Search for packages
| purl | pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9h46-72hw-bkcr
Aliases: CVE-2022-42003 GHSA-jjjh-jjxp-wpff |
Multiple vulnerabilities have been found in FasterXML jackson-databind, the worst of which could result in denial of service. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-v2pq-1qhm-4qb9
Aliases: CVE-2022-42004 GHSA-rgv9-q543-rqg4 |
Multiple vulnerabilities have been found in FasterXML jackson-databind, the worst of which could result in denial of service. |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-v6ek-y7cn-kycd
Aliases: CVE-2020-36518 GHSA-57j2-w4cx-62h2 |
Uncontrolled Resource Consumption jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-4an1-3hs5-3yd6 | Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. |
CVE-2020-36183
GHSA-9m6f-7xcq-8vf8 |
| VCID-4vx2-s262-ckbp | Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`. |
CVE-2020-36188
GHSA-f9xh-2qgp-cq57 |
| VCID-7qga-wsz6-kqcn | Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. |
CVE-2020-36182
GHSA-89qr-369f-5m5x |
| VCID-8ns6-kacn-dkeg | Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource. |
CVE-2020-36189
GHSA-vfqx-33qm-g869 |
| VCID-cytp-mr4h-g3ds | Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. |
CVE-2020-36184
GHSA-m6x4-97wx-4q27 |
| VCID-gtzx-y5f1-vye3 | Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`. |
CVE-2020-36181
GHSA-cvm9-fjm9-3572 |
| VCID-jcgb-bewy-4kff | Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`. |
CVE-2020-36185
GHSA-8w26-6f25-cm9x |
| VCID-swqd-uk56-wkat | Serialization gadgets exploit in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. |
CVE-2020-35491
GHSA-r3gr-cxrf-hg25 |
| VCID-u87p-2xgz-e3fj | Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. |
CVE-2020-36187
GHSA-r695-7vr9-jgc2 |
| VCID-uhnv-3cny-qkgx | Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`. |
CVE-2020-36179
GHSA-9gph-22xh-8x98 |
| VCID-ukwd-7rkh-sfhj | Deserialization of Untrusted Data FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). |
CVE-2020-35728
GHSA-5r5r-6hpj-8gg9 |
| VCID-wds4-urpb-euby | Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`. |
CVE-2020-36186
GHSA-v585-23hc-c647 |
| VCID-yp37-9z2d-akaj | Unsafe Deserialization in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS. |
CVE-2020-36180
GHSA-8c4j-34r4-xr8g |
| VCID-ypbt-p34k-hfbc | Serialization gadgets exploit in jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. |
CVE-2020-35490
GHSA-wh8g-3j2c-rqj5 |