Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/rh-maven35-jackson-databind@2.7.6-2.9?arch=el7
purl pkg:rpm/redhat/rh-maven35-jackson-databind@2.7.6-2.9?arch=el7
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-2qzn-mkhg-1qh3
Aliases:
CVE-2020-11111
GHSA-v3xw-c963-f5hc
jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). There are no reported fixed by versions.
VCID-3wa1-khqf-x7fv
Aliases:
CVE-2020-10968
GHSA-rf6r-2c4q-2vwg
jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). There are no reported fixed by versions.
VCID-9qdt-7p83-4yd8
Aliases:
CVE-2020-10969
GHSA-758m-v56v-grj4
jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. There are no reported fixed by versions.
VCID-tkej-jh51-s7g5
Aliases:
CVE-2020-11112
GHSA-58pp-9c76-5625
jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). There are no reported fixed by versions.
VCID-twvp-wxff-zka2
Aliases:
CVE-2020-11113
GHSA-9vvp-fxw6-jcxr
jackson-databind mishandles the interaction between serialization gadgets and typing FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:10:14.104534+00:00 RedHat Importer Affected by VCID-9qdt-7p83-4yd8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10969.json 38.0.0
2026-04-01T14:09:32.575161+00:00 RedHat Importer Affected by VCID-3wa1-khqf-x7fv https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10968.json 38.0.0
2026-04-01T14:09:30.611877+00:00 RedHat Importer Affected by VCID-2qzn-mkhg-1qh3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11111.json 38.0.0
2026-04-01T14:09:30.484798+00:00 RedHat Importer Affected by VCID-tkej-jh51-s7g5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11112.json 38.0.0
2026-04-01T14:09:28.272904+00:00 RedHat Importer Affected by VCID-twvp-wxff-zka2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11113.json 38.0.0