Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/rh-maven35-jackson-databind@2.7.6-2.5?arch=el7
purl pkg:rpm/redhat/rh-maven35-jackson-databind@2.7.6-2.5?arch=el7
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.5
Vulnerabilities affecting this package (10)
Vulnerability Summary Fixed by
VCID-2x39-rsxh-rkgw
Aliases:
CVE-2018-19362
GHSA-c8hm-7hpq-7jhg
Deserialization of Untrusted Data FasterXML jackson-databind might allow attackers to have unspecified impact by leveraging failure to block the `jboss-common-core` class from polymorphic deserialization. There are no reported fixed by versions.
VCID-5r6v-ej7d-ubgv
Aliases:
CVE-2018-12022
GHSA-cjjf-94ff-43w7
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. There are no reported fixed by versions.
VCID-6zee-aqcc-vfbp
Aliases:
CVE-2018-11307
GHSA-qr7j-h6gg-jmgc
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6. There are no reported fixed by versions.
VCID-75mz-c1ds-vqed
Aliases:
CVE-2018-14718
GHSA-645p-88qh-w398
Deserialization of Untrusted Data FasterXML jackson-databind might allow remote attackers to execute arbitrary code by leveraging failure to block the `slf4j-ext` class from polymorphic deserialization. There are no reported fixed by versions.
VCID-fafy-ugq3-cfbn
Aliases:
CVE-2018-14721
GHSA-9mxf-g3x6-wv74
Server-Side Request Forgery (SSRF) FasterXML jackson-databind might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the `axis2-jaxws` class from polymorphic deserialization. There are no reported fixed by versions.
VCID-g6up-yqg8-nbep
Aliases:
CVE-2018-14719
GHSA-4gq5-ch57-c2mg
Deserialization of Untrusted Data FasterXML jackson-databind might allow remote attackers to execute arbitrary code by leveraging failure to block the `blaze-ds-opt` and `blaze-ds-core` classes from polymorphic deserialization. There are no reported fixed by versions.
VCID-g8gt-d7gz-13e6
Aliases:
CVE-2018-19360
GHSA-f9hv-mg5h-xcw9
Deserialization of Untrusted Data FasterXML jackson-databind might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. There are no reported fixed by versions.
VCID-m7jp-7n22-4qg8
Aliases:
CVE-2018-19361
GHSA-mx9v-gmh4-mgqw
Deserialization of Untrusted Data FasterXML jackson-databind might allow attackers to have unspecified impact by leveraging failure to block the `openjpa` class from polymorphic deserialization. There are no reported fixed by versions.
VCID-sw29-epz3-g7ep
Aliases:
CVE-2018-14720
GHSA-x2w5-5m2g-7h5m
Improper Restriction of XML External Entity Reference FasterXML jackson-databind might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. There are no reported fixed by versions.
VCID-zdwv-ycey-myfc
Aliases:
CVE-2018-12023
GHSA-6wqp-v4v6-c87c
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:24:53.684387+00:00 RedHat Importer Affected by VCID-6zee-aqcc-vfbp https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11307.json 38.0.0
2026-04-01T14:24:33.631026+00:00 RedHat Importer Affected by VCID-5r6v-ej7d-ubgv https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12022.json 38.0.0
2026-04-01T14:23:58.180849+00:00 RedHat Importer Affected by VCID-zdwv-ycey-myfc https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12023.json 38.0.0
2026-04-01T14:22:59.816312+00:00 RedHat Importer Affected by VCID-fafy-ugq3-cfbn https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14721.json 38.0.0
2026-04-01T14:22:57.349602+00:00 RedHat Importer Affected by VCID-sw29-epz3-g7ep https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14720.json 38.0.0
2026-04-01T14:22:56.566914+00:00 RedHat Importer Affected by VCID-g6up-yqg8-nbep https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14719.json 38.0.0
2026-04-01T14:22:56.520182+00:00 RedHat Importer Affected by VCID-75mz-c1ds-vqed https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14718.json 38.0.0
2026-04-01T14:21:35.136528+00:00 RedHat Importer Affected by VCID-2x39-rsxh-rkgw https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19362.json 38.0.0
2026-04-01T14:21:35.090319+00:00 RedHat Importer Affected by VCID-m7jp-7n22-4qg8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19361.json 38.0.0
2026-04-01T14:21:35.046378+00:00 RedHat Importer Affected by VCID-g8gt-d7gz-13e6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19360.json 38.0.0