Importer	Affected by	VCID-3qjf-azsa-fbek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-14060.yml	38.3.0
2026-04-11T22:15:56.122215+00:00	GitLab Importer	Affected by	VCID-pnt3-1ssq-tqau	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-14061.yml	38.3.0
2026-04-11T22:14:53.519360+00:00	GitLab Importer	Affected by	VCID-a5sk-5grx-eyaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-11619.yml	38.3.0
2026-04-11T22:14:51.852602+00:00	GitLab Importer	Affected by	VCID-3wa1-khqf-x7fv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-10968.yml	38.3.0
2026-04-11T22:14:51.101266+00:00	GitLab Importer	Affected by	VCID-twvp-wxff-zka2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-11113.yml	38.3.0
2026-04-11T22:14:11.540394+00:00	GitLab Importer	Affected by	VCID-wdgx-34uc-2qa4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-10672.yml	38.3.0
2026-04-11T22:14:11.309130+00:00	GitLab Importer	Affected by	VCID-x4fr-ena4-47fe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-11620.yml	38.3.0
2026-04-11T22:14:10.644411+00:00	GitLab Importer	Affected by	VCID-9qdt-7p83-4yd8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-10969.yml	38.3.0
2026-04-11T22:13:32.929066+00:00	GitLab Importer	Affected by	VCID-tkej-jh51-s7g5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-11112.yml	38.3.0
2026-04-11T22:13:32.048010+00:00	GitLab Importer	Affected by	VCID-2qzn-mkhg-1qh3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-11111.yml	38.3.0
2026-04-11T22:13:06.667677+00:00	GitLab Importer	Affected by	VCID-5qfd-jjh1-d3fx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-10673.yml	38.3.0
2026-04-11T22:12:31.862181+00:00	GitLab Importer	Affected by	VCID-96pq-m4f3-zbad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2019-20330.yml	38.3.0
2026-04-11T22:12:28.843471+00:00	GitLab Importer	Affected by	VCID-xnyb-nuwm-pkdr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-8840.yml	38.3.0
2026-04-11T22:12:24.682579+00:00	GitLab Importer	Affected by	VCID-bydt-bkf4-rbh2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-9546.yml	38.3.0
2026-04-11T22:09:01.208638+00:00	GitLab Importer	Fixing	VCID-16af-yv1z-xufy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2019-17531.yml	38.3.0
2026-04-11T22:08:44.990937+00:00	GitLab Importer	Fixing	VCID-avut-gmwd-jqfp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2019-16942.yml	38.3.0
2026-04-11T22:08:43.996734+00:00	GitLab Importer	Fixing	VCID-8tmq-zbmb-m7h4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2019-16943.yml	38.3.0
2026-04-05T02:18:35.526368+00:00	GitLab Importer	Affected by	VCID-8h7y-y4pv-cyd3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/GMS-2022-2955.yml	38.1.0
2026-04-02T23:34:27.070180+00:00	GitLab Importer	Affected by	VCID-v2pq-1qhm-4qb9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2022-42004.yml	38.1.0
2026-04-02T23:34:26.314814+00:00	GitLab Importer	Affected by	VCID-9h46-72hw-bkcr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2022-42003.yml	38.1.0
2026-04-02T23:06:41.125064+00:00	GitLab Importer	Affected by	VCID-v6ek-y7cn-kycd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36518.yml	38.1.0
2026-04-02T22:59:13.404586+00:00	GitLab Importer	Affected by	VCID-cytp-mr4h-g3ds	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36184.yml	38.1.0
2026-04-02T22:59:12.815504+00:00	GitLab Importer	Affected by	VCID-hwnx-vf4v-f3db	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-24616.yml	38.1.0
2026-04-02T22:59:12.169518+00:00	GitLab Importer	Affected by	VCID-ukwd-7rkh-sfhj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-35728.yml	38.1.0
2026-04-02T22:59:10.530129+00:00	GitLab Importer	Affected by	VCID-jcgb-bewy-4kff	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36185.yml	38.1.0
2026-04-02T22:59:09.458201+00:00	GitLab Importer	Affected by	VCID-5te6-415m-c7df	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-24750.yml	38.1.0
2026-04-02T22:58:04.144524+00:00	GitLab Importer	Affected by	VCID-wds4-urpb-euby	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36186.yml	38.1.0
2026-04-02T22:39:26.349155+00:00	GitLab Importer	Affected by	VCID-u87p-2xgz-e3fj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36187.yml	38.1.0
2026-04-02T22:39:07.219956+00:00	GitLab Importer	Affected by	VCID-swqd-uk56-wkat	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-35491.yml	38.1.0
2026-04-02T22:39:06.653517+00:00	GitLab Importer	Affected by	VCID-ypbt-p34k-hfbc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-35490.yml	38.1.0
2026-04-02T22:38:36.480781+00:00	GitLab Importer	Affected by	VCID-w51e-ntqd-8bbg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-25649.yml	38.1.0
2026-04-02T22:28:15.884255+00:00	GitLab Importer	Affected by	VCID-uygc-h93v-vuh8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-14062.yml	38.1.0
2026-04-02T22:28:15.238228+00:00	GitLab Importer	Affected by	VCID-ze79-6kcg-nfcp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-14195.yml	38.1.0
2026-04-02T22:28:15.027351+00:00	GitLab Importer	Affected by	VCID-3qjf-azsa-fbek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-14060.yml	38.1.0
2026-04-02T22:28:08.301349+00:00	GitLab Importer	Affected by	VCID-pnt3-1ssq-tqau	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-14061.yml	38.1.0
2026-04-02T22:27:11.087451+00:00	GitLab Importer	Affected by	VCID-a5sk-5grx-eyaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-11619.yml	38.1.0
2026-04-02T22:27:09.591663+00:00	GitLab Importer	Affected by	VCID-3wa1-khqf-x7fv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-10968.yml	38.1.0
2026-04-02T22:27:08.902426+00:00	GitLab Importer	Affected by	VCID-twvp-wxff-zka2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-11113.yml	38.1.0
2026-04-02T22:26:32.480058+00:00	GitLab Importer	Affected by	VCID-wdgx-34uc-2qa4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-10672.yml	38.1.0
2026-04-02T22:26:32.272945+00:00	GitLab Importer	Affected by	VCID-x4fr-ena4-47fe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-11620.yml	38.1.0
2026-04-02T22:26:31.635664+00:00	GitLab Importer	Affected by	VCID-9qdt-7p83-4yd8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-10969.yml	38.1.0
2026-04-02T22:25:53.621096+00:00	GitLab Importer	Affected by	VCID-tkej-jh51-s7g5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-11112.yml	38.1.0
2026-04-02T22:25:52.832768+00:00	GitLab Importer	Affected by	VCID-2qzn-mkhg-1qh3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-11111.yml	38.1.0
2026-04-02T22:25:29.515220+00:00	GitLab Importer	Affected by	VCID-5qfd-jjh1-d3fx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-10673.yml	38.1.0
2026-04-02T22:24:57.410977+00:00	GitLab Importer	Affected by	VCID-96pq-m4f3-zbad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2019-20330.yml	38.1.0
2026-04-02T22:24:54.698669+00:00	GitLab Importer	Affected by	VCID-xnyb-nuwm-pkdr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-8840.yml	38.1.0
2026-04-02T22:24:50.897444+00:00	GitLab Importer	Affected by	VCID-bydt-bkf4-rbh2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-9546.yml	38.1.0
2026-04-02T22:21:39.832598+00:00	GitLab Importer	Fixing	VCID-16af-yv1z-xufy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2019-17531.yml	38.1.0
2026-04-02T22:21:25.071893+00:00	GitLab Importer	Fixing	VCID-avut-gmwd-jqfp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2019-16942.yml	38.1.0
2026-04-02T22:21:24.157920+00:00	GitLab Importer	Fixing	VCID-8tmq-zbmb-m7h4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2019-16943.yml	38.1.0
2026-04-01T17:56:28.534222+00:00	GitLab Importer	Affected by	VCID-v2pq-1qhm-4qb9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2022-42004.yml	38.0.0
2026-04-01T17:56:27.727187+00:00	GitLab Importer	Affected by	VCID-9h46-72hw-bkcr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2022-42003.yml	38.0.0
2026-04-01T17:25:55.409015+00:00	GitLab Importer	Affected by	VCID-v6ek-y7cn-kycd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36518.yml	38.0.0
2026-04-01T17:17:54.370951+00:00	GitLab Importer	Affected by	VCID-cytp-mr4h-g3ds	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36184.yml	38.0.0
2026-04-01T17:17:53.711783+00:00	GitLab Importer	Affected by	VCID-hwnx-vf4v-f3db	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-24616.yml	38.0.0
2026-04-01T17:17:53.001554+00:00	GitLab Importer	Affected by	VCID-ukwd-7rkh-sfhj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-35728.yml	38.0.0
2026-04-01T17:17:51.448581+00:00	GitLab Importer	Affected by	VCID-jcgb-bewy-4kff	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36185.yml	38.0.0
2026-04-01T17:17:50.218926+00:00	GitLab Importer	Affected by	VCID-5te6-415m-c7df	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-24750.yml	38.0.0
2026-04-01T17:16:35.744733+00:00	GitLab Importer	Affected by	VCID-wds4-urpb-euby	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36186.yml	38.0.0
2026-04-01T16:56:51.098092+00:00	GitLab Importer	Affected by	VCID-u87p-2xgz-e3fj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-36187.yml	38.0.0
2026-04-01T16:56:33.933464+00:00	GitLab Importer	Affected by	VCID-swqd-uk56-wkat	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-35491.yml	38.0.0
2026-04-01T16:56:33.285577+00:00	GitLab Importer	Affected by	VCID-ypbt-p34k-hfbc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-35490.yml	38.0.0
2026-04-01T16:56:01.323172+00:00	GitLab Importer	Affected by	VCID-w51e-ntqd-8bbg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-25649.yml	38.0.0
2026-04-01T16:46:12.727566+00:00	GitLab Importer	Affected by	VCID-uygc-h93v-vuh8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-14062.yml	38.0.0
2026-04-01T16:46:12.065283+00:00	GitLab Importer	Affected by	VCID-ze79-6kcg-nfcp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-14195.yml	38.0.0
2026-04-01T16:46:11.844807+00:00	GitLab Importer	Affected by	VCID-3qjf-azsa-fbek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-14060.yml	38.0.0
2026-04-01T16:46:04.746187+00:00	GitLab Importer	Affected by	VCID-pnt3-1ssq-tqau	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-14061.yml	38.0.0
2026-04-01T16:45:10.650714+00:00	GitLab Importer	Affected by	VCID-a5sk-5grx-eyaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-11619.yml	38.0.0
2026-04-01T16:45:09.067516+00:00	GitLab Importer	Affected by	VCID-3wa1-khqf-x7fv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-10968.yml	38.0.0
2026-04-01T16:45:08.352855+00:00	GitLab Importer	Affected by	VCID-twvp-wxff-zka2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-11113.yml	38.0.0
2026-04-01T16:44:28.732529+00:00	GitLab Importer	Affected by	VCID-wdgx-34uc-2qa4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-10672.yml	38.0.0
2026-04-01T16:44:28.525208+00:00	GitLab Importer	Affected by	VCID-x4fr-ena4-47fe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-11620.yml	38.0.0
2026-04-01T16:44:27.857176+00:00	GitLab Importer	Affected by	VCID-9qdt-7p83-4yd8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-10969.yml	38.0.0
2026-04-01T16:43:50.607157+00:00	GitLab Importer	Affected by	VCID-tkej-jh51-s7g5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-11112.yml	38.0.0
2026-04-01T16:43:49.820185+00:00	GitLab Importer	Affected by	VCID-2qzn-mkhg-1qh3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-11111.yml	38.0.0
2026-04-01T16:43:24.469210+00:00	GitLab Importer	Affected by	VCID-5qfd-jjh1-d3fx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-10673.yml	38.0.0
2026-04-01T16:42:51.571036+00:00	GitLab Importer	Affected by	VCID-96pq-m4f3-zbad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2019-20330.yml	38.0.0
2026-04-01T16:42:48.473937+00:00	GitLab Importer	Affected by	VCID-xnyb-nuwm-pkdr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-8840.yml	38.0.0
2026-04-01T16:42:44.671898+00:00	GitLab Importer	Affected by	VCID-bydt-bkf4-rbh2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2020-9546.yml	38.0.0
2026-04-01T16:39:26.160498+00:00	GitLab Importer	Fixing	VCID-16af-yv1z-xufy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2019-17531.yml	38.0.0
2026-04-01T16:39:10.438550+00:00	GitLab Importer	Fixing	VCID-avut-gmwd-jqfp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2019-16942.yml	38.0.0
2026-04-01T16:39:09.471721+00:00	GitLab Importer	Fixing	VCID-8tmq-zbmb-m7h4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-databind/CVE-2019-16943.yml	38.0.0
2026-04-01T15:57:59.396466+00:00	GHSA Importer	Affected by	VCID-96pq-m4f3-zbad	https://github.com/advisories/GHSA-gww7-p5w4-wrfv	38.0.0
2026-04-01T15:57:45.789304+00:00	GHSA Importer	Fixing	VCID-16af-yv1z-xufy	https://github.com/advisories/GHSA-gjmw-vf9h-g25v	38.0.0
2026-04-01T15:57:45.628437+00:00	GHSA Importer	Fixing	VCID-8tmq-zbmb-m7h4	https://github.com/advisories/GHSA-fmmc-742q-jg75	38.0.0
2026-04-01T15:57:43.303429+00:00	GHSA Importer	Fixing	VCID-avut-gmwd-jqfp	https://github.com/advisories/GHSA-mx7p-6679-8g3q	38.0.0
2026-04-01T13:04:34.306455+00:00	GithubOSV Importer	Fixing	VCID-8tmq-zbmb-m7h4	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/11/GHSA-fmmc-742q-jg75/GHSA-fmmc-742q-jg75.json	38.0.0
2026-04-01T13:04:33.207582+00:00	GithubOSV Importer	Fixing	VCID-16af-yv1z-xufy	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/11/GHSA-gjmw-vf9h-g25v/GHSA-gjmw-vf9h-g25v.json	38.0.0
2026-04-01T13:04:03.606515+00:00	GithubOSV Importer	Fixing	VCID-avut-gmwd-jqfp	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/10/GHSA-mx7p-6679-8g3q/GHSA-mx7p-6679-8g3q.json	38.0.0