Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml@2.10.0
purl pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml@2.10.0
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-hwnx-vf4v-f3db Code Injection in jackson-databind This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). CVE-2020-24616
GHSA-h3cw-g4mq-c5x2

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:06:41.975217+00:00 GitLab Importer Fixing VCID-hwnx-vf4v-f3db https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/CVE-2020-24616.yml 38.4.0
2026-04-11T22:18:16.568053+00:00 GitLab Importer Fixing VCID-hwnx-vf4v-f3db https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/CVE-2020-24616.yml 38.3.0
2026-04-02T22:30:18.199934+00:00 GitLab Importer Fixing VCID-hwnx-vf4v-f3db https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/CVE-2020-24616.yml 38.1.0
2026-04-01T16:48:25.164661+00:00 GitLab Importer Fixing VCID-hwnx-vf4v-f3db https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/CVE-2020-24616.yml 38.0.0