VulnerableCode Package Details - pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-3.redhat

Search for packages

Vulnerability	Summary	Fixed by
VCID-9v3p-qkzz-ukgg Aliases: CVE-2020-25644 GHSA-hxj4-885f-grgp	Wildfly-OpenSSL memory leak flaw A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.	There are no reported fixed by versions.
VCID-vdv3-7dwp-suab Aliases: CVE-2020-25638 GHSA-j8jw-g6fq-mp7h	SQL injection in hibernate-core A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.	There are no reported fixed by versions.
VCID-w51e-ntqd-8bbg Aliases: CVE-2020-25649 GHSA-288c-cq4h-88gq	XML External Entity (XXE) Injection in Jackson Databind A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-9v3p-qkzz-ukgg
Aliases:
CVE-2020-25644
GHSA-hxj4-885f-grgp

Wildfly-OpenSSL memory leak flaw A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.

There are no reported fixed by versions.

VCID-vdv3-7dwp-suab
Aliases:
CVE-2020-25638
GHSA-j8jw-g6fq-mp7h

SQL injection in hibernate-core A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

There are no reported fixed by versions.

VCID-w51e-ntqd-8bbg
Aliases:
CVE-2020-25649
GHSA-288c-cq4h-88gq

XML External Entity (XXE) Injection in Jackson Databind A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:14:26.503812+00:00	RedHat Importer	Affected by	VCID-w51e-ntqd-8bbg	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25649.json	38.0.0
2026-04-01T14:04:26.938681+00:00	RedHat Importer	Affected by	VCID-9v3p-qkzz-ukgg	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25644.json	38.0.0
2026-04-01T14:04:21.153933+00:00	RedHat Importer	Affected by	VCID-vdv3-7dwp-suab	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25638.json	38.0.0