VulnerableCode Package Details - pkg:rpm/redhat/rh-maven35-jackson-databind@2.7.6-2.8?arch=el7

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/rh-maven35-jackson-databind@2.7.6-2.8?arch=el7

purl	pkg:rpm/redhat/rh-maven35-jackson-databind@2.7.6-2.8?arch=el7

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.5

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-16af-yv1z-xufy Aliases: CVE-2019-17531 GHSA-gjmw-vf9h-g25v	jackson-databind polymorphic typing issue A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 prior to 2.9.10.1, 2.8.11.5, and 2.6.7.3. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:15:49.307006+00:00	RedHat Importer	Affected by	VCID-16af-yv1z-xufy	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17531.json	38.0.0