Package Instance

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/74aba4042fce35ee0b91bd2847e788c10040d78b

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/74aba4042fce35ee0b91bd2847e788c10040d78b

reference_url

https://github.com/FasterXML/jackson-databind/commit/914e7c9f2cb8ce66724bf26a72adc7e958992497

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/914e7c9f2cb8ce66724bf26a72adc7e958992497

reference_url

https://github.com/FasterXML/jackson-databind/commit/9bb52c7122271df75435ec7e66ecf6b02b1ee14f

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/9bb52c7122271df75435ec7e66ecf6b02b1ee14f

reference_url

https://github.com/FasterXML/jackson-databind/issues/2620

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2620

reference_url

https://lists.apache.org/thread.html/r078e68a926ea6be12e8404e47f45aabf04bb4668e8265c0de41db6db@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r078e68a926ea6be12e8404e47f45aabf04bb4668e8265c0de41db6db@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1c09b9551f6953dbeca190a4c4b78198cdbb9825fce36f96fe3d8218@%3Cdev.tomee.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1c09b9551f6953dbeca190a4c4b78198cdbb9825fce36f96fe3d8218@%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1efc776fc6ce3387593deaa94bbdd296733b1b01408a39c8d1ab9e0e@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1efc776fc6ce3387593deaa94bbdd296733b1b01408a39c8d1ab9e0e@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2fa8046bd47fb407ca09b5107a80fa6147ba4ebe879caae5c98b7657@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r2fa8046bd47fb407ca09b5107a80fa6147ba4ebe879caae5c98b7657@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r319f19c74e06c201b9d4e8b282a4e4b2da6dcda022fb46f007dd00d3@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r319f19c74e06c201b9d4e8b282a4e4b2da6dcda022fb46f007dd00d3@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3539bd3a377991217d724879d239e16e86001c54160076408574e1da@%3Cnotifications.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3539bd3a377991217d724879d239e16e86001c54160076408574e1da@%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3d20a2660b36551fd8257d479941782af4a7169582449fac1704bde2@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3d20a2660b36551fd8257d479941782af4a7169582449fac1704bde2@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r428d068b2a4923f1a5a4f5fc6381b95205cfe7620169d16db78e9c71@%3Cnotifications.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r428d068b2a4923f1a5a4f5fc6381b95205cfe7620169d16db78e9c71@%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r446646c5588b10f5e02409ad580b12f314869009cdfbf844ca395cec@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r446646c5588b10f5e02409ad580b12f314869009cdfbf844ca395cec@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r46bebdeb59b8b7212d63a010ca445a9f5c4e9d64dcf693cab6f399d3@%3Ccommits.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r46bebdeb59b8b7212d63a010ca445a9f5c4e9d64dcf693cab6f399d3@%3Ccommits.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r5d8bea8e9d17b6efcf4a0e4e194e91ef46a99f505777a31a60da2b38@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r5d8bea8e9d17b6efcf4a0e4e194e91ef46a99f505777a31a60da2b38@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r65ee95fa09c831843bac81eaa582fdddc2b6119912a72d1c83a9b882@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r65ee95fa09c831843bac81eaa582fdddc2b6119912a72d1c83a9b882@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6fdd4c61a09a0c89f581b4ddb3dc6f154ab0c705fcfd0a7358b2e4e5@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6fdd4c61a09a0c89f581b4ddb3dc6f154ab0c705fcfd0a7358b2e4e5@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7762d69e85c58d6948823424017ef4c08f47de077644277fa18cc116@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r7762d69e85c58d6948823424017ef4c08f47de077644277fa18cc116@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220@%3Cdev.kafka.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220@%3Cdev.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8170007fd9b263d65b37d92a7b5d7bc357aedbb113a32838bc4a9485@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8170007fd9b263d65b37d92a7b5d7bc357aedbb113a32838bc4a9485@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1@%3Cjira.kafka.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1@%3Cjira.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r94930e39b60fff236160c1c4110fe884dc093044b067aa5fc98d7ee1@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r94930e39b60fff236160c1c4110fe884dc093044b067aa5fc98d7ee1@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9e59ebaf76fd00b2fa3ff5ebf18fe075ca9f4376216612c696f76718@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9e59ebaf76fd00b2fa3ff5ebf18fe075ca9f4376216612c696f76718@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9ecf211c22760b00967ebe158c6ed7dba9142078e2a630ab8904a5b7@%3Cdev.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9ecf211c22760b00967ebe158c6ed7dba9142078e2a630ab8904a5b7@%3Cdev.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra275f29615f35d5b40106d1582a41e5388b2a5131564e9e01a572987@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra275f29615f35d5b40106d1582a41e5388b2a5131564e9e01a572987@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rac5ee5d686818be7e7c430d35108ee01a88aae54f832d32f62431fd1@%3Cnotifications.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rac5ee5d686818be7e7c430d35108ee01a88aae54f832d32f62431fd1@%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb43f9a65150948a6bebd3cb77ee3e105d40db2820fd547528f4e7f89@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb43f9a65150948a6bebd3cb77ee3e105d40db2820fd547528f4e7f89@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb5eedf90ba3633e171a2ffdfe484651c9490dc5df74c8a29244cbc0e@%3Ccommits.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb5eedf90ba3633e171a2ffdfe484651c9490dc5df74c8a29244cbc0e@%3Ccommits.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb73708bf714ed6dbc1212da082e7703e586077f0c92f3940b2e82caf@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb73708bf714ed6dbc1212da082e7703e586077f0c92f3940b2e82caf@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb99c7321eba5d4c907beec46675d52827528b738cfafd48eb4d862f1@%3Cdev.tomee.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb99c7321eba5d4c907beec46675d52827528b738cfafd48eb4d862f1@%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2@%3Cdev.tomee.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2@%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc717fd6c65190f4e592345713f9ef0723fb7d71f624caa2a17caa26a@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc717fd6c65190f4e592345713f9ef0723fb7d71f624caa2a17caa26a@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rcc72b497e3dff2dc62ec9b89ceb90bc4e1b14fc56c3c252a6fcbb013@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rcc72b497e3dff2dc62ec9b89ceb90bc4e1b14fc56c3c252a6fcbb013@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rdea588d4a0ebf9cb7ce8c3a8f18d0d306507c4f8ba178dd3d20207b8@%3Cdev.tomee.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rdea588d4a0ebf9cb7ce8c3a8f18d0d306507c4f8ba178dd3d20207b8@%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rdf311f13e6356297e0ffe74397fdd25a3687b0a16e687c3ff5b834d8@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rdf311f13e6356297e0ffe74397fdd25a3687b0a16e687c3ff5b834d8@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rdf8d389271a291dde3b2f99c36918d6cb1e796958af626cc140fee23@%3Ccommits.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rdf8d389271a291dde3b2f99c36918d6cb1e796958af626cc140fee23@%3Ccommits.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/re7326b8655eab931f2a9ce074fd9a1a51b5db11456bee9b48e1e170c@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re7326b8655eab931f2a9ce074fd9a1a51b5db11456bee9b48e1e170c@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/re8ae2670ec456ef1c5a2a661a2838ab2cd00e9efa1e88c069f546f21@%3Ccommits.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re8ae2670ec456ef1c5a2a661a2838ab2cd00e9efa1e88c069f546f21@%3Ccommits.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf28ab6f224b48452afd567dfffb705fbda0fdbbf6535f6bc69d47e91@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf28ab6f224b48452afd567dfffb705fbda0fdbbf6535f6bc69d47e91@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfc1ccfe89332155b72ce17f13a2701d3e7b9ec213324ceb90e79a28a@%3Cdev.ranger.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfc1ccfe89332155b72ce17f13a2701d3e7b9ec213324ceb90e79a28a@%3Cdev.ranger.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html

reference_url

https://security.netapp.com/advisory/ntap-20200327-0002

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200327-0002

reference_url	https://security.netapp.com/advisory/ntap-20200327-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200327-0002/

reference_url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fastjason-en

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-01-fastjason-en

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1816330
reference_id	1816330
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1816330

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-8840

reference_id

CVE-2020-8840

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8840

reference_url

https://github.com/advisories/GHSA-4w82-r329-3q67

reference_id

GHSA-4w82-r329-3q67

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4w82-r329-3q67

reference_url	https://access.redhat.com/errata/RHSA-2020:1644
reference_id	RHSA-2020:1644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1644

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2511
reference_id	RHSA-2020:2511
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2511

reference_url	https://access.redhat.com/errata/RHSA-2020:2512
reference_id	RHSA-2020:2512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2512

reference_url	https://access.redhat.com/errata/RHSA-2020:2513
reference_id	RHSA-2020:2513
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2513

reference_url	https://access.redhat.com/errata/RHSA-2020:2515
reference_id	RHSA-2020:2515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2515

reference_url	https://access.redhat.com/errata/RHSA-2020:2813
reference_id	RHSA-2020:2813
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2813

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://access.redhat.com/errata/RHSA-2020:3196
reference_id	RHSA-2020:3196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3196

reference_url	https://access.redhat.com/errata/RHSA-2020:3197
reference_id	RHSA-2020:3197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3197

reference_url	https://access.redhat.com/errata/RHSA-2020:3779
reference_id	RHSA-2020:3779
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3779

reference_url	https://access.redhat.com/errata/RHSA-2020:4366
reference_id	RHSA-2020:4366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4366

reference_url	https://access.redhat.com/errata/RHSA-2025:1746
reference_id	RHSA-2025:1746
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1746

reference_url	https://usn.ubuntu.com/USN-4813-1/
reference_id	USN-USN-4813-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4813-1/

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.7

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.7

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.3

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f28-qu3v-8fan

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-586p-s82z-hyhn

vulnerability	VCID-5dr4-1wmq-5yex

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-6zfz-tvtr-u3ah

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-bsrt-8ar3-17f9

vulnerability	VCID-dcwr-zjb5-v7gm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-ehr5-2q6j-nbhr

vulnerability	VCID-f1gp-1nbr-a7b2

vulnerability	VCID-fe5h-st4y-6ydd

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-k66r-v663-fud8

vulnerability	VCID-m376-hpnf-vbb1

vulnerability	VCID-myrj-1fsg-mub5

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-pt6j-rvh7-hqh1

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-vaw9-9zyu-83d4

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.3

aliases CVE-2020-8840, GHSA-4w82-r329-3q67

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1cv6-91c6-57dn

url VCID-1mha-2k61-bbc8

vulnerability_id VCID-1mha-2k61-bbc8

summary

references

reference_url

https://access.redhat.com/errata/RHSA-2019:3901

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:3901

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16942.json

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16942.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-16942

reference_id

reference_type

scores

value	0.00426
scoring_system	epss
scoring_elements	0.62568
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-16942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/328a0f833daf6baa443ac3b37c818a0204714b0b

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/328a0f833daf6baa443ac3b37c818a0204714b0b

reference_url

https://github.com/FasterXML/jackson-databind/commit/54aa38d87dcffa5ccc23e64922e9536c82c1b9c8

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/54aa38d87dcffa5ccc23e64922e9536c82c1b9c8

reference_url

https://github.com/FasterXML/jackson-databind/commit/9593e16cf5a3d289a9c584f7123639655de9ddac

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/9593e16cf5a3d289a9c584f7123639655de9ddac

reference_url

https://github.com/FasterXML/jackson-databind/commit/bc67eb11a7cf57561f861ff16f879f1fceb5779f

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/bc67eb11a7cf57561f861ff16f879f1fceb5779f

reference_url

https://github.com/FasterXML/jackson-databind/issues/2478

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2478

reference_url

https://issues.apache.org/jira/browse/GEODE-7255

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/GEODE-7255

reference_url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/7782a937c9259a58337ee36b2961f00e2d744feafc13084e176d0df5@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/7782a937c9259a58337ee36b2961f00e2d744feafc13084e176d0df5@%3Cissues.geode.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954@%3Cissues.geode.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b2e23c94f9dfef53e04c492e5d02e5c75201734be7adc73a49ef2370@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b2e23c94f9dfef53e04c492e5d02e5c75201734be7adc73a49ef2370@%3Cissues.geode.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT

reference_url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20191017-0006

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20191017-0006

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1758187
reference_id	1758187
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1758187

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941530
reference_id	941530
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941530

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-16942

reference_id

CVE-2019-16942

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-16942

reference_url

https://github.com/advisories/GHSA-mx7p-6679-8g3q

reference_id

GHSA-mx7p-6679-8g3q

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mx7p-6679-8g3q

reference_url	https://access.redhat.com/errata/RHSA-2020:0895
reference_id	RHSA-2020:0895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0895

reference_url	https://access.redhat.com/errata/RHSA-2020:0899
reference_id	RHSA-2020:0899
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0899

reference_url	https://access.redhat.com/errata/RHSA-2020:0939
reference_id	RHSA-2020:0939
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0939

reference_url	https://access.redhat.com/errata/RHSA-2020:1644
reference_id	RHSA-2020:1644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1644

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2321
reference_id	RHSA-2020:2321
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2321

reference_url	https://access.redhat.com/errata/RHSA-2020:2333
reference_id	RHSA-2020:2333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2333

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://usn.ubuntu.com/USN-4813-1/
reference_id	USN-USN-4813-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4813-1/

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-586p-s82z-hyhn

vulnerability	VCID-5dr4-1wmq-5yex

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-6zfz-tvtr-u3ah

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-bsrt-8ar3-17f9

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-dcwr-zjb5-v7gm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-ehr5-2q6j-nbhr

vulnerability	VCID-f1gp-1nbr-a7b2

vulnerability	VCID-fe5h-st4y-6ydd

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-k66r-v663-fud8

vulnerability	VCID-m376-hpnf-vbb1

vulnerability	VCID-myrj-1fsg-mub5

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-pt6j-rvh7-hqh1

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-vaw9-9zyu-83d4

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1

aliases CVE-2019-16942, GHSA-mx7p-6679-8g3q

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1mha-2k61-bbc8

url VCID-2347-whvn-fffd

vulnerability_id VCID-2347-whvn-fffd

summary

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14892.json

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14892.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14892

reference_id

reference_type

scores

value	0.00897
scoring_system	epss
scoring_elements	0.75964
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14892

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14892

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14892

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/41b7f9b90149e9d44a65a8261a8deedc7186f6af

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/41b7f9b90149e9d44a65a8261a8deedc7186f6af

reference_url

https://github.com/FasterXML/jackson-databind/commit/819cdbcab51c6da9fb896380f2d46e9b7d4fdc3b

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/819cdbcab51c6da9fb896380f2d46e9b7d4fdc3b

reference_url

https://github.com/FasterXML/jackson-databind/issues/2462

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2462

reference_url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20200904-0005

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200904-0005

reference_url	https://security.netapp.com/advisory/ntap-20200904-0005/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200904-0005/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1758171
reference_id	1758171
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1758171

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-14892

reference_id

CVE-2019-14892

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-14892

reference_url

https://github.com/advisories/GHSA-cf6r-3wgc-h863

reference_id

GHSA-cf6r-3wgc-h863

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cf6r-3wgc-h863

reference_url	https://access.redhat.com/errata/RHSA-2020:0895
reference_id	RHSA-2020:0895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0895

reference_url	https://access.redhat.com/errata/RHSA-2020:0899
reference_id	RHSA-2020:0899
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0899

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2333
reference_id	RHSA-2020:2333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2333

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-586p-s82z-hyhn

vulnerability	VCID-5dr4-1wmq-5yex

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-6zfz-tvtr-u3ah

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-bsrt-8ar3-17f9

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-dcwr-zjb5-v7gm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-ehr5-2q6j-nbhr

vulnerability	VCID-f1gp-1nbr-a7b2

vulnerability	VCID-fe5h-st4y-6ydd

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-k66r-v663-fud8

vulnerability	VCID-m376-hpnf-vbb1

vulnerability	VCID-myrj-1fsg-mub5

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-pt6j-rvh7-hqh1

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vaw9-9zyu-83d4

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10

aliases CVE-2019-14892, GHSA-cf6r-3wgc-h863

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2347-whvn-fffd

url VCID-2xg5-fq26-uubt

vulnerability_id VCID-2xg5-fq26-uubt

summary

references

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16335.json

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16335.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-16335

reference_id

reference_type

scores

value	0.00669
scoring_system	epss
scoring_elements	0.71645
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-16335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/73c1c2cc76e6cdd7f3a5615cbe3207fe96e4d3db

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/73c1c2cc76e6cdd7f3a5615cbe3207fe96e4d3db

reference_url

https://github.com/FasterXML/jackson-databind/issues/2449

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2449

reference_url

https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E

reference_url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E

reference_url

https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20191004-0002

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20191004-0002

reference_url	https://security.netapp.com/advisory/ntap-20191004-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20191004-0002/

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1755831
reference_id	1755831
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1755831

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940498
reference_id	940498
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940498

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-16335

reference_id

CVE-2019-16335

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-16335

reference_url

https://github.com/advisories/GHSA-85cw-hj65-qqv9

reference_id

GHSA-85cw-hj65-qqv9

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-85cw-hj65-qqv9

reference_url	https://access.redhat.com/errata/RHSA-2020:0895
reference_id	RHSA-2020:0895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0895

reference_url	https://access.redhat.com/errata/RHSA-2020:0899
reference_id	RHSA-2020:0899
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0899

reference_url	https://access.redhat.com/errata/RHSA-2020:1644
reference_id	RHSA-2020:1644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1644

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2333
reference_id	RHSA-2020:2333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2333

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://usn.ubuntu.com/USN-4813-1/
reference_id	USN-USN-4813-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4813-1/

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-586p-s82z-hyhn

vulnerability	VCID-5dr4-1wmq-5yex

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-6zfz-tvtr-u3ah

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-bsrt-8ar3-17f9

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-dcwr-zjb5-v7gm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-ehr5-2q6j-nbhr

vulnerability	VCID-f1gp-1nbr-a7b2

vulnerability	VCID-fe5h-st4y-6ydd

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-k66r-v663-fud8

vulnerability	VCID-m376-hpnf-vbb1

vulnerability	VCID-myrj-1fsg-mub5

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-pt6j-rvh7-hqh1

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vaw9-9zyu-83d4

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10

aliases CVE-2019-16335, GHSA-85cw-hj65-qqv9

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2xg5-fq26-uubt

url VCID-44eh-w63c-a3ee

vulnerability_id VCID-44eh-w63c-a3ee

summary

Deserialization of Untrusted Data
FasterXML jackson-databind might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.

references

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19360.json

reference_url

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19360.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-19360

reference_id

reference_type

scores

value	0.06827
scoring_system	epss
scoring_elements	0.9148
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-19360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086

reference_url

https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b

reference_url

https://github.com/FasterXML/jackson-databind/issues/2186

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2186

reference_url

https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8

reference_url

https://issues.apache.org/jira/browse/TINKERPOP-2121

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/TINKERPOP-2121

reference_url

https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E

reference_url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190530-0003

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190530-0003

reference_url	https://security.netapp.com/advisory/ntap-20190530-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190530-0003/

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-19360

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1666482
reference_id	1666482
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1666482

reference_url

reference_id

CVE-2018-19360

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-19360

reference_url

https://github.com/advisories/GHSA-f9hv-mg5h-xcw9

reference_id

GHSA-f9hv-mg5h-xcw9

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-f9hv-mg5h-xcw9

reference_url	https://access.redhat.com/errata/RHSA-2020:2564
reference_id	RHSA-2020:2564
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2564

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

reference_url	https://usn.ubuntu.com/USN-4813-1/
reference_id	USN-USN-4813-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4813-1/

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-586p-s82z-hyhn

vulnerability	VCID-5dr4-1wmq-5yex

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-6zfz-tvtr-u3ah

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-bsrt-8ar3-17f9

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-dcwr-zjb5-v7gm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-ehr5-2q6j-nbhr

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-f1gp-1nbr-a7b2

vulnerability	VCID-fe5h-st4y-6ydd

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-k66r-v663-fud8

vulnerability	VCID-m376-hpnf-vbb1

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-myrj-1fsg-mub5

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-pt6j-rvh7-hqh1

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vaw9-9zyu-83d4

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8

aliases CVE-2018-19360, GHSA-f9hv-mg5h-xcw9

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-44eh-w63c-a3ee

url VCID-4rgp-mhnd-5ue2

vulnerability_id VCID-4rgp-mhnd-5ue2

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42004.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42004.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-42004

reference_id

reference_type

scores

value	0.0025
scoring_system	epss
scoring_elements	0.48446
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-42004

reference_url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88

reference_url

https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1

reference_url

https://github.com/FasterXML/jackson-databind/commit/35de19e7144c4df8ab178b800ba86e80c3d84252

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/35de19e7144c4df8ab178b800ba86e80c3d84252

reference_url

https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea

reference_url

https://github.com/FasterXML/jackson-databind/issues/3582

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/3582

reference_url

https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20221118-0008

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20221118-0008

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-42004

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2135247
reference_id	2135247
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2135247

reference_url

reference_id

CVE-2022-42004

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-42004

reference_url

https://github.com/advisories/GHSA-rgv9-q543-rqg4

reference_id

GHSA-rgv9-q543-rqg4

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rgv9-q543-rqg4

reference_url	https://access.redhat.com/errata/RHSA-2022:7435
reference_id	RHSA-2022:7435
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7435

reference_url	https://access.redhat.com/errata/RHSA-2022:8781
reference_id	RHSA-2022:8781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8781

reference_url	https://access.redhat.com/errata/RHSA-2022:8876
reference_id	RHSA-2022:8876
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8876

reference_url	https://access.redhat.com/errata/RHSA-2022:8889
reference_id	RHSA-2022:8889
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8889

reference_url	https://access.redhat.com/errata/RHSA-2022:9023
reference_id	RHSA-2022:9023
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9023

reference_url	https://access.redhat.com/errata/RHSA-2022:9032
reference_id	RHSA-2022:9032
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9032

reference_url	https://access.redhat.com/errata/RHSA-2023:0189
reference_id	RHSA-2023:0189
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0189

reference_url	https://access.redhat.com/errata/RHSA-2023:0264
reference_id	RHSA-2023:0264
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0264

reference_url	https://access.redhat.com/errata/RHSA-2023:0469
reference_id	RHSA-2023:0469
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0469

reference_url	https://access.redhat.com/errata/RHSA-2023:0471
reference_id	RHSA-2023:0471
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0471

reference_url	https://access.redhat.com/errata/RHSA-2023:0552
reference_id	RHSA-2023:0552
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0552

reference_url	https://access.redhat.com/errata/RHSA-2023:0553
reference_id	RHSA-2023:0553
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0553

reference_url	https://access.redhat.com/errata/RHSA-2023:0554
reference_id	RHSA-2023:0554
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0554

reference_url	https://access.redhat.com/errata/RHSA-2023:0556
reference_id	RHSA-2023:0556
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0556

reference_url	https://access.redhat.com/errata/RHSA-2023:0713
reference_id	RHSA-2023:0713
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0713

reference_url	https://access.redhat.com/errata/RHSA-2023:1006
reference_id	RHSA-2023:1006
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1006

reference_url	https://access.redhat.com/errata/RHSA-2023:1064
reference_id	RHSA-2023:1064
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1064

reference_url	https://access.redhat.com/errata/RHSA-2023:2097
reference_id	RHSA-2023:2097
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2097

reference_url	https://access.redhat.com/errata/RHSA-2023:2100
reference_id	RHSA-2023:2100
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2100

reference_url	https://access.redhat.com/errata/RHSA-2023:2135
reference_id	RHSA-2023:2135
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2135

reference_url	https://access.redhat.com/errata/RHSA-2023:3223
reference_id	RHSA-2023:3223
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3223

reference_url	https://access.redhat.com/errata/RHSA-2023:3641
reference_id	RHSA-2023:3641
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3641

reference_url	https://access.redhat.com/errata/RHSA-2023:3663
reference_id	RHSA-2023:3663
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3663

reference_url	https://access.redhat.com/errata/RHSA-2025:1746
reference_id	RHSA-2025:1746
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1746

reference_url	https://access.redhat.com/errata/RHSA-2025:1747
reference_id	RHSA-2025:1747
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1747

fixed_packages

url	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1
purl	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hwqa-xmru-zybc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4

aliases CVE-2022-42004, GHSA-rgv9-q543-rqg4

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4rgp-mhnd-5ue2

url VCID-75xy-rcyz-augd

vulnerability_id VCID-75xy-rcyz-augd

summary

Deserialization of Untrusted Data
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the `readValue` method of the `ObjectMapper`.

references

reference_url

https://access.redhat.com/errata/RHSA-2017:3189

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:3189

reference_url

https://access.redhat.com/errata/RHSA-2017:3190

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:3190

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:0576

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:0576

reference_url

https://access.redhat.com/errata/RHSA-2018:0577

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:0577

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2927

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2927

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15095.json

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15095.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15095

reference_id

reference_type

scores

value	0.07891
scoring_system	epss
scoring_elements	0.92145
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15095

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15095
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15095

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/a054585e2175ad0882f07bcafedecfac86230f1b

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/a054585e2175ad0882f07bcafedecfac86230f1b

reference_url

https://github.com/FasterXML/jackson-databind/commit/a3939d36edcc755c8af55bdc1969e0fa8438f9db

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/a3939d36edcc755c8af55bdc1969e0fa8438f9db

reference_url

https://github.com/FasterXML/jackson-databind/commit/ddfddfba6414adbecaff99684ef66eebd3a92e92

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/ddfddfba6414adbecaff99684ef66eebd3a92e92

reference_url

https://github.com/FasterXML/jackson-databind/commit/e865a7a4464da63ded9f4b1a2328ad85c9ded78b

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/e865a7a4464da63ded9f4b1a2328ad85c9ded78b

reference_url

https://github.com/FasterXML/jackson-databind/commit/e8f043d1aac9b82eee907e0f0c3abbdea723a935

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/e8f043d1aac9b82eee907e0f0c3abbdea723a935

reference_url

https://github.com/FasterXML/jackson-databind/issues/1680

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/1680

reference_url

https://github.com/FasterXML/jackson-databind/issues/1737

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/1737

reference_url

https://github.com/tolbertam/jackson-databind/commit/80566a0f96b2003863f9d8f9ccc3b562001e147b

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/tolbertam/jackson-databind/commit/80566a0f96b2003863f9d8f9ccc3b562001e147b

reference_url

https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html

reference_url

https://security.netapp.com/advisory/ntap-20171214-0003

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20171214-0003

reference_url

https://web.archive.org/web/20200401000000*/http://www.securityfocus.com/bid/103880

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200401000000*/http://www.securityfocus.com/bid/103880

reference_url

https://web.archive.org/web/20201221192044/http://www.securitytracker.com/id/1039769

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201221192044/http://www.securitytracker.com/id/1039769

reference_url

https://www.debian.org/security/2017/dsa-4037

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2017/dsa-4037

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

reference_url

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

reference_url

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

reference_url	http://www.securityfocus.com/bid/103880
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103880

reference_url	http://www.securitytracker.com/id/1039769
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039769

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1506612
reference_id	1506612
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1506612

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-15095

reference_id

CVE-2017-15095

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-15095

reference_url

https://github.com/advisories/GHSA-h592-38cm-4ggp

reference_id

GHSA-h592-38cm-4ggp

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h592-38cm-4ggp

reference_url	https://usn.ubuntu.com/4741-1/
reference_id	USN-4741-1
reference_type
scores
url	https://usn.ubuntu.com/4741-1/

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.2

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-44eh-w63c-a3ee

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-e1e6-cdx6-53ch

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-eged-urty-t3c1

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-m4m4-m1xe-yfcq

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mcbm-vdxz-hybw

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-mud8-r5hz-hkgd

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-v4na-3ff4-tucj

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-vzuh-xhe1-xbhz

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.2

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.10

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-44eh-w63c-a3ee

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-e1e6-cdx6-53ch

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-eged-urty-t3c1

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-m4m4-m1xe-yfcq

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mcbm-vdxz-hybw

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-mud8-r5hz-hkgd

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-v4na-3ff4-tucj

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-vzuh-xhe1-xbhz

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.10

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-44eh-w63c-a3ee

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-e1e6-cdx6-53ch

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-eged-urty-t3c1

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-m4m4-m1xe-yfcq

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mcbm-vdxz-hybw

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-mud8-r5hz-hkgd

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-v4na-3ff4-tucj

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-vzuh-xhe1-xbhz

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.0.pr1

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.0.pr1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-44eh-w63c-a3ee

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-586p-s82z-hyhn

vulnerability	VCID-5dr4-1wmq-5yex

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-6zfz-tvtr-u3ah

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-bsrt-8ar3-17f9

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-dcwr-zjb5-v7gm

vulnerability	VCID-e1e6-cdx6-53ch

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-eged-urty-t3c1

vulnerability	VCID-ehr5-2q6j-nbhr

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-f1gp-1nbr-a7b2

vulnerability	VCID-fe5h-st4y-6ydd

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-k66r-v663-fud8

vulnerability	VCID-m376-hpnf-vbb1

vulnerability	VCID-m4m4-m1xe-yfcq

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mcbm-vdxz-hybw

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-mud8-r5hz-hkgd

vulnerability	VCID-myrj-1fsg-mub5

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-pt6j-rvh7-hqh1

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-v4na-3ff4-tucj

vulnerability	VCID-vaw9-9zyu-83d4

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-vzuh-xhe1-xbhz

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.0.pr1

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.1

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-44eh-w63c-a3ee

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-586p-s82z-hyhn

vulnerability	VCID-5dr4-1wmq-5yex

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-6zfz-tvtr-u3ah

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-bsrt-8ar3-17f9

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-dcwr-zjb5-v7gm

vulnerability	VCID-e1e6-cdx6-53ch

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-eged-urty-t3c1

vulnerability	VCID-ehr5-2q6j-nbhr

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-f1gp-1nbr-a7b2

vulnerability	VCID-fe5h-st4y-6ydd

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-k66r-v663-fud8

vulnerability	VCID-m376-hpnf-vbb1

vulnerability	VCID-m4m4-m1xe-yfcq

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mcbm-vdxz-hybw

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-mud8-r5hz-hkgd

vulnerability	VCID-myrj-1fsg-mub5

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-pt6j-rvh7-hqh1

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-v4na-3ff4-tucj

vulnerability	VCID-vaw9-9zyu-83d4

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-vzuh-xhe1-xbhz

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.1

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-44eh-w63c-a3ee

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-586p-s82z-hyhn

vulnerability	VCID-5dr4-1wmq-5yex

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-6zfz-tvtr-u3ah

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-bsrt-8ar3-17f9

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-dcwr-zjb5-v7gm

vulnerability	VCID-e1e6-cdx6-53ch

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-eged-urty-t3c1

vulnerability	VCID-ehr5-2q6j-nbhr

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-f1gp-1nbr-a7b2

vulnerability	VCID-fe5h-st4y-6ydd

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-k66r-v663-fud8

vulnerability	VCID-m376-hpnf-vbb1

vulnerability	VCID-m4m4-m1xe-yfcq

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mcbm-vdxz-hybw

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-myrj-1fsg-mub5

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-pt6j-rvh7-hqh1

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-v4na-3ff4-tucj

vulnerability	VCID-vaw9-9zyu-83d4

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-vzuh-xhe1-xbhz

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4

aliases CVE-2017-15095, GHSA-h592-38cm-4ggp

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-75xy-rcyz-augd

url VCID-7uue-tq9n-s3e9

vulnerability_id VCID-7uue-tq9n-s3e9

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36187.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36187.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36187

reference_id

reference_type

scores

value	0.02335
scoring_system	epss
scoring_elements	0.8511
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36187

reference_url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36187
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36187

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1

reference_url

https://github.com/FasterXML/jackson-databind/issues/2997

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2997

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_url	https://security.netapp.com/advisory/ntap-20210205-0005/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210205-0005/

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1913933
reference_id	1913933
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1913933

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-36187

reference_id

CVE-2020-36187

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-36187

reference_url

https://github.com/advisories/GHSA-r695-7vr9-jgc2

reference_id

GHSA-r695-7vr9-jgc2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r695-7vr9-jgc2

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-vqwq-ucrm-vucy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8

aliases CVE-2020-36187, GHSA-r695-7vr9-jgc2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7uue-tq9n-s3e9

url VCID-9a71-a3a7-jybg

vulnerability_id VCID-9a71-a3a7-jybg

summary

Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36185.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36185.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36185

reference_id

reference_type

scores

value	0.0295
scoring_system	epss
scoring_elements	0.86702
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36185

reference_url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36185
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36185

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a

reference_url

https://github.com/FasterXML/jackson-databind/issues/2998

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2998

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_url	https://security.netapp.com/advisory/ntap-20210205-0005/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210205-0005/

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1913929
reference_id	1913929
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1913929

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-36185

reference_id

CVE-2020-36185

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-36185

reference_url

https://github.com/advisories/GHSA-8w26-6f25-cm9x

reference_id

GHSA-8w26-6f25-cm9x

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8w26-6f25-cm9x

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-vqwq-ucrm-vucy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8

aliases CVE-2020-36185, GHSA-8w26-6f25-cm9x

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9a71-a3a7-jybg

url VCID-9hq1-c81m-4kdb

vulnerability_id VCID-9hq1-c81m-4kdb

summary

Improper Input Validation
Fasterxml Jackson does not properly validate user input leading to a DoS. Specifically, deserializing malicious input of very large values in the nanoseconds field of a time value.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000873.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000873.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000873

reference_id

reference_type

scores

value	0.02189
scoring_system	epss
scoring_elements	0.84662
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000873

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1665601

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1665601

reference_url

https://github.com/FasterXML/jackson-modules-java8

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-modules-java8

reference_url

https://github.com/FasterXML/jackson-modules-java8/issues/90

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-modules-java8/issues/90

reference_url

https://github.com/FasterXML/jackson-modules-java8/pull/87

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-modules-java8/pull/87

reference_url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20200904-0004

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200904-0004

reference_url	https://security.netapp.com/advisory/ntap-20200904-0004/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200904-0004/

reference_url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1000873

reference_id

CVE-2018-1000873

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1000873

reference_url

https://github.com/advisories/GHSA-h4x4-5qp2-wp46

reference_id

GHSA-h4x4-5qp2-wp46

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-h4x4-5qp2-wp46

reference_url	https://access.redhat.com/errata/RHSA-2020:5568
reference_id	RHSA-2020:5568
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5568

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-586p-s82z-hyhn

vulnerability	VCID-5dr4-1wmq-5yex

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-6zfz-tvtr-u3ah

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-bsrt-8ar3-17f9

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-dcwr-zjb5-v7gm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-ehr5-2q6j-nbhr

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-f1gp-1nbr-a7b2

vulnerability	VCID-fe5h-st4y-6ydd

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-k66r-v663-fud8

vulnerability	VCID-m376-hpnf-vbb1

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-myrj-1fsg-mub5

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-pt6j-rvh7-hqh1

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vaw9-9zyu-83d4

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8

aliases CVE-2018-1000873, GHSA-h4x4-5qp2-wp46

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9hq1-c81m-4kdb

url VCID-c1xq-tfsz-m7e7

vulnerability_id VCID-c1xq-tfsz-m7e7

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20330.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20330.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-20330

reference_id

reference_type

scores

value	0.01914
scoring_system	epss
scoring_elements	0.83615
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-20330

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/eb254813cc822d0af015ce8fe05febf50721dc53

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/eb254813cc822d0af015ce8fe05febf50721dc53

reference_url

https://github.com/FasterXML/jackson-databind/commit/fc4214a883dc087070f25da738ef0d49c2f3387e

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/fc4214a883dc087070f25da738ef0d49c2f3387e

reference_url

https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2

reference_url

https://github.com/FasterXML/jackson-databind/issues/2526

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2526

reference_url

https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d@%3Cdev.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d@%3Cdev.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2c77dd6ab8344285bd8e481b57cf3029965a4b0036eefccef74cdd44@%3Cnotifications.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r2c77dd6ab8344285bd8e481b57cf3029965a4b0036eefccef74cdd44@%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3f8180d0d25a7c6473ebb9714b0c1d19a73f455ae70d0c5fefc17e6c@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3f8180d0d25a7c6473ebb9714b0c1d19a73f455ae70d0c5fefc17e6c@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r428735963bee7cb99877b88d3228e28ec28af64646455c4f3e7a3c94@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r428735963bee7cb99877b88d3228e28ec28af64646455c4f3e7a3c94@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r50f513772f12e1babf65c7c2b9c16425bac2d945351879e2e267517f@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r50f513772f12e1babf65c7c2b9c16425bac2d945351879e2e267517f@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r5c14fdcabdeaba258857bcb67198652e4dce1d33ddc590cd81d82393@%3Cdev.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r5c14fdcabdeaba258857bcb67198652e4dce1d33ddc590cd81d82393@%3Cdev.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7efbe7d04625425b3@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7efbe7d04625425b3@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r5d3d10fdf28110da3f9ac1b7d08d7e252f98d7d37ce0a6bd139a2e4f@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r5d3d10fdf28110da3f9ac1b7d08d7e252f98d7d37ce0a6bd139a2e4f@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r67f4d4c48197454b83d62afbed8bebbda3764e6e3a6e26a848961764@%3Ccommits.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r67f4d4c48197454b83d62afbed8bebbda3764e6e3a6e26a848961764@%3Ccommits.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r707d23bb9ee245f50aa909add0da6e8d8f24719b1278ddd99d2428b2@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r707d23bb9ee245f50aa909add0da6e8d8f24719b1278ddd99d2428b2@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7a0821b44247a1e6c6fe5f2943b90ebc4f80a8d1fb0aa9a8b29a59a2@%3Ccommits.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r7a0821b44247a1e6c6fe5f2943b90ebc4f80a8d1fb0aa9a8b29a59a2@%3Ccommits.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r7fb123e7dad49af5886cfec7135c0fd5b74e4c67af029e1dc91ba744@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r7fb123e7dad49af5886cfec7135c0fd5b74e4c67af029e1dc91ba744@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8831b7fa5ca87a1cf23ee08d6dedb7877a964c1d2bd869af24056a63@%3Ccommits.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8831b7fa5ca87a1cf23ee08d6dedb7877a964c1d2bd869af24056a63@%3Ccommits.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r909c822409a276ba04dc2ae31179b16f6864ba02c4f9911bdffebf95@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r909c822409a276ba04dc2ae31179b16f6864ba02c4f9911bdffebf95@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra2e572f568de8df5ba151e6aebb225a0629faaf0476bf7c7ed877af8@%3Cnotifications.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra2e572f568de8df5ba151e6aebb225a0629faaf0476bf7c7ed877af8@%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra5ce96faec37c26b0aa15b4b6a8b1cbb145a748653e56ae83e9685d0@%3Cnotifications.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra5ce96faec37c26b0aa15b4b6a8b1cbb145a748653e56ae83e9685d0@%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra8a80dbc7319916946397823aec0d893d24713cbf7b5aee0e957298c@%3Cdev.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra8a80dbc7319916946397823aec0d893d24713cbf7b5aee0e957298c@%3Cdev.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb532fed78d031fff477fd840b81946f6d1200f93a63698dae65aa528@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb532fed78d031fff477fd840b81946f6d1200f93a63698dae65aa528@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd1f346227e11fc515914f3a7b20d81543e51e5822ba71baa0452634a@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd1f346227e11fc515914f3a7b20d81543e51e5822ba71baa0452634a@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd49cfa41bbb71ef33b53736a6af2aa8ba88c2106e30f2a34902a87d2@%3Cnotifications.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd49cfa41bbb71ef33b53736a6af2aa8ba88c2106e30f2a34902a87d2@%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd6c6fef14944f3dcfb58d35f9317eb1c32a700e86c1b5231e45d3d0b@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd6c6fef14944f3dcfb58d35f9317eb1c32a700e86c1b5231e45d3d0b@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfa57d9c2a27d3af14c69607fb1a3da00e758b2092aa88eb6a51b6e99@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfa57d9c2a27d3af14c69607fb1a3da00e758b2092aa88eb6a51b6e99@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/02/msg00020.html

reference_url

https://security.netapp.com/advisory/ntap-20200127-0004

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200127-0004

reference_url	https://security.netapp.com/advisory/ntap-20200127-0004/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200127-0004/

reference_url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1793154
reference_id	1793154
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1793154

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-20330

reference_id

CVE-2019-20330

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-20330

reference_url

https://github.com/advisories/GHSA-gww7-p5w4-wrfv

reference_id

GHSA-gww7-p5w4-wrfv

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gww7-p5w4-wrfv

reference_url	https://access.redhat.com/errata/RHSA-2020:0939
reference_id	RHSA-2020:0939
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0939

reference_url	https://access.redhat.com/errata/RHSA-2020:0951
reference_id	RHSA-2020:0951
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0951

reference_url	https://access.redhat.com/errata/RHSA-2020:1644
reference_id	RHSA-2020:1644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1644

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2333
reference_id	RHSA-2020:2333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2333

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://access.redhat.com/errata/RHSA-2020:3196
reference_id	RHSA-2020:3196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3196

reference_url	https://access.redhat.com/errata/RHSA-2020:3197
reference_id	RHSA-2020:3197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3197

reference_url	https://usn.ubuntu.com/USN-4813-1/
reference_id	USN-USN-4813-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4813-1/

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.7

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.7

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.2

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-586p-s82z-hyhn

vulnerability	VCID-5dr4-1wmq-5yex

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-6zfz-tvtr-u3ah

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-bsrt-8ar3-17f9

vulnerability	VCID-dcwr-zjb5-v7gm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-ehr5-2q6j-nbhr

vulnerability	VCID-f1gp-1nbr-a7b2

vulnerability	VCID-fe5h-st4y-6ydd

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-k66r-v663-fud8

vulnerability	VCID-m376-hpnf-vbb1

vulnerability	VCID-myrj-1fsg-mub5

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-pt6j-rvh7-hqh1

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-vaw9-9zyu-83d4

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.2

aliases CVE-2019-20330, GHSA-gww7-p5w4-wrfv

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c1xq-tfsz-m7e7

url VCID-cqsm-dnc5-v3fm

vulnerability_id VCID-cqsm-dnc5-v3fm

summary

Deserialization of Untrusted Data
FasterXML jackson-databind might allow remote attackers to execute arbitrary code by leveraging failure to block the `slf4j-ext` class from polymorphic deserialization.

references

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14718.json

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14718.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14718

reference_id

reference_type

scores

value	0.14845
scoring_system	epss
scoring_elements	0.9463
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14718

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44

reference_url

https://github.com/FasterXML/jackson-databind/issues/2097

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2097

reference_url

https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7

reference_url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286@%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f@%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df@%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190530-0003

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190530-0003

reference_url	https://security.netapp.com/advisory/ntap-20190530-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190530-0003/

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_url

http://www.securityfocus.com/bid/106601

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/106601

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1666415
reference_id	1666415
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1666415

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-14718

reference_id

CVE-2018-14718

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-14718

reference_url

https://github.com/advisories/GHSA-645p-88qh-w398

reference_id

GHSA-645p-88qh-w398

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-645p-88qh-w398

reference_url	https://access.redhat.com/errata/RHSA-2020:2564
reference_id	RHSA-2020:2564
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2564

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

reference_url	https://usn.ubuntu.com/USN-4813-1/
reference_id	USN-USN-4813-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4813-1/

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-44eh-w63c-a3ee

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-586p-s82z-hyhn

vulnerability	VCID-5dr4-1wmq-5yex

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-6zfz-tvtr-u3ah

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-bsrt-8ar3-17f9

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-dcwr-zjb5-v7gm

vulnerability	VCID-e1e6-cdx6-53ch

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-ehr5-2q6j-nbhr

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-f1gp-1nbr-a7b2

vulnerability	VCID-fe5h-st4y-6ydd

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-k66r-v663-fud8

vulnerability	VCID-m376-hpnf-vbb1

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-myrj-1fsg-mub5

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-pt6j-rvh7-hqh1

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-v4na-3ff4-tucj

vulnerability	VCID-vaw9-9zyu-83d4

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7

aliases CVE-2018-14718, GHSA-645p-88qh-w398

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cqsm-dnc5-v3fm

url VCID-e1e6-cdx6-53ch

vulnerability_id VCID-e1e6-cdx6-53ch

summary

Deserialization of Untrusted Data
FasterXML jackson-databind might allow attackers to have unspecified impact by leveraging failure to block the `openjpa` class from polymorphic deserialization.

references

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19361.json

reference_url

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19361.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-19361

reference_id

reference_type

scores

value	0.02501
scoring_system	epss
scoring_elements	0.85592
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-19361

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086

reference_url

https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b

reference_url

https://github.com/FasterXML/jackson-databind/issues/2186

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2186

reference_url

https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8

reference_url

https://issues.apache.org/jira/browse/TINKERPOP-2121

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/TINKERPOP-2121

reference_url

https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E

reference_url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190530-0003

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190530-0003

reference_url	https://security.netapp.com/advisory/ntap-20190530-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190530-0003/

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-19361

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1666484
reference_id	1666484
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1666484

reference_url

reference_id

CVE-2018-19361

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-19361

reference_url

https://github.com/advisories/GHSA-mx9v-gmh4-mgqw

reference_id

GHSA-mx9v-gmh4-mgqw

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-mx9v-gmh4-mgqw

reference_url	https://access.redhat.com/errata/RHSA-2020:2564
reference_id	RHSA-2020:2564
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2564

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

reference_url	https://usn.ubuntu.com/USN-4813-1/
reference_id	USN-USN-4813-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4813-1/

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-586p-s82z-hyhn

vulnerability	VCID-5dr4-1wmq-5yex

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-6zfz-tvtr-u3ah

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-bsrt-8ar3-17f9

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-dcwr-zjb5-v7gm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-ehr5-2q6j-nbhr

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-f1gp-1nbr-a7b2

vulnerability	VCID-fe5h-st4y-6ydd

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-k66r-v663-fud8

vulnerability	VCID-m376-hpnf-vbb1

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-myrj-1fsg-mub5

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-pt6j-rvh7-hqh1

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vaw9-9zyu-83d4

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8

aliases CVE-2018-19361, GHSA-mx9v-gmh4-mgqw

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e1e6-cdx6-53ch

url VCID-ef66-5m2v-hugd

vulnerability_id VCID-ef66-5m2v-hugd

summary

Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24750.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24750.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-24750

reference_id

reference_type

scores

value	0.02052
scoring_system	epss
scoring_elements	0.84164
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-24750

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24750
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24750

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/2118e71325486c68f089a9761c9d8a11b4ddd1cb

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/2118e71325486c68f089a9761c9d8a11b4ddd1cb

reference_url

https://github.com/FasterXML/jackson-databind/commit/6cc9f1a1af323cd156f5668a47e43bab324ae16f

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/6cc9f1a1af323cd156f5668a47e43bab324ae16f

reference_url

https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b

reference_url

https://github.com/FasterXML/jackson-databind/issues/2798

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2798

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20201009-0003

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20201009-0003

reference_url	https://security.netapp.com/advisory/ntap-20201009-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20201009-0003/

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1882310
reference_id	1882310
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1882310

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-24750

reference_id

CVE-2020-24750

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-24750

reference_url

https://github.com/advisories/GHSA-qjw2-hr98-qgfh

reference_id

GHSA-qjw2-hr98-qgfh

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qjw2-hr98-qgfh

reference_url	https://access.redhat.com/errata/RHSA-2020:4173
reference_id	RHSA-2020:4173
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4173

reference_url	https://access.redhat.com/errata/RHSA-2020:5635
reference_id	RHSA-2020:5635
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5635

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6

aliases CVE-2020-24750, GHSA-qjw2-hr98-qgfh

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ef66-5m2v-hugd

url VCID-eged-urty-t3c1

vulnerability_id VCID-eged-urty-t3c1

summary

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12023.json

reference_url

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12023.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12023

reference_id

reference_type

scores

value	0.04938
scoring_system	epss
scoring_elements	0.89787
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12023

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a

reference_url	https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226
reference_id
reference_type
scores
url	https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a

reference_url

https://github.com/FasterXML/jackson-databind/commit/7487cf7eb14be2f65a1eb108e8629c07ef45e0a

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/7487cf7eb14be2f65a1eb108e8629c07ef45e0a

reference_url

https://github.com/FasterXML/jackson-databind/commit/bf261d404c2f79fd3406237710d40ebb03c99d84

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/bf261d404c2f79fd3406237710d40ebb03c99d84

reference_url

https://github.com/FasterXML/jackson-databind/issues/2058

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2058

reference_url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190530-0003

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190530-0003

reference_url

https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

reference_url

http://www.securityfocus.com/bid/105659

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/105659

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1671096
reference_id	1671096
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1671096

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-12023

reference_id

CVE-2018-12023

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-12023

reference_url

https://github.com/advisories/GHSA-6wqp-v4v6-c87c

reference_id

GHSA-6wqp-v4v6-c87c

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6wqp-v4v6-c87c

reference_url	https://usn.ubuntu.com/USN-4813-1/
reference_id	USN-USN-4813-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4813-1/

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.4

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-44eh-w63c-a3ee

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-e1e6-cdx6-53ch

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-mud8-r5hz-hkgd

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-v4na-3ff4-tucj

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.4

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.2

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-44eh-w63c-a3ee

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-e1e6-cdx6-53ch

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-v4na-3ff4-tucj

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.2

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-44eh-w63c-a3ee

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-586p-s82z-hyhn

vulnerability	VCID-5dr4-1wmq-5yex

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-6zfz-tvtr-u3ah

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-bsrt-8ar3-17f9

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-dcwr-zjb5-v7gm

vulnerability	VCID-e1e6-cdx6-53ch

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-ehr5-2q6j-nbhr

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-f1gp-1nbr-a7b2

vulnerability	VCID-fe5h-st4y-6ydd

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-k66r-v663-fud8

vulnerability	VCID-m376-hpnf-vbb1

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-myrj-1fsg-mub5

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-pt6j-rvh7-hqh1

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-v4na-3ff4-tucj

vulnerability	VCID-vaw9-9zyu-83d4

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6

aliases CVE-2018-12023, GHSA-6wqp-v4v6-c87c

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eged-urty-t3c1

url VCID-esct-3rbr-tbey

vulnerability_id VCID-esct-3rbr-tbey

summary

references

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17267.json

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17267.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-17267

reference_id

reference_type

scores

value	0.01228
scoring_system	epss
scoring_elements	0.79465
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-17267

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17267
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17267

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/191a4cdf87b56d2ddddb77edd895ee756b7f75eb

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/191a4cdf87b56d2ddddb77edd895ee756b7f75eb

reference_url

https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10

reference_url

https://github.com/FasterXML/jackson-databind/issues/2460

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2460

reference_url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9d727fc681fb3828794acbefcaee31393742b4d73a29461ccd9597a8@%3Cdev.skywalking.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9d727fc681fb3828794acbefcaee31393742b4d73a29461ccd9597a8@%3Cdev.skywalking.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html

reference_url

https://security.netapp.com/advisory/ntap-20191017-0006

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20191017-0006

reference_url	https://security.netapp.com/advisory/ntap-20191017-0006/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20191017-0006/

reference_url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1758167
reference_id	1758167
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1758167

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-17267

reference_id

CVE-2019-17267

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-17267

reference_url

https://github.com/advisories/GHSA-f3j5-rmmp-3fc5

reference_id

GHSA-f3j5-rmmp-3fc5

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f3j5-rmmp-3fc5

reference_url	https://access.redhat.com/errata/RHSA-2020:0895
reference_id	RHSA-2020:0895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0895

reference_url	https://access.redhat.com/errata/RHSA-2020:0899
reference_id	RHSA-2020:0899
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0899

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2321
reference_id	RHSA-2020:2321
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2321

reference_url	https://access.redhat.com/errata/RHSA-2020:2333
reference_id	RHSA-2020:2333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2333

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://usn.ubuntu.com/USN-4813-1/
reference_id	USN-USN-4813-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4813-1/

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-586p-s82z-hyhn

vulnerability	VCID-5dr4-1wmq-5yex

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-6zfz-tvtr-u3ah

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-bsrt-8ar3-17f9

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-dcwr-zjb5-v7gm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-ehr5-2q6j-nbhr

vulnerability	VCID-f1gp-1nbr-a7b2

vulnerability	VCID-fe5h-st4y-6ydd

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-k66r-v663-fud8

vulnerability	VCID-m376-hpnf-vbb1

vulnerability	VCID-myrj-1fsg-mub5

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-pt6j-rvh7-hqh1

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vaw9-9zyu-83d4

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10

aliases CVE-2019-17267, GHSA-f3j5-rmmp-3fc5

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-esct-3rbr-tbey

url VCID-g7ww-bshs-jyen

vulnerability_id VCID-g7ww-bshs-jyen

summary

Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36183.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36183.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36183

reference_id

reference_type

scores

value	0.02241
scoring_system	epss
scoring_elements	0.84838
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36183

reference_url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/12e23c962ffb4cf1857c5461d72ae54cc8008f29

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/12e23c962ffb4cf1857c5461d72ae54cc8008f29

reference_url

https://github.com/FasterXML/jackson-databind/issues/3003

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/3003

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1913927
reference_id	1913927
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1913927

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-36183

reference_id

CVE-2020-36183

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-36183

reference_url

https://github.com/advisories/GHSA-9m6f-7xcq-8vf8

reference_id

GHSA-9m6f-7xcq-8vf8

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9m6f-7xcq-8vf8

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-vqwq-ucrm-vucy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8

aliases CVE-2020-36183, GHSA-9m6f-7xcq-8vf8

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g7ww-bshs-jyen

url VCID-hev2-k3fu-kbeh

vulnerability_id VCID-hev2-k3fu-kbeh

summary

references

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14540.json

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14540.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14540

reference_id

reference_type

scores

value	0.06454
scoring_system	epss
scoring_elements	0.91213
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14540

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x

reference_url

https://github.com/FasterXML/jackson-databind/commit/73c1c2cc76e6cdd7f3a5615cbe3207fe96e4d3db

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/73c1c2cc76e6cdd7f3a5615cbe3207fe96e4d3db

reference_url

https://github.com/FasterXML/jackson-databind/commit/d4983c740fec7d5576b207a8c30a63d3ea7443de

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/d4983c740fec7d5576b207a8c30a63d3ea7443de

reference_url

https://github.com/FasterXML/jackson-databind/issues/2410

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2410

reference_url

https://github.com/FasterXML/jackson-databind/issues/2449

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2449

reference_url

https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E

reference_url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6@%3Cnotifications.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a4f2c9fb36642a48912cdec6836ec00e497427717c5d377f8d7ccce6@%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E

reference_url

https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540@%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540@%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20191004-0002

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20191004-0002

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1755849
reference_id	1755849
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1755849

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940498
reference_id	940498
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940498

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-14540

reference_id

CVE-2019-14540

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-14540

reference_url

https://github.com/advisories/GHSA-h822-r4r5-v8jg

reference_id

GHSA-h822-r4r5-v8jg

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h822-r4r5-v8jg

reference_url	https://access.redhat.com/errata/RHSA-2020:0895
reference_id	RHSA-2020:0895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0895

reference_url	https://access.redhat.com/errata/RHSA-2020:0899
reference_id	RHSA-2020:0899
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0899

reference_url	https://access.redhat.com/errata/RHSA-2020:1644
reference_id	RHSA-2020:1644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1644

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2321
reference_id	RHSA-2020:2321
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2321

reference_url	https://access.redhat.com/errata/RHSA-2020:2333
reference_id	RHSA-2020:2333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2333

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://usn.ubuntu.com/USN-4813-1/
reference_id	USN-USN-4813-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4813-1/

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-586p-s82z-hyhn

vulnerability	VCID-5dr4-1wmq-5yex

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-6zfz-tvtr-u3ah

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-bsrt-8ar3-17f9

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-dcwr-zjb5-v7gm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-ehr5-2q6j-nbhr

vulnerability	VCID-f1gp-1nbr-a7b2

vulnerability	VCID-fe5h-st4y-6ydd

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-k66r-v663-fud8

vulnerability	VCID-m376-hpnf-vbb1

vulnerability	VCID-myrj-1fsg-mub5

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-pt6j-rvh7-hqh1

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vaw9-9zyu-83d4

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10

aliases CVE-2019-14540, GHSA-h822-r4r5-v8jg

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hev2-k3fu-kbeh

url VCID-hwqa-xmru-zybc

vulnerability_id VCID-hwqa-xmru-zybc

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42003.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42003.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-42003

reference_id

reference_type

scores

value	0.00317
scoring_system	epss
scoring_elements	0.55055
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-42003

reference_url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/blob/2.13/release-notes/VERSION-2.x

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/blob/2.13/release-notes/VERSION-2.x

reference_url

https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1

reference_url

https://github.com/FasterXML/jackson-databind/commit/2c4a601c626f7790cad9d3c322d244e182838288

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/2c4a601c626f7790cad9d3c322d244e182838288

reference_url

https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc

reference_url

https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea

reference_url

https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45

reference_url

https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33

reference_url

https://github.com/FasterXML/jackson-databind/commits/jackson-databind-2.4.0-rc1?after=75b97b8519f0d50c62523ad85170d80a197a2c86+174&branch=jackson-databind-2.4.0-rc1&qualified_name=refs%2Ftags%2Fjackson-databind-2.4.0-rc1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.13.4.1...jackson-databind-2.13.4.2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.13.4.1...jackson-databind-2.13.4.2

reference_url

https://github.com/FasterXML/jackson-databind/issues/3590

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/3590

reference_url

https://github.com/FasterXML/jackson-databind/issues/3627

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/3627

reference_url

https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20221124-0004

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20221124-0004

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-42003

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2135244
reference_id	2135244
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2135244

reference_url

reference_id

CVE-2022-42003

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-42003

reference_url

https://github.com/advisories/GHSA-jjjh-jjxp-wpff

reference_id

GHSA-jjjh-jjxp-wpff

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jjjh-jjxp-wpff

reference_url	https://access.redhat.com/errata/RHSA-2022:7435
reference_id	RHSA-2022:7435
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7435

reference_url	https://access.redhat.com/errata/RHSA-2022:8781
reference_id	RHSA-2022:8781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8781

reference_url	https://access.redhat.com/errata/RHSA-2022:8876
reference_id	RHSA-2022:8876
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8876

reference_url	https://access.redhat.com/errata/RHSA-2022:8889
reference_id	RHSA-2022:8889
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8889

reference_url	https://access.redhat.com/errata/RHSA-2022:9023
reference_id	RHSA-2022:9023
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9023

reference_url	https://access.redhat.com/errata/RHSA-2022:9032
reference_id	RHSA-2022:9032
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:9032

reference_url	https://access.redhat.com/errata/RHSA-2023:0189
reference_id	RHSA-2023:0189
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0189

reference_url	https://access.redhat.com/errata/RHSA-2023:0261
reference_id	RHSA-2023:0261
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0261

reference_url	https://access.redhat.com/errata/RHSA-2023:0264
reference_id	RHSA-2023:0264
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0264

reference_url	https://access.redhat.com/errata/RHSA-2023:0469
reference_id	RHSA-2023:0469
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0469

reference_url	https://access.redhat.com/errata/RHSA-2023:0471
reference_id	RHSA-2023:0471
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0471

reference_url	https://access.redhat.com/errata/RHSA-2023:0552
reference_id	RHSA-2023:0552
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0552

reference_url	https://access.redhat.com/errata/RHSA-2023:0553
reference_id	RHSA-2023:0553
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0553

reference_url	https://access.redhat.com/errata/RHSA-2023:0554
reference_id	RHSA-2023:0554
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0554

reference_url	https://access.redhat.com/errata/RHSA-2023:0556
reference_id	RHSA-2023:0556
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0556

reference_url	https://access.redhat.com/errata/RHSA-2023:0713
reference_id	RHSA-2023:0713
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0713

reference_url	https://access.redhat.com/errata/RHSA-2023:1006
reference_id	RHSA-2023:1006
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1006

reference_url	https://access.redhat.com/errata/RHSA-2023:1064
reference_id	RHSA-2023:1064
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1064

reference_url	https://access.redhat.com/errata/RHSA-2023:1151
reference_id	RHSA-2023:1151
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1151

reference_url	https://access.redhat.com/errata/RHSA-2023:2097
reference_id	RHSA-2023:2097
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2097

reference_url	https://access.redhat.com/errata/RHSA-2023:2100
reference_id	RHSA-2023:2100
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2100

reference_url	https://access.redhat.com/errata/RHSA-2023:2135
reference_id	RHSA-2023:2135
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2135

reference_url	https://access.redhat.com/errata/RHSA-2023:3223
reference_id	RHSA-2023:3223
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3223

reference_url	https://access.redhat.com/errata/RHSA-2023:3641
reference_id	RHSA-2023:3641
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3641

reference_url	https://access.redhat.com/errata/RHSA-2023:3663
reference_id	RHSA-2023:3663
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3663

reference_url	https://access.redhat.com/errata/RHSA-2025:1746
reference_id	RHSA-2025:1746
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1746

reference_url	https://access.redhat.com/errata/RHSA-2025:1747
reference_id	RHSA-2025:1747
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1747

fixed_packages

url	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1
purl	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1

url	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4.2
purl	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4.2

aliases CVE-2022-42003, GHSA-jjjh-jjxp-wpff

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hwqa-xmru-zybc

url VCID-m4m4-m1xe-yfcq

vulnerability_id VCID-m4m4-m1xe-yfcq

summary

references

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1786

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1786

reference_url

https://access.redhat.com/errata/RHSA-2018:2088

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2088

reference_url

https://access.redhat.com/errata/RHSA-2018:2089

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2089

reference_url

https://access.redhat.com/errata/RHSA-2018:2090

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2090

reference_url

https://access.redhat.com/errata/RHSA-2018:2938

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2938

reference_url

https://access.redhat.com/errata/RHSA-2018:2939

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2939

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7489.json

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7489.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-7489

reference_id

reference_type

scores

value	0.36207
scoring_system	epss
scoring_elements	0.97183
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-7489

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7489
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7489

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2

reference_url	https://github.com/FasterXML/jackson-databind/commit/60d459cedcf079c6106ae7da2ac562bc32dcabe1
reference_id
reference_type
scores
url	https://github.com/FasterXML/jackson-databind/commit/60d459cedcf079c6106ae7da2ac562bc32dcabe1

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2

reference_url

https://github.com/FasterXML/jackson-databind/commit/bc22f90eb7f896ace9567598a99cb1ff6e0f9d9d

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/bc22f90eb7f896ace9567598a99cb1ff6e0f9d9d

reference_url

https://github.com/FasterXML/jackson-databind/commit/c921f0935d5e41bf206e702d8077a275ba1a6efc

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/c921f0935d5e41bf206e702d8077a275ba1a6efc

reference_url

https://github.com/FasterXML/jackson-databind/commit/ca2bfc86af82a1479112004b663ba74c760752e6

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/ca2bfc86af82a1479112004b663ba74c760752e6

reference_url	https://github.com/FasterXML/jackson-databind/commit/ddfddfba6414adbecaff99684ef66eebd3a92e92
reference_id
reference_type
scores
url	https://github.com/FasterXML/jackson-databind/commit/ddfddfba6414adbecaff99684ef66eebd3a92e92

reference_url

https://github.com/FasterXML/jackson-databind/commit/e66c0a9d3c926ff1b63bf586c824ead1d02f2a3d

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/e66c0a9d3c926ff1b63bf586c824ead1d02f2a3d

reference_url	https://github.com/FasterXML/jackson-databind/commit/e8f043d1aac9b82eee907e0f0c3abbdea723a935
reference_id
reference_type
scores
url	https://github.com/FasterXML/jackson-databind/commit/e8f043d1aac9b82eee907e0f0c3abbdea723a935

reference_url

https://github.com/FasterXML/jackson-databind/issues/1931

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/1931

reference_url

https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20180328-0001

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180328-0001

reference_url	https://security.netapp.com/advisory/ntap-20180328-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180328-0001/

reference_url

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us

reference_url

https://www.debian.org/security/2018/dsa-4190

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2018/dsa-4190

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

reference_url

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

reference_url

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

reference_url	http://www.securityfocus.com/bid/103203
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103203

reference_url	http://www.securitytracker.com/id/1040693
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040693

reference_url	http://www.securitytracker.com/id/1041890
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1041890

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1549276
reference_id	1549276
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1549276

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891614
reference_id	891614
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891614

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-7489

reference_id

CVE-2018-7489

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-7489

reference_url

https://github.com/advisories/GHSA-cggj-fvv3-cqwv

reference_id

GHSA-cggj-fvv3-cqwv

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-cggj-fvv3-cqwv

reference_url	https://access.redhat.com/errata/RHSA-2020:2562
reference_id	RHSA-2020:2562
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2562

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.3

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-44eh-w63c-a3ee

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-e1e6-cdx6-53ch

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-eged-urty-t3c1

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mcbm-vdxz-hybw

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-mud8-r5hz-hkgd

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-v4na-3ff4-tucj

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-vzuh-xhe1-xbhz

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zegx-9gp4-b7e1

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.3

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.1

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-44eh-w63c-a3ee

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-e1e6-cdx6-53ch

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-eged-urty-t3c1

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mcbm-vdxz-hybw

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-v4na-3ff4-tucj

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-vzuh-xhe1-xbhz

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zegx-9gp4-b7e1

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.1

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-44eh-w63c-a3ee

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-586p-s82z-hyhn

vulnerability	VCID-5dr4-1wmq-5yex

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-6zfz-tvtr-u3ah

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-bsrt-8ar3-17f9

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-dcwr-zjb5-v7gm

vulnerability	VCID-e1e6-cdx6-53ch

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-eged-urty-t3c1

vulnerability	VCID-ehr5-2q6j-nbhr

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-f1gp-1nbr-a7b2

vulnerability	VCID-fe5h-st4y-6ydd

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-k66r-v663-fud8

vulnerability	VCID-m376-hpnf-vbb1

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mcbm-vdxz-hybw

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-myrj-1fsg-mub5

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-pt6j-rvh7-hqh1

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-v4na-3ff4-tucj

vulnerability	VCID-vaw9-9zyu-83d4

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-vzuh-xhe1-xbhz

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5

aliases CVE-2018-7489, GHSA-cggj-fvv3-cqwv

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m4m4-m1xe-yfcq

url VCID-mc77-ht3b-53aa

vulnerability_id VCID-mc77-ht3b-53aa

summary

Improper Restriction of XML External Entity Reference
FasterXML jackson-databind might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

references

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14720.json

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14720.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14720

reference_id

reference_type

scores

value	0.03437
scoring_system	epss
scoring_elements	0.87689
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14720

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086

reference_url

https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44

reference_url

https://github.com/FasterXML/jackson-databind/issues/2097

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2097

reference_url

https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7

reference_url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286@%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f@%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df@%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190530-0003

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190530-0003

reference_url	https://security.netapp.com/advisory/ntap-20190530-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190530-0003/

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1666423
reference_id	1666423
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1666423

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-14720

reference_id

CVE-2018-14720

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-14720

reference_url

https://github.com/advisories/GHSA-x2w5-5m2g-7h5m

reference_id

GHSA-x2w5-5m2g-7h5m

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-x2w5-5m2g-7h5m

reference_url	https://access.redhat.com/errata/RHSA-2020:2564
reference_id	RHSA-2020:2564
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2564

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

reference_url	https://usn.ubuntu.com/USN-4813-1/
reference_id	USN-USN-4813-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4813-1/

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-44eh-w63c-a3ee

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-586p-s82z-hyhn

vulnerability	VCID-5dr4-1wmq-5yex

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-6zfz-tvtr-u3ah

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-bsrt-8ar3-17f9

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-dcwr-zjb5-v7gm

vulnerability	VCID-e1e6-cdx6-53ch

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-ehr5-2q6j-nbhr

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-f1gp-1nbr-a7b2

vulnerability	VCID-fe5h-st4y-6ydd

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-k66r-v663-fud8

vulnerability	VCID-m376-hpnf-vbb1

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-myrj-1fsg-mub5

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-pt6j-rvh7-hqh1

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-v4na-3ff4-tucj

vulnerability	VCID-vaw9-9zyu-83d4

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7

aliases CVE-2018-14720, GHSA-x2w5-5m2g-7h5m

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mc77-ht3b-53aa

url VCID-mcbm-vdxz-hybw

vulnerability_id VCID-mcbm-vdxz-hybw

summary

references

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11307.json

reference_url

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11307.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11307

reference_id

reference_type

scores

value	0.12722
scoring_system	epss
scoring_elements	0.94111
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11307

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/051bd5e447fbc9539e12a4fe90eb989dba0c656

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/051bd5e447fbc9539e12a4fe90eb989dba0c656

reference_url

https://github.com/FasterXML/jackson-databind/commit/27b4defc270454dea6842bd9279f17387eceb73

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/27b4defc270454dea6842bd9279f17387eceb73

reference_url

https://github.com/FasterXML/jackson-databind/commit/78e78738d69adcb59fdac9fc12d9053ce8809f3d

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/78e78738d69adcb59fdac9fc12d9053ce8809f3d

reference_url

https://github.com/FasterXML/jackson-databind/issues/2032

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2032

reference_url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1677341
reference_id	1677341
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1677341

reference_url

reference_id

CVE-2017-7525

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11307

reference_url

reference_id

CVE-2018-11307

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11307

reference_url

https://github.com/advisories/GHSA-qr7j-h6gg-jmgc

reference_id

GHSA-qr7j-h6gg-jmgc

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qr7j-h6gg-jmgc

reference_url	https://usn.ubuntu.com/USN-4813-1/
reference_id	USN-USN-4813-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4813-1/

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.4

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-44eh-w63c-a3ee

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-e1e6-cdx6-53ch

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-mud8-r5hz-hkgd

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-v4na-3ff4-tucj

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.4

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.2

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-44eh-w63c-a3ee

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-e1e6-cdx6-53ch

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-v4na-3ff4-tucj

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.2

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-44eh-w63c-a3ee

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-586p-s82z-hyhn

vulnerability	VCID-5dr4-1wmq-5yex

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-6zfz-tvtr-u3ah

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-bsrt-8ar3-17f9

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-dcwr-zjb5-v7gm

vulnerability	VCID-e1e6-cdx6-53ch

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-ehr5-2q6j-nbhr

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-f1gp-1nbr-a7b2

vulnerability	VCID-fe5h-st4y-6ydd

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-k66r-v663-fud8

vulnerability	VCID-m376-hpnf-vbb1

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-myrj-1fsg-mub5

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-pt6j-rvh7-hqh1

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-v4na-3ff4-tucj

vulnerability	VCID-vaw9-9zyu-83d4

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6

aliases CVE-2018-11307, GHSA-qr7j-h6gg-jmgc

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mcbm-vdxz-hybw

url VCID-mn3y-jft1-nueb

vulnerability_id VCID-mn3y-jft1-nueb

summary

Deserialization of Untrusted Data
FasterXML jackson-databind might allow remote attackers to execute arbitrary code by leveraging failure to block the `blaze-ds-opt` and `blaze-ds-core` classes from polymorphic deserialization.

references

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14719.json

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14719.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14719

reference_id

reference_type

scores

value	0.03554
scoring_system	epss
scoring_elements	0.87897
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14719

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44

reference_url

https://github.com/FasterXML/jackson-databind/issues/2097

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2097

reference_url

https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7

reference_url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190530-0003

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190530-0003

reference_url	https://security.netapp.com/advisory/ntap-20190530-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190530-0003/

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1666418
reference_id	1666418
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1666418

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-14719

reference_id

CVE-2018-14719

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-14719

reference_url

https://github.com/advisories/GHSA-4gq5-ch57-c2mg

reference_id

GHSA-4gq5-ch57-c2mg

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4gq5-ch57-c2mg

reference_url	https://access.redhat.com/errata/RHSA-2020:2564
reference_id	RHSA-2020:2564
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2564

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

reference_url	https://usn.ubuntu.com/USN-4813-1/
reference_id	USN-USN-4813-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4813-1/

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-44eh-w63c-a3ee

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-586p-s82z-hyhn

vulnerability	VCID-5dr4-1wmq-5yex

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-6zfz-tvtr-u3ah

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-bsrt-8ar3-17f9

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-dcwr-zjb5-v7gm

vulnerability	VCID-e1e6-cdx6-53ch

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-ehr5-2q6j-nbhr

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-f1gp-1nbr-a7b2

vulnerability	VCID-fe5h-st4y-6ydd

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-k66r-v663-fud8

vulnerability	VCID-m376-hpnf-vbb1

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-myrj-1fsg-mub5

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-pt6j-rvh7-hqh1

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-v4na-3ff4-tucj

vulnerability	VCID-vaw9-9zyu-83d4

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7

aliases CVE-2018-14719, GHSA-4gq5-ch57-c2mg

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mn3y-jft1-nueb

url VCID-mp7y-npdu-kqbx

vulnerability_id VCID-mp7y-npdu-kqbx

summary

references

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14893.json

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14893.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14893

reference_id

reference_type

scores

value	0.00983
scoring_system	epss
scoring_elements	0.77105
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14893

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14893

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14893

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14893
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14893

reference_url

https://github.com/FasterXML/jackson-databind/commit/998efd708284778f29d83d7962a9bd935c228317

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/998efd708284778f29d83d7962a9bd935c228317

reference_url

https://github.com/FasterXML/jackson-databind/issues/2469

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2469

reference_url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20200327-0006

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200327-0006

reference_url	https://security.netapp.com/advisory/ntap-20200327-0006/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200327-0006/

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1758182
reference_id	1758182
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1758182

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-14893

reference_id

CVE-2019-14893

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-14893

reference_url

https://github.com/advisories/GHSA-qmqc-x3r4-6v39

reference_id

GHSA-qmqc-x3r4-6v39

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qmqc-x3r4-6v39

reference_url	https://access.redhat.com/errata/RHSA-2020:0895
reference_id	RHSA-2020:0895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0895

reference_url	https://access.redhat.com/errata/RHSA-2020:0899
reference_id	RHSA-2020:0899
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0899

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2333
reference_id	RHSA-2020:2333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2333

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-586p-s82z-hyhn

vulnerability	VCID-5dr4-1wmq-5yex

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-6zfz-tvtr-u3ah

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-bsrt-8ar3-17f9

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-dcwr-zjb5-v7gm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-ehr5-2q6j-nbhr

vulnerability	VCID-f1gp-1nbr-a7b2

vulnerability	VCID-fe5h-st4y-6ydd

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-k66r-v663-fud8

vulnerability	VCID-m376-hpnf-vbb1

vulnerability	VCID-myrj-1fsg-mub5

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-pt6j-rvh7-hqh1

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vaw9-9zyu-83d4

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10

aliases CVE-2019-14893, GHSA-qmqc-x3r4-6v39

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mp7y-npdu-kqbx

url VCID-mud8-r5hz-hkgd

vulnerability_id VCID-mud8-r5hz-hkgd

summary

references

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1525

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:1525

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5968.json

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5968.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5968

reference_id

reference_type

scores

value	0.01965
scoring_system	epss
scoring_elements	0.83821
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5968

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17485
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17485

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5968
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5968

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/038b471e2efde2e8f96b4e0be958d3e5a1ff1d0

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/038b471e2efde2e8f96b4e0be958d3e5a1ff1d0

reference_url

https://github.com/FasterXML/jackson-databind/commit/03ea0bec6293d4330b5ad19d1d62aca0e3cb6381

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/03ea0bec6293d4330b5ad19d1d62aca0e3cb6381

reference_url

https://github.com/FasterXML/jackson-databind/commit/454be8bb8c913be18298327a84ca45a280b61605

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/454be8bb8c913be18298327a84ca45a280b61605

reference_url

https://github.com/FasterXML/jackson-databind/issues/1899

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/1899

reference_url

https://github.com/GulajavaMinistudio/jackson-databind/pull/92/commits/038b471e2efde2e8f96b4e0be958d3e5a1ff1d05

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/GulajavaMinistudio/jackson-databind/pull/92/commits/038b471e2efde2e8f96b4e0be958d3e5a1ff1d05

reference_url

https://security.netapp.com/advisory/ntap-20180423-0002

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180423-0002

reference_url	https://security.netapp.com/advisory/ntap-20180423-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180423-0002/

reference_url

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us

reference_url

https://www.debian.org/security/2018/dsa-4114

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2018/dsa-4114

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1538332
reference_id	1538332
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1538332

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888316
reference_id	888316
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888316

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5968

reference_id

CVE-2018-5968

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5968

reference_url

https://github.com/advisories/GHSA-w3f4-3q6j-rh82

reference_id

GHSA-w3f4-3q6j-rh82

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w3f4-3q6j-rh82

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.1

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-44eh-w63c-a3ee

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-e1e6-cdx6-53ch

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-eged-urty-t3c1

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mcbm-vdxz-hybw

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-v4na-3ff4-tucj

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-vzuh-xhe1-xbhz

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zegx-9gp4-b7e1

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.1

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-44eh-w63c-a3ee

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-586p-s82z-hyhn

vulnerability	VCID-5dr4-1wmq-5yex

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-6zfz-tvtr-u3ah

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-bsrt-8ar3-17f9

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-dcwr-zjb5-v7gm

vulnerability	VCID-e1e6-cdx6-53ch

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-eged-urty-t3c1

vulnerability	VCID-ehr5-2q6j-nbhr

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-f1gp-1nbr-a7b2

vulnerability	VCID-fe5h-st4y-6ydd

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-k66r-v663-fud8

vulnerability	VCID-m376-hpnf-vbb1

vulnerability	VCID-m4m4-m1xe-yfcq

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mcbm-vdxz-hybw

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-myrj-1fsg-mub5

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-pt6j-rvh7-hqh1

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-v4na-3ff4-tucj

vulnerability	VCID-vaw9-9zyu-83d4

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-vzuh-xhe1-xbhz

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.4

aliases CVE-2018-5968, GHSA-w3f4-3q6j-rh82

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mud8-r5hz-hkgd

url VCID-nqvs-41ex-87a8

vulnerability_id VCID-nqvs-41ex-87a8

summary

Code Injection in jackson-databind
This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24616.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24616.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-24616

reference_id

reference_type

scores

value	0.02908
scoring_system	epss
scoring_elements	0.86614
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-24616

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24616
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24616

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/3d97153944f7de9c19c1b3637b33d3cf1fbbe4d7

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/3d97153944f7de9c19c1b3637b33d3cf1fbbe4d7

reference_url

https://github.com/FasterXML/jackson-databind/issues/2814

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2814

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

https://security.netapp.com/advisory/ntap-20200904-0006

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200904-0006

reference_url	https://security.netapp.com/advisory/ntap-20200904-0006/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200904-0006/

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1872707
reference_id	1872707
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1872707

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-24616

reference_id

CVE-2020-24616

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-24616

reference_url

https://github.com/advisories/GHSA-h3cw-g4mq-c5x2

reference_id

GHSA-h3cw-g4mq-c5x2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h3cw-g4mq-c5x2

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6

aliases CVE-2020-24616, GHSA-h3cw-g4mq-c5x2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nqvs-41ex-87a8

url VCID-prst-mb6z-1fe2

vulnerability_id VCID-prst-mb6z-1fe2

summary

Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36186.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36186.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36186

reference_id

reference_type

scores

value	0.02623
scoring_system	epss
scoring_elements	0.85929
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36186

reference_url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1

reference_url

https://github.com/FasterXML/jackson-databind/issues/2997

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2997

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_url	https://security.netapp.com/advisory/ntap-20210205-0005/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210205-0005/

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1913931
reference_id	1913931
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1913931

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-36186

reference_id

CVE-2020-36186

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-36186

reference_url

https://github.com/advisories/GHSA-v585-23hc-c647

reference_id

GHSA-v585-23hc-c647

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v585-23hc-c647

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-vqwq-ucrm-vucy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8

aliases CVE-2020-36186, GHSA-v585-23hc-c647

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-prst-mb6z-1fe2

url VCID-rm5e-f5qv-47ce

vulnerability_id VCID-rm5e-f5qv-47ce

summary

Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35728.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35728.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35728

reference_id

reference_type

scores

value	0.42315
scoring_system	epss
scoring_elements	0.97513
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35728

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/1ca0388c2fb37ac6a06f1c188ae89c41e3e15e84

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/1ca0388c2fb37ac6a06f1c188ae89c41e3e15e84

reference_url

https://github.com/FasterXML/jackson-databind/issues/2999

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/

url

https://github.com/FasterXML/jackson-databind/issues/2999

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

https://security.netapp.com/advisory/ntap-20210129-0007

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210129-0007

reference_url

https://security.netapp.com/advisory/ntap-20210129-0007/

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/

url

https://security.netapp.com/advisory/ntap-20210129-0007/

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1911502
reference_id	1911502
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1911502

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-35728

reference_id

CVE-2020-35728

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-35728

reference_url

https://github.com/advisories/GHSA-5r5r-6hpj-8gg9

reference_id

GHSA-5r5r-6hpj-8gg9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5r5r-6hpj-8gg9

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-vqwq-ucrm-vucy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8

aliases CVE-2020-35728, GHSA-5r5r-6hpj-8gg9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rm5e-f5qv-47ce

url VCID-s9jx-v8jb-zkhs

vulnerability_id VCID-s9jx-v8jb-zkhs

summary

references

reference_url

https://access.redhat.com/errata/RHSA-2017:1834

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:1834

reference_url

https://access.redhat.com/errata/RHSA-2017:1835

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:1835

reference_url

https://access.redhat.com/errata/RHSA-2017:1836

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:1836

reference_url

https://access.redhat.com/errata/RHSA-2017:1837

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:1837

reference_url

https://access.redhat.com/errata/RHSA-2017:1839

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:1839

reference_url

https://access.redhat.com/errata/RHSA-2017:1840

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:1840

reference_url

https://access.redhat.com/errata/RHSA-2017:2477

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:2477

reference_url

https://access.redhat.com/errata/RHSA-2017:2546

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:2546

reference_url

https://access.redhat.com/errata/RHSA-2017:2547

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:2547

reference_url

https://access.redhat.com/errata/RHSA-2017:2633

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:2633

reference_url

https://access.redhat.com/errata/RHSA-2017:2635

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:2635

reference_url

https://access.redhat.com/errata/RHSA-2017:2636

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:2636

reference_url

https://access.redhat.com/errata/RHSA-2017:2637

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:2637

reference_url

https://access.redhat.com/errata/RHSA-2017:2638

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:2638

reference_url

https://access.redhat.com/errata/RHSA-2017:3141

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:3141

reference_url

https://access.redhat.com/errata/RHSA-2017:3454

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:3454

reference_url

https://access.redhat.com/errata/RHSA-2017:3455

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:3455

reference_url

https://access.redhat.com/errata/RHSA-2017:3456

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:3456

reference_url

https://access.redhat.com/errata/RHSA-2017:3458

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:3458

reference_url

https://access.redhat.com/errata/RHSA-2018:0294

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:0294

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:0910

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:0910

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7525.json

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7525.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7525

reference_id

reference_type

scores

value	0.82379
scoring_system	epss
scoring_elements	0.99244
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7525

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1462702

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1462702

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-055

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-055

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/3bfbb835e530055c1941ddf87fde0b08d08dcd38

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/3bfbb835e530055c1941ddf87fde0b08d08dcd38

reference_url

https://github.com/FasterXML/jackson-databind/commit/60d459cedcf079c6106ae7da2ac562bc32dcabe1

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/60d459cedcf079c6106ae7da2ac562bc32dcabe1

reference_url

https://github.com/FasterXML/jackson-databind/commit/680d75b011edd67a2d2a2e9980998a968194c2ef

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/680d75b011edd67a2d2a2e9980998a968194c2ef

reference_url

https://github.com/FasterXML/jackson-databind/commit/6ce32ffd18facac6abdbbf559c817b47fcb622c1

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/6ce32ffd18facac6abdbbf559c817b47fcb622c1

reference_url

https://github.com/FasterXML/jackson-databind/commit/90042692085deeb05ae75c569c9909f7dba24415

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/90042692085deeb05ae75c569c9909f7dba24415

reference_url	https://github.com/FasterXML/jackson-databind/commit/ddfddfba6414adbecaff99684ef66eebd3a92e92
reference_id
reference_type
scores
url	https://github.com/FasterXML/jackson-databind/commit/ddfddfba6414adbecaff99684ef66eebd3a92e92

reference_url	https://github.com/FasterXML/jackson-databind/commit/e8f043d1aac9b82eee907e0f0c3abbdea723a935
reference_id
reference_type
scores
url	https://github.com/FasterXML/jackson-databind/commit/e8f043d1aac9b82eee907e0f0c3abbdea723a935

reference_url

https://github.com/FasterXML/jackson-databind/commit/fa87c1ddbe803ebb7295f5c2ebfe38e12f6e6162

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/fa87c1ddbe803ebb7295f5c2ebfe38e12f6e6162

reference_url

https://github.com/FasterXML/jackson-databind/commit/fd8dec2c7fab8b4b4bd60502a0f1d63ec23c24da

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/fd8dec2c7fab8b4b4bd60502a0f1d63ec23c24da

reference_url

https://github.com/FasterXML/jackson-databind/issues/1599

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/1599

reference_url

https://github.com/FasterXML/jackson-databind/issues/1723

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/1723

reference_url	https://github.com/FasterXML/jackson-databind/issues/1737
reference_id
reference_type
scores
url	https://github.com/FasterXML/jackson-databind/issues/1737

reference_url

https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f@%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b@%3Ccommits.cassandra.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b@%3Ccommits.cassandra.apache.org%3E

reference_url

https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399@%3Csolr-user.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399@%3Csolr-user.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346@%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913@%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6@%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87@%3Csolr-user.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87@%3Csolr-user.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486@%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7@%3Ccommits.cassandra.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7@%3Ccommits.cassandra.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589@%3Cissues.spark.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589@%3Cissues.spark.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html

reference_url

https://security.netapp.com/advisory/ntap-20171214-0002

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20171214-0002

reference_url

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us

reference_url

https://www.debian.org/security/2017/dsa-4004

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2017/dsa-4004

reference_url	https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true
reference_id
reference_type
scores
url	https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

reference_url

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

reference_url

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

reference_url	http://www.securityfocus.com/bid/99623
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/99623

reference_url	http://www.securitytracker.com/id/1039744
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039744

reference_url	http://www.securitytracker.com/id/1039947
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039947

reference_url	http://www.securitytracker.com/id/1040360
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1040360

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870848
reference_id	870848
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870848

reference_url

reference_id

CVE-2017-7525

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-qxxx-2pp7-5hmx

reference_url

reference_id

GHSA-qxxx-2pp7-5hmx

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-qxxx-2pp7-5hmx

reference_url	https://usn.ubuntu.com/4741-1/
reference_id	USN-4741-1
reference_type
scores
url	https://usn.ubuntu.com/4741-1/

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.1

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-44eh-w63c-a3ee

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-75xy-rcyz-augd

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-e1e6-cdx6-53ch

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-eged-urty-t3c1

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-m4m4-m1xe-yfcq

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mcbm-vdxz-hybw

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-mud8-r5hz-hkgd

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-v4na-3ff4-tucj

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-vzuh-xhe1-xbhz

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.1

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.9

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-44eh-w63c-a3ee

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-75xy-rcyz-augd

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-e1e6-cdx6-53ch

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-eged-urty-t3c1

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-m4m4-m1xe-yfcq

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mcbm-vdxz-hybw

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-mud8-r5hz-hkgd

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-v4na-3ff4-tucj

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-vzuh-xhe1-xbhz

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.9

aliases CVE-2017-7525, GHSA-qxxx-2pp7-5hmx

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s9jx-v8jb-zkhs

url VCID-tj9e-eahq-zqd8

vulnerability_id VCID-tj9e-eahq-zqd8

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10969.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10969.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10969

reference_id

reference_type

scores

value	0.01035
scoring_system	epss
scoring_elements	0.77684
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10969

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10969
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10969

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/6ba48457984943df0de92c54144f7dcae01b1221

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/6ba48457984943df0de92c54144f7dcae01b1221

reference_url

https://github.com/FasterXML/jackson-databind/issues/2642

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:45Z/

url

https://github.com/FasterXML/jackson-databind/issues/2642

reference_url

https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:45Z/

url

https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html

reference_url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

https://security.netapp.com/advisory/ntap-20200403-0002

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200403-0002

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:45Z/

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:45Z/

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:45Z/

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:45Z/

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1819212
reference_id	1819212
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1819212

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10969

reference_id

CVE-2020-10969

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10969

reference_url

https://github.com/advisories/GHSA-758m-v56v-grj4

reference_id

GHSA-758m-v56v-grj4

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-758m-v56v-grj4

reference_url	https://access.redhat.com/errata/RHSA-2020:1523
reference_id	RHSA-2020:1523
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1523

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2333
reference_id	RHSA-2020:2333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2333

reference_url	https://access.redhat.com/errata/RHSA-2020:2813
reference_id	RHSA-2020:2813
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2813

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://access.redhat.com/errata/RHSA-2020:3196
reference_id	RHSA-2020:3196
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3196

reference_url	https://access.redhat.com/errata/RHSA-2020:3197
reference_id	RHSA-2020:3197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3197

reference_url	https://access.redhat.com/errata/RHSA-2020:3779
reference_id	RHSA-2020:3779
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3779

reference_url	https://access.redhat.com/errata/RHSA-2020:4366
reference_id	RHSA-2020:4366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4366

reference_url	https://usn.ubuntu.com/USN-4813-1/
reference_id	USN-USN-4813-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4813-1/

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.7

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.7

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.6

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.6

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-6zfz-tvtr-u3ah

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-bsrt-8ar3-17f9

vulnerability	VCID-dcwr-zjb5-v7gm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-vaw9-9zyu-83d4

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4

aliases CVE-2020-10969, GHSA-758m-v56v-grj4

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tj9e-eahq-zqd8

url VCID-u4zm-4hr7-7ubk

vulnerability_id VCID-u4zm-4hr7-7ubk

summary

references

reference_url

https://access.redhat.com/errata/RHSA-2019:4192

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:4192

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17531.json

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17531.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-17531

reference_id

reference_type

scores

value	0.01223
scoring_system	epss
scoring_elements	0.79422
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-17531

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/b5a304a98590b6bb766134f9261e6566dcbbb6d0

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/b5a304a98590b6bb766134f9261e6566dcbbb6d0

reference_url

https://github.com/FasterXML/jackson-databind/issues/2498

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2498

reference_url

https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html

reference_url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

https://security.netapp.com/advisory/ntap-20191024-0005

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20191024-0005

reference_url	https://security.netapp.com/advisory/ntap-20191024-0005/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20191024-0005/

reference_url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1775293
reference_id	1775293
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1775293

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-17531

reference_id

CVE-2019-17531

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-17531

reference_url

https://github.com/advisories/GHSA-gjmw-vf9h-g25v

reference_id

GHSA-gjmw-vf9h-g25v

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gjmw-vf9h-g25v

reference_url	https://access.redhat.com/errata/RHSA-2020:0895
reference_id	RHSA-2020:0895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0895

reference_url	https://access.redhat.com/errata/RHSA-2020:0899
reference_id	RHSA-2020:0899
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0899

reference_url	https://access.redhat.com/errata/RHSA-2020:0939
reference_id	RHSA-2020:0939
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0939

reference_url	https://access.redhat.com/errata/RHSA-2020:1644
reference_id	RHSA-2020:1644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1644

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2333
reference_id	RHSA-2020:2333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2333

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://access.redhat.com/errata/RHSA-2024:5856
reference_id	RHSA-2024:5856
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5856

reference_url	https://usn.ubuntu.com/USN-4813-1/
reference_id	USN-USN-4813-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4813-1/

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-586p-s82z-hyhn

vulnerability	VCID-5dr4-1wmq-5yex

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-6zfz-tvtr-u3ah

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-bsrt-8ar3-17f9

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-dcwr-zjb5-v7gm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-ehr5-2q6j-nbhr

vulnerability	VCID-f1gp-1nbr-a7b2

vulnerability	VCID-fe5h-st4y-6ydd

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-k66r-v663-fud8

vulnerability	VCID-m376-hpnf-vbb1

vulnerability	VCID-myrj-1fsg-mub5

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-pt6j-rvh7-hqh1

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-vaw9-9zyu-83d4

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1

aliases CVE-2019-17531, GHSA-gjmw-vf9h-g25v

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u4zm-4hr7-7ubk

url VCID-v4na-3ff4-tucj

vulnerability_id VCID-v4na-3ff4-tucj

summary

Deserialization of Untrusted Data
FasterXML jackson-databind might allow attackers to have unspecified impact by leveraging failure to block the `jboss-common-core` class from polymorphic deserialization.

references

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19362.json

reference_url

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19362.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-19362

reference_id

reference_type

scores

value	0.04233
scoring_system	epss
scoring_elements	0.88952
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-19362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b

reference_url

https://github.com/FasterXML/jackson-databind/commit/72cd4025a229fb28ec133235003dd4616f70afaa

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/72cd4025a229fb28ec133235003dd4616f70afaa

reference_url

https://github.com/FasterXML/jackson-databind/issues/2186

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2186

reference_url

https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8

reference_url

https://issues.apache.org/jira/browse/TINKERPOP-2121

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/TINKERPOP-2121

reference_url

https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E

reference_url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190530-0003

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190530-0003

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-19362

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1666489
reference_id	1666489
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1666489

reference_url

reference_id

CVE-2018-19362

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-19362

reference_url

https://github.com/advisories/GHSA-c8hm-7hpq-7jhg

reference_id

GHSA-c8hm-7hpq-7jhg

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-c8hm-7hpq-7jhg

reference_url	https://access.redhat.com/errata/RHSA-2020:2564
reference_id	RHSA-2020:2564
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2564

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

reference_url	https://usn.ubuntu.com/USN-4813-1/
reference_id	USN-USN-4813-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4813-1/

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-586p-s82z-hyhn

vulnerability	VCID-5dr4-1wmq-5yex

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-6zfz-tvtr-u3ah

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-bsrt-8ar3-17f9

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-dcwr-zjb5-v7gm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-ehr5-2q6j-nbhr

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-f1gp-1nbr-a7b2

vulnerability	VCID-fe5h-st4y-6ydd

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-k66r-v663-fud8

vulnerability	VCID-m376-hpnf-vbb1

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-myrj-1fsg-mub5

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-pt6j-rvh7-hqh1

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vaw9-9zyu-83d4

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8

aliases CVE-2018-19362, GHSA-c8hm-7hpq-7jhg

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v4na-3ff4-tucj

url VCID-vqwq-ucrm-vucy

vulnerability_id VCID-vqwq-ucrm-vucy

summary

Uncontrolled Resource Consumption
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36518.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36518.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36518

reference_id

reference_type

scores

value	0.00487
scoring_system	epss
scoring_elements	0.65734
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36518

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/0a8157c6ca478b1bc7be4ba7dccdb3863275f0de

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/0a8157c6ca478b1bc7be4ba7dccdb3863275f0de

reference_url

https://github.com/FasterXML/jackson-databind/commit/3cc52f82ecf943e06c1d7c3b078e405fb3923d2b

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/3cc52f82ecf943e06c1d7c3b078e405fb3923d2b

reference_url

https://github.com/FasterXML/jackson-databind/commit/8238ab41d0350fb915797c89d46777b4496b74fd

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/8238ab41d0350fb915797c89d46777b4496b74fd

reference_url

https://github.com/FasterXML/jackson-databind/commit/b3587924ee5d8695942f364d0d404d48d0ea6126

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/b3587924ee5d8695942f364d0d404d48d0ea6126

reference_url

https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b

reference_url

https://github.com/FasterXML/jackson-databind/issues/2816

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/

url

https://github.com/FasterXML/jackson-databind/issues/2816

reference_url

https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12

reference_url

https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13

reference_url

https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/

url

https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html

reference_url

https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/

url

https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html

reference_url

https://security.netapp.com/advisory/ntap-20220506-0004

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220506-0004

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007109
reference_id	1007109
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007109

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2064698
reference_id	2064698
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2064698

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-36518

reference_id

CVE-2020-36518

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-36518

reference_url

https://github.com/advisories/GHSA-57j2-w4cx-62h2

reference_id

GHSA-57j2-w4cx-62h2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-57j2-w4cx-62h2

reference_url

https://security.netapp.com/advisory/ntap-20220506-0004/

reference_id

ntap-20220506-0004

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/

url

https://security.netapp.com/advisory/ntap-20220506-0004/

reference_url	https://access.redhat.com/errata/RHSA-2022:2232
reference_id	RHSA-2022:2232
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:2232

reference_url	https://access.redhat.com/errata/RHSA-2022:4918
reference_id	RHSA-2022:4918
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4918

reference_url	https://access.redhat.com/errata/RHSA-2022:4919
reference_id	RHSA-2022:4919
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4919

reference_url	https://access.redhat.com/errata/RHSA-2022:4922
reference_id	RHSA-2022:4922
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:4922

reference_url	https://access.redhat.com/errata/RHSA-2022:5029
reference_id	RHSA-2022:5029
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5029

reference_url	https://access.redhat.com/errata/RHSA-2022:5101
reference_id	RHSA-2022:5101
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5101

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

reference_url	https://access.redhat.com/errata/RHSA-2022:5596
reference_id	RHSA-2022:5596
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5596

reference_url	https://access.redhat.com/errata/RHSA-2022:6407
reference_id	RHSA-2022:6407
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6407

reference_url	https://access.redhat.com/errata/RHSA-2022:6782
reference_id	RHSA-2022:6782
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6782

reference_url	https://access.redhat.com/errata/RHSA-2022:6783
reference_id	RHSA-2022:6783
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6783

reference_url	https://access.redhat.com/errata/RHSA-2022:6787
reference_id	RHSA-2022:6787
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6787

reference_url	https://access.redhat.com/errata/RHSA-2022:6819
reference_id	RHSA-2022:6819
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6819

reference_url	https://access.redhat.com/errata/RHSA-2022:7409
reference_id	RHSA-2022:7409
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7409

reference_url	https://access.redhat.com/errata/RHSA-2022:7410
reference_id	RHSA-2022:7410
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7410

reference_url	https://access.redhat.com/errata/RHSA-2022:7411
reference_id	RHSA-2022:7411
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7411

reference_url	https://access.redhat.com/errata/RHSA-2022:7417
reference_id	RHSA-2022:7417
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7417

reference_url	https://access.redhat.com/errata/RHSA-2022:7435
reference_id	RHSA-2022:7435
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7435

reference_url	https://access.redhat.com/errata/RHSA-2022:8781
reference_id	RHSA-2022:8781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8781

reference_url	https://access.redhat.com/errata/RHSA-2022:8889
reference_id	RHSA-2022:8889
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8889

reference_url	https://access.redhat.com/errata/RHSA-2023:0264
reference_id	RHSA-2023:0264
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0264

reference_url	https://access.redhat.com/errata/RHSA-2023:2312
reference_id	RHSA-2023:2312
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2312

reference_url	https://access.redhat.com/errata/RHSA-2023:3223
reference_id	RHSA-2023:3223
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3223

reference_url	https://access.redhat.com/errata/RHSA-2024:3061
reference_id	RHSA-2024:3061
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3061

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-hwqa-xmru-zybc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2.1

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-hwqa-xmru-zybc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2.1

aliases CVE-2020-36518, GHSA-57j2-w4cx-62h2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vqwq-ucrm-vucy

url VCID-vzuh-xhe1-xbhz

vulnerability_id VCID-vzuh-xhe1-xbhz

summary

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12022.json

reference_url

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12022.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12022

reference_id

reference_type

scores

value	0.03117
scoring_system	epss
scoring_elements	0.87063
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12022

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1671098

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1671098

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a

reference_url	https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226
reference_id
reference_type
scores
url	https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/28badf7ef60ac3e7ef151cd8e8ec010b8479226a

reference_url

https://github.com/FasterXML/jackson-databind/commit/7487cf7eb14be2f65a1eb108e8629c07ef45e0a

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/7487cf7eb14be2f65a1eb108e8629c07ef45e0a

reference_url

https://github.com/FasterXML/jackson-databind/commit/bf261d404c2f79fd3406237710d40ebb03c99d84

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/bf261d404c2f79fd3406237710d40ebb03c99d84

reference_url

https://github.com/FasterXML/jackson-databind/issues/2052

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2052

reference_url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEDLDUYBSTDY4GWDBUXGJNS2RFYTFVRC

reference_url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190530-0003

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190530-0003

reference_url

https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url

http://www.securityfocus.com/bid/107585

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/107585

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1671097
reference_id	1671097
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1671097

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-12022

reference_id

CVE-2018-12022

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-12022

reference_url

https://github.com/advisories/GHSA-cjjf-94ff-43w7

reference_id

GHSA-cjjf-94ff-43w7

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-cjjf-94ff-43w7

reference_url	https://usn.ubuntu.com/USN-4813-1/
reference_id	USN-USN-4813-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4813-1/

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.4

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-44eh-w63c-a3ee

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-e1e6-cdx6-53ch

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-mud8-r5hz-hkgd

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-v4na-3ff4-tucj

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.4

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.2

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-44eh-w63c-a3ee

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-e1e6-cdx6-53ch

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-v4na-3ff4-tucj

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.2

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-44eh-w63c-a3ee

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-586p-s82z-hyhn

vulnerability	VCID-5dr4-1wmq-5yex

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-6zfz-tvtr-u3ah

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-bsrt-8ar3-17f9

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-dcwr-zjb5-v7gm

vulnerability	VCID-e1e6-cdx6-53ch

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-ehr5-2q6j-nbhr

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-f1gp-1nbr-a7b2

vulnerability	VCID-fe5h-st4y-6ydd

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-k66r-v663-fud8

vulnerability	VCID-m376-hpnf-vbb1

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-myrj-1fsg-mub5

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-pt6j-rvh7-hqh1

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-v4na-3ff4-tucj

vulnerability	VCID-vaw9-9zyu-83d4

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.6

aliases CVE-2018-12022, GHSA-cjjf-94ff-43w7

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vzuh-xhe1-xbhz

url VCID-wfxm-j4b4-87fd

vulnerability_id VCID-wfxm-j4b4-87fd

summary

Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36184.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36184.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36184

reference_id

reference_type

scores

value	0.07471
scoring_system	epss
scoring_elements	0.91893
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36184

reference_url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/

url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36184
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36184

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a

reference_url

https://github.com/FasterXML/jackson-databind/issues/2998

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/

url

https://github.com/FasterXML/jackson-databind/issues/2998

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_url

https://security.netapp.com/advisory/ntap-20210205-0005/

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/

url

https://security.netapp.com/advisory/ntap-20210205-0005/

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1913928
reference_id	1913928
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1913928

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-36184

reference_id

CVE-2020-36184

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-36184

reference_url

https://github.com/advisories/GHSA-m6x4-97wx-4q27

reference_id

GHSA-m6x4-97wx-4q27

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m6x4-97wx-4q27

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-vqwq-ucrm-vucy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8

aliases CVE-2020-36184, GHSA-m6x4-97wx-4q27

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wfxm-j4b4-87fd

url VCID-wqcp-4gpk-fqdf

vulnerability_id VCID-wqcp-4gpk-fqdf

summary

Information Disclosure
A Polymorphic Typing issue was discovered in FasterXML jackson-databind. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.

references

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://access.redhat.com/errata/RHSA-2019:2935

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://access.redhat.com/errata/RHSA-2019:2935

reference_url

https://access.redhat.com/errata/RHSA-2019:2936

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://access.redhat.com/errata/RHSA-2019:2936

reference_url

https://access.redhat.com/errata/RHSA-2019:2937

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://access.redhat.com/errata/RHSA-2019:2937

reference_url

https://access.redhat.com/errata/RHSA-2019:2938

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://access.redhat.com/errata/RHSA-2019:2938

reference_url

https://access.redhat.com/errata/RHSA-2019:3044

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://access.redhat.com/errata/RHSA-2019:3044

reference_url

https://access.redhat.com/errata/RHSA-2019:3045

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://access.redhat.com/errata/RHSA-2019:3045

reference_url

https://access.redhat.com/errata/RHSA-2019:3046

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://access.redhat.com/errata/RHSA-2019:3046

reference_url

https://access.redhat.com/errata/RHSA-2019:3050

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://access.redhat.com/errata/RHSA-2019:3050

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://access.redhat.com/errata/RHSA-2019:3292

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://access.redhat.com/errata/RHSA-2019:3292

reference_url

https://access.redhat.com/errata/RHSA-2019:3297

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://access.redhat.com/errata/RHSA-2019:3297

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12814.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12814.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12814

reference_id

reference_type

scores

value	0.18064
scoring_system	epss
scoring_elements	0.95288
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12814

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12814
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12814

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/5f7c69bba07a7155adde130d9dee2e54a54f1fa5

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/5f7c69bba07a7155adde130d9dee2e54a54f1fa5

reference_url

https://github.com/FasterXML/jackson-databind/issues/2341

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://github.com/FasterXML/jackson-databind/issues/2341

reference_url

https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731@%3Cdev.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731@%3Cdev.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0@%3Cnotifications.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0@%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E

reference_url

https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324@%3Cnotifications.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324@%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4@%3Cnotifications.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4@%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682@%3Cnotifications.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682@%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209@%3Cissues.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209@%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2@%3Cnotifications.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2@%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd@%3Ccommits.accumulo.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd@%3Ccommits.accumulo.apache.org%3E

reference_url

https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe@%3Cnotifications.geode.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87@%3Cnotifications.zookeeper.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87@%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.debian.org/debian-lts-announce/2019/06/msg00019.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC

reference_url

https://security.netapp.com/advisory/ntap-20190625-0006

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190625-0006

reference_url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_url

https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E

reference_id

0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731%40%3Cdev.zookeeper.apache.org%3E

reference_id

129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731%40%3Cdev.zookeeper.apache.org%3E

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.apache.org/thread.html/129da0204c876f746636018751a086cc581e0e07bcdeb3ee22ff5731%40%3Cdev.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1%40%3Cissues.zookeeper.apache.org%3E

reference_id

15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1%40%3Cissues.zookeeper.apache.org%3E

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.apache.org/thread.html/15a55e1d837fa686db493137cc0330c7ee1089ed9a9eea7ae7151ef1%40%3Cissues.zookeeper.apache.org%3E

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1725795
reference_id	1725795
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1725795

reference_url

https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0%40%3Cnotifications.zookeeper.apache.org%3E

reference_id

1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0%40%3Cnotifications.zookeeper.apache.org%3E

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.apache.org/thread.html/1e04d9381c801b31ab28dec813c31c304b2a596b2a3707fa5462c5c0%40%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c%40%3Cissues.zookeeper.apache.org%3E

reference_id

28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c%40%3Cissues.zookeeper.apache.org%3E

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.apache.org/thread.html/28be28ffd6471d230943a255c36fe196a54ef5afc494a4781d16e37c%40%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E

reference_id

2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560%40%3Cissues.zookeeper.apache.org%3E

reference_id

2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560%40%3Cissues.zookeeper.apache.org%3E

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.apache.org/thread.html/2ff264b6a94c5363a35c4c88fa93216f60ec54d1d973ed6b76a9f560%40%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E

reference_id

34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E

reference_id

3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E

reference_url

https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324%40%3Cnotifications.zookeeper.apache.org%3E

reference_id

4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324%40%3Cnotifications.zookeeper.apache.org%3E

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.apache.org/thread.html/4b832d1327703d6b287a6d223307f8f884d798821209a10647e93324%40%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E

reference_id

56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E

reference_id

5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E

reference_id

5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3%40%3Cissues.zookeeper.apache.org%3E

reference_id

71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3%40%3Cissues.zookeeper.apache.org%3E

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.apache.org/thread.html/71f9ffd92410a889e27b95a219eaa843fd820f8550898633d85d4ea3%40%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E

reference_id

87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4%40%3Cnotifications.zookeeper.apache.org%3E

reference_id

8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4%40%3Cnotifications.zookeeper.apache.org%3E

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.apache.org/thread.html/8fe2983f6d9fee0aa737e4bd24483f8f5cf9b938b9adad0c4e79b2a4%40%3Cnotifications.zookeeper.apache.org%3E

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930750
reference_id	930750
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930750

reference_url

https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f%40%3Cissues.zookeeper.apache.org%3E

reference_id

a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f%40%3Cissues.zookeeper.apache.org%3E

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.apache.org/thread.html/a3ae8a8c5e32c413cd27071d3a204166050bf79ce7f1299f6866338f%40%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3E

reference_id

a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3E

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957%40%3Cissues.zookeeper.apache.org%3E

reference_id

a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957%40%3Cissues.zookeeper.apache.org%3E

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.apache.org/thread.html/a78239b1f11cddfa86e4edee19064c40b6272214630bfef070c37957%40%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209%40%3Cissues.zookeeper.apache.org%3E

reference_id

b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209%40%3Cissues.zookeeper.apache.org%3E

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.apache.org/thread.html/b0a2b2cca072650dbd5882719976c3d353972c44f6736ddf0ba95209%40%3Cissues.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2%40%3Cnotifications.zookeeper.apache.org%3E

reference_id

b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2%40%3Cnotifications.zookeeper.apache.org%3E

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.apache.org/thread.html/b148fa2e9ef468c4de00de255dd728b74e2a97d935f8ced31eb41ba2%40%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd%40%3Ccommits.accumulo.apache.org%3E

reference_id

bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd%40%3Ccommits.accumulo.apache.org%3E

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.apache.org/thread.html/bf20574dbc2db255f1fd489942b5720f675e32a2c4f44eb6a36060cd%40%3Ccommits.accumulo.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12814

reference_id

CVE-2019-12814

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12814

reference_url

https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E

reference_id

e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.apache.org/thread.html/e0733058c0366b703e6757d8d2a7a04b943581f659e9c271f0841dfe%40%3Cnotifications.geode.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E

reference_id

ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E

reference_url

https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E

reference_id

eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.apache.org/thread.html/eff7280055fc717ea8129cd28a9dd57b8446d00b36260c1caee10b87%40%3Cnotifications.zookeeper.apache.org%3E

reference_url

https://github.com/advisories/GHSA-cmfg-87vq-g5g4

reference_id

GHSA-cmfg-87vq-g5g4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cmfg-87vq-g5g4

reference_url

https://security.netapp.com/advisory/ntap-20190625-0006/

reference_id

ntap-20190625-0006

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://security.netapp.com/advisory/ntap-20190625-0006/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/

reference_id

OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/

reference_url	https://access.redhat.com/errata/RHSA-2020:0983
reference_id	RHSA-2020:0983
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0983

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/

reference_id

TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/

reference_id

UKUALE2TUCKEKOHE2D342PQXN4MWCSLC

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:29:53Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/

reference_url	https://usn.ubuntu.com/USN-4813-1/
reference_id	USN-USN-4813-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4813-1/

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.6

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.6

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.4

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.4

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.9.1

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.9.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-586p-s82z-hyhn

vulnerability	VCID-5dr4-1wmq-5yex

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-6zfz-tvtr-u3ah

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-bsrt-8ar3-17f9

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-dcwr-zjb5-v7gm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-ehr5-2q6j-nbhr

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-f1gp-1nbr-a7b2

vulnerability	VCID-fe5h-st4y-6ydd

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-k66r-v663-fud8

vulnerability	VCID-m376-hpnf-vbb1

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-myrj-1fsg-mub5

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-pt6j-rvh7-hqh1

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vaw9-9zyu-83d4

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.9.1

aliases CVE-2019-12814, GHSA-cmfg-87vq-g5g4

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wqcp-4gpk-fqdf

url VCID-wwqz-pwaa-27e1

vulnerability_id VCID-wwqz-pwaa-27e1

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35490.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35490.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35490

reference_id

reference_type

scores

value	0.04249
scoring_system	epss
scoring_elements	0.88978
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35490

reference_url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d

reference_url

https://github.com/FasterXML/jackson-databind/issues/2986

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2986

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20210122-0005

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210122-0005

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1909266
reference_id	1909266
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1909266

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-35490

reference_id

CVE-2020-35490

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-35490

reference_url

https://github.com/advisories/GHSA-wh8g-3j2c-rqj5

reference_id

GHSA-wh8g-3j2c-rqj5

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wh8g-3j2c-rqj5

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-vqwq-ucrm-vucy

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8

aliases CVE-2020-35490, GHSA-wh8g-3j2c-rqj5

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wwqz-pwaa-27e1

url VCID-y7my-5nca-dkcx

vulnerability_id VCID-y7my-5nca-dkcx

summary

Server-Side Request Forgery (SSRF)
FasterXML jackson-databind might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the `axis2-jaxws` class from polymorphic deserialization.

references

reference_url

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14721.json

reference_url

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14721.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14721

reference_id

reference_type

scores

value	0.09667
scoring_system	epss
scoring_elements	0.93035
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14721

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086

reference_url

https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44

reference_url

https://github.com/FasterXML/jackson-databind/issues/2097

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2097

reference_url

https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7

reference_url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html

reference_url

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190530-0003

reference_url

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190530-0003

reference_url	https://security.netapp.com/advisory/ntap-20190530-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190530-0003/

reference_url

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1666428
reference_id	1666428
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1666428

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-14721

reference_id

CVE-2018-14721

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-14721

reference_url

https://github.com/advisories/GHSA-9mxf-g3x6-wv74

reference_id

GHSA-9mxf-g3x6-wv74

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-9mxf-g3x6-wv74

reference_url	https://access.redhat.com/errata/RHSA-2020:2564
reference_id	RHSA-2020:2564
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2564

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

reference_url	https://usn.ubuntu.com/USN-4813-1/
reference_id	USN-USN-4813-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4813-1/

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2347-whvn-fffd

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-44eh-w63c-a3ee

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-586p-s82z-hyhn

vulnerability	VCID-5dr4-1wmq-5yex

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-6zfz-tvtr-u3ah

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-bsrt-8ar3-17f9

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-dcwr-zjb5-v7gm

vulnerability	VCID-e1e6-cdx6-53ch

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-ehr5-2q6j-nbhr

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-f1gp-1nbr-a7b2

vulnerability	VCID-fe5h-st4y-6ydd

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-k66r-v663-fud8

vulnerability	VCID-m376-hpnf-vbb1

vulnerability	VCID-mp7y-npdu-kqbx

vulnerability	VCID-myrj-1fsg-mub5

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-pt6j-rvh7-hqh1

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-v4na-3ff4-tucj

vulnerability	VCID-vaw9-9zyu-83d4

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wqcp-4gpk-fqdf

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7

aliases CVE-2018-14721, GHSA-9mxf-g3x6-wv74

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y7my-5nca-dkcx

url VCID-zp4d-8k3d-rkee

vulnerability_id VCID-zp4d-8k3d-rkee

summary

references

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16943.json

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16943.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-16943

reference_id

reference_type

scores

value	0.01891
scoring_system	epss
scoring_elements	0.83507
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-16943

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/328a0f833daf6baa443ac3b37c818a0204714b0b

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/328a0f833daf6baa443ac3b37c818a0204714b0b

reference_url

https://github.com/FasterXML/jackson-databind/commit/bc67eb11a7cf57561f861ff16f879f1fceb5779f

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/bc67eb11a7cf57561f861ff16f879f1fceb5779f

reference_url

https://github.com/FasterXML/jackson-databind/issues/2478

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/issues/2478

reference_url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E

reference_url

https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/

reference_url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20191017-0006

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20191017-0006

reference_url	https://security.netapp.com/advisory/ntap-20191017-0006/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20191017-0006/

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1758191
reference_id	1758191
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1758191

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941530
reference_id	941530
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941530

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-16943

reference_id

CVE-2019-16943

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-16943

reference_url

https://github.com/advisories/GHSA-fmmc-742q-jg75

reference_id

GHSA-fmmc-742q-jg75

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fmmc-742q-jg75

reference_url	https://access.redhat.com/errata/RHSA-2020:0895
reference_id	RHSA-2020:0895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0895

reference_url	https://access.redhat.com/errata/RHSA-2020:0899
reference_id	RHSA-2020:0899
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0899

reference_url	https://access.redhat.com/errata/RHSA-2020:0939
reference_id	RHSA-2020:0939
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0939

reference_url	https://access.redhat.com/errata/RHSA-2020:1644
reference_id	RHSA-2020:1644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1644

reference_url	https://access.redhat.com/errata/RHSA-2020:2067
reference_id	RHSA-2020:2067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2067

reference_url	https://access.redhat.com/errata/RHSA-2020:2321
reference_id	RHSA-2020:2321
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2321

reference_url	https://access.redhat.com/errata/RHSA-2020:2333
reference_id	RHSA-2020:2333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2333

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

reference_url	https://usn.ubuntu.com/USN-4813-1/
reference_id	USN-USN-4813-1
reference_type
scores
url	https://usn.ubuntu.com/USN-4813-1/

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1mha-2k61-bbc8

vulnerability	VCID-2xg5-fq26-uubt

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-9hq1-c81m-4kdb

vulnerability	VCID-cqsm-dnc5-v3fm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-esct-3rbr-tbey

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hev2-k3fu-kbeh

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-mc77-ht3b-53aa

vulnerability	VCID-mn3y-jft1-nueb

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-u4zm-4hr7-7ubk

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-y7my-5nca-dkcx

vulnerability	VCID-zp4d-8k3d-rkee

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.5

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1cv6-91c6-57dn

vulnerability	VCID-4rgp-mhnd-5ue2

vulnerability	VCID-586p-s82z-hyhn

vulnerability	VCID-5dr4-1wmq-5yex

vulnerability	VCID-69gv-xgdg-f7b4

vulnerability	VCID-6zfz-tvtr-u3ah

vulnerability	VCID-7uue-tq9n-s3e9

vulnerability	VCID-9a71-a3a7-jybg

vulnerability	VCID-bsrt-8ar3-17f9

vulnerability	VCID-c1xq-tfsz-m7e7

vulnerability	VCID-dcwr-zjb5-v7gm

vulnerability	VCID-ef66-5m2v-hugd

vulnerability	VCID-ehr5-2q6j-nbhr

vulnerability	VCID-f1gp-1nbr-a7b2

vulnerability	VCID-fe5h-st4y-6ydd

vulnerability	VCID-g7ww-bshs-jyen

vulnerability	VCID-hwqa-xmru-zybc

vulnerability	VCID-k66r-v663-fud8

vulnerability	VCID-m376-hpnf-vbb1

vulnerability	VCID-myrj-1fsg-mub5

vulnerability	VCID-nqvs-41ex-87a8

vulnerability	VCID-prst-mb6z-1fe2

vulnerability	VCID-pt6j-rvh7-hqh1

vulnerability	VCID-rm5e-f5qv-47ce

vulnerability	VCID-tj9e-eahq-zqd8

vulnerability	VCID-vaw9-9zyu-83d4

vulnerability	VCID-vqwq-ucrm-vucy

vulnerability	VCID-wfxm-j4b4-87fd

vulnerability	VCID-wwqz-pwaa-27e1

vulnerability	VCID-zrwn-hux1-yyhc

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.1

aliases CVE-2019-16943, GHSA-fmmc-742q-jg75

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zp4d-8k3d-rkee

url VCID-zrwn-hux1-yyhc

vulnerability_id VCID-zrwn-hux1-yyhc

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35491.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35491.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35491

reference_id

reference_type

scores

value	0.06186
scoring_system	epss
scoring_elements	0.9099
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35491

reference_url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35491
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35491

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url