{"url":"http://public2.vulnerablecode.io/api/packages/16392?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4","type":"maven","namespace":"com.fasterxml.jackson.core","name":"jackson-databind","version":"2.9.10.4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.12.7.1","latest_non_vulnerable_version":"2.16.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8623?format=json","vulnerability_id":"VCID-1zgj-pwjz-tkf9","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36518.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36518.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36518","reference_id":"","reference_type":"","scores":[{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.65306","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.65206","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/0a8157c6ca478b1bc7be4ba7dccdb3863275f0de","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/0a8157c6ca478b1bc7be4ba7dccdb3863275f0de"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/3cc52f82ecf943e06c1d7c3b078e405fb3923d2b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/3cc52f82ecf943e06c1d7c3b078e405fb3923d2b"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/8238ab41d0350fb915797c89d46777b4496b74fd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/8238ab41d0350fb915797c89d46777b4496b74fd"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/b3587924ee5d8695942f364d0d404d48d0ea6126","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/b3587924ee5d8695942f364d0d404d48d0ea6126"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b"},{"reference_url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12"},{"reference_url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220506-0004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220506-0004"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007109","reference_id":"1007109","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007109"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064698","reference_id":"2064698","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064698"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2816","reference_id":"2816","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/"}],"url":"https://github.com/FasterXML/jackson-databind/issues/2816"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"cpuapr2022.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"cpujul2022.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36518","reference_id":"CVE-2020-36518","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36518"},{"reference_url":"https://www.debian.org/security/2022/dsa-5283","reference_id":"dsa-5283","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/"}],"url":"https://www.debian.org/security/2022/dsa-5283"},{"reference_url":"https://github.com/advisories/GHSA-57j2-w4cx-62h2","reference_id":"GHSA-57j2-w4cx-62h2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-57j2-w4cx-62h2"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html","reference_id":"msg00001.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html","reference_id":"msg00035.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220506-0004/","reference_id":"ntap-20220506-0004","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220506-0004/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2232","reference_id":"RHSA-2022:2232","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2232"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4918","reference_id":"RHSA-2022:4918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4919","reference_id":"RHSA-2022:4919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4922","reference_id":"RHSA-2022:4922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5029","reference_id":"RHSA-2022:5029","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5029"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5101","reference_id":"RHSA-2022:5101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5532","reference_id":"RHSA-2022:5532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5596","reference_id":"RHSA-2022:5596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6407","reference_id":"RHSA-2022:6407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6782","reference_id":"RHSA-2022:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6783","reference_id":"RHSA-2022:6783","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6783"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6787","reference_id":"RHSA-2022:6787","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6787"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6813","reference_id":"RHSA-2022:6813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6819","reference_id":"RHSA-2022:6819","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6819"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7409","reference_id":"RHSA-2022:7409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7410","reference_id":"RHSA-2022:7410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7411","reference_id":"RHSA-2022:7411","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7417","reference_id":"RHSA-2022:7417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7417"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7435","reference_id":"RHSA-2022:7435","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7435"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8781","reference_id":"RHSA-2022:8781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8889","reference_id":"RHSA-2022:8889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0264","reference_id":"RHSA-2023:0264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2312","reference_id":"RHSA-2023:2312","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2312"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3223","reference_id":"RHSA-2023:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3061","reference_id":"RHSA-2024:3061","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3061"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9582","reference_id":"RHSA-2025:9582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9583","reference_id":"RHSA-2025:9583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9583"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19677?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-rg6h-uhep-kyce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/19680?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-rg6h-uhep-kyce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2.1"}],"aliases":["CVE-2020-36518","GHSA-57j2-w4cx-62h2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1zgj-pwjz-tkf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12457?format=json","vulnerability_id":"VCID-9gek-hwbv-87hc","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42004.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42004.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42004","reference_id":"","reference_type":"","scores":[{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.4603","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45885","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42004"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/35de19e7144c4df8ab178b800ba86e80c3d84252","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/35de19e7144c4df8ab178b800ba86e80c3d84252"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/3582","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/3582"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221118-0008","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20221118-0008"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135247","reference_id":"2135247","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135247"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42004","reference_id":"CVE-2022-42004","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42004"},{"reference_url":"https://github.com/advisories/GHSA-rgv9-q543-rqg4","reference_id":"GHSA-rgv9-q543-rqg4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rgv9-q543-rqg4"},{"reference_url":"https://security.gentoo.org/glsa/202210-21","reference_id":"GLSA-202210-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202210-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7435","reference_id":"RHSA-2022:7435","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7435"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8781","reference_id":"RHSA-2022:8781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8876","reference_id":"RHSA-2022:8876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8889","reference_id":"RHSA-2022:8889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9023","reference_id":"RHSA-2022:9023","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9023"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9032","reference_id":"RHSA-2022:9032","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9032"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0189","reference_id":"RHSA-2023:0189","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0189"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0264","reference_id":"RHSA-2023:0264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0469","reference_id":"RHSA-2023:0469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0471","reference_id":"RHSA-2023:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0552","reference_id":"RHSA-2023:0552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0553","reference_id":"RHSA-2023:0553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0554","reference_id":"RHSA-2023:0554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0556","reference_id":"RHSA-2023:0556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0713","reference_id":"RHSA-2023:0713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1006","reference_id":"RHSA-2023:1006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1043","reference_id":"RHSA-2023:1043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1044","reference_id":"RHSA-2023:1044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1045","reference_id":"RHSA-2023:1045","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1047","reference_id":"RHSA-2023:1047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1049","reference_id":"RHSA-2023:1049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1049"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1064","reference_id":"RHSA-2023:1064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2097","reference_id":"RHSA-2023:2097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2100","reference_id":"RHSA-2023:2100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2135","reference_id":"RHSA-2023:2135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3223","reference_id":"RHSA-2023:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3641","reference_id":"RHSA-2023:3641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3663","reference_id":"RHSA-2023:3663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1746","reference_id":"RHSA-2025:1746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1747","reference_id":"RHSA-2025:1747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1747"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27212?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/27210?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rg6h-uhep-kyce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4"}],"aliases":["CVE-2022-42004","GHSA-rgv9-q543-rqg4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9gek-hwbv-87hc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206833?format=json","vulnerability_id":"VCID-9wva-fncp-5khs","summary":"Code Injection in jackson-databind","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24616.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24616.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24616","reference_id":"","reference_type":"","scores":[{"value":"0.02676","scoring_system":"epss","scoring_elements":"0.86208","published_at":"2026-06-12T12:55:00Z"},{"value":"0.02676","scoring_system":"epss","scoring_elements":"0.86158","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24616"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/3d97153944f7de9c19c1b3637b33d3cf1fbbe4d7","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/3d97153944f7de9c19c1b3637b33d3cf1fbbe4d7"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2814","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2814"},{"reference_url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200904-0006","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200904-0006"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200904-0006/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200904-0006/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1872707","reference_id":"1872707","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1872707"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24616","reference_id":"CVE-2020-24616","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24616"},{"reference_url":"https://github.com/advisories/GHSA-h3cw-g4mq-c5x2","reference_id":"GHSA-h3cw-g4mq-c5x2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h3cw-g4mq-c5x2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18246?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-a4ns-753v-f3a4"},{"vulnerability":"VCID-beub-gxyy-ckaq"},{"vulnerability":"VCID-bwma-hhuz-8kes"},{"vulnerability":"VCID-ebf2-rfym-xuck"},{"vulnerability":"VCID-h5z6-4yu2-27dn"},{"vulnerability":"VCID-j54g-s28q-cuhs"},{"vulnerability":"VCID-pbp8-csc6-57bs"},{"vulnerability":"VCID-rg6h-uhep-kyce"},{"vulnerability":"VCID-tgta-jaet-vfd3"},{"vulnerability":"VCID-ymmu-u1mr-v7ae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6"}],"aliases":["CVE-2020-24616","GHSA-h3cw-g4mq-c5x2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9wva-fncp-5khs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206835?format=json","vulnerability_id":"VCID-a4ns-753v-f3a4","summary":"Serialization gadgets exploit in jackson-databind","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35491.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35491.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35491","reference_id":"","reference_type":"","scores":[{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90627","published_at":"2026-06-11T12:55:00Z"},{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90657","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35491"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2986","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2986"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210122-0005","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210122-0005"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1909269","reference_id":"1909269","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1909269"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35491","reference_id":"CVE-2020-35491","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35491"},{"reference_url":"https://github.com/advisories/GHSA-r3gr-cxrf-hg25","reference_id":"GHSA-r3gr-cxrf-hg25","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r3gr-cxrf-hg25"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18066?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-rg6h-uhep-kyce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-35491","GHSA-r3gr-cxrf-hg25"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a4ns-753v-f3a4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8569?format=json","vulnerability_id":"VCID-beub-gxyy-ckaq","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35728.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35728.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35728","reference_id":"","reference_type":"","scores":[{"value":"0.42315","scoring_system":"epss","scoring_elements":"0.97538","published_at":"2026-06-11T12:55:00Z"},{"value":"0.42315","scoring_system":"epss","scoring_elements":"0.97547","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35728"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35728","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35728"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/1ca0388c2fb37ac6a06f1c188ae89c41e3e15e84","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/1ca0388c2fb37ac6a06f1c188ae89c41e3e15e84"},{"reference_url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210129-0007","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210129-0007"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1911502","reference_id":"1911502","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1911502"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2999","reference_id":"2999","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/"}],"url":"https://github.com/FasterXML/jackson-databind/issues/2999"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"cpuApr2021.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/"}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"cpuapr2022.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"cpujan2022.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"cpujul2021.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/"}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"cpujul2022.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"cpuoct2021.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35728","reference_id":"CVE-2020-35728","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35728"},{"reference_url":"https://github.com/advisories/GHSA-5r5r-6hpj-8gg9","reference_id":"GHSA-5r5r-6hpj-8gg9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5r5r-6hpj-8gg9"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html","reference_id":"msg00025.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210129-0007/","reference_id":"ntap-20210129-0007","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210129-0007/"},{"reference_url":"https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/"}],"url":"https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18066?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-rg6h-uhep-kyce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-35728","GHSA-5r5r-6hpj-8gg9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-beub-gxyy-ckaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206625?format=json","vulnerability_id":"VCID-bwma-hhuz-8kes","summary":"Unsafe Deserialization in jackson-databind","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36186.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36186.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36186","reference_id":"","reference_type":"","scores":[{"value":"0.02413","scoring_system":"epss","scoring_elements":"0.85434","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02413","scoring_system":"epss","scoring_elements":"0.85485","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36186"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36186","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36186"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2997","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2997"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210205-0005"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913931","reference_id":"1913931","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913931"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36186","reference_id":"CVE-2020-36186","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36186"},{"reference_url":"https://github.com/advisories/GHSA-v585-23hc-c647","reference_id":"GHSA-v585-23hc-c647","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v585-23hc-c647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18066?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-rg6h-uhep-kyce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-36186","GHSA-v585-23hc-c647"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bwma-hhuz-8kes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/152616?format=json","vulnerability_id":"VCID-ebf2-rfym-xuck","summary":"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36184.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36184.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36184","reference_id":"","reference_type":"","scores":[{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.91626","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.91597","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36184"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36184","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36184"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210205-0005"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913928","reference_id":"1913928","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913928"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2998","reference_id":"2998","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://github.com/FasterXML/jackson-databind/issues/2998"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"cpuApr2021.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"cpuapr2022.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"cpujan2022.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"cpujul2021.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"cpujul2022.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"cpuoct2021.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36184","reference_id":"CVE-2020-36184","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36184"},{"reference_url":"https://github.com/advisories/GHSA-m6x4-97wx-4q27","reference_id":"GHSA-m6x4-97wx-4q27","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m6x4-97wx-4q27"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html","reference_id":"msg00025.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005/","reference_id":"ntap-20210205-0005","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210205-0005/"},{"reference_url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18066?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-rg6h-uhep-kyce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-36184","GHSA-m6x4-97wx-4q27"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ebf2-rfym-xuck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204962?format=json","vulnerability_id":"VCID-gu8e-dgse-2be4","summary":"Deserialization of untrusted data in Jackson Databind","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14195.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14195.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14195","reference_id":"","reference_type":"","scores":[{"value":"0.09062","scoring_system":"epss","scoring_elements":"0.92855","published_at":"2026-06-12T12:55:00Z"},{"value":"0.09062","scoring_system":"epss","scoring_elements":"0.92832","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14195"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/f6d9c664f6d481703138319f6a0f1fdbddb3a259","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/f6d9c664f6d481703138319f6a0f1fdbddb3a259"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2765","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2765"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200702-0003","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200702-0003"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848958","reference_id":"1848958","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848958"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14195","reference_id":"CVE-2020-14195","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14195"},{"reference_url":"https://github.com/advisories/GHSA-mc6h-4qgp-37qh","reference_id":"GHSA-mc6h-4qgp-37qh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mc6h-4qgp-37qh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4366","reference_id":"RHSA-2020:4366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4366"},{"reference_url":"https://usn.ubuntu.com/USN-4813-1/","reference_id":"USN-USN-4813-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4813-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16677?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-9wva-fncp-5khs"},{"vulnerability":"VCID-a4ns-753v-f3a4"},{"vulnerability":"VCID-beub-gxyy-ckaq"},{"vulnerability":"VCID-bwma-hhuz-8kes"},{"vulnerability":"VCID-ebf2-rfym-xuck"},{"vulnerability":"VCID-h5z6-4yu2-27dn"},{"vulnerability":"VCID-j54g-s28q-cuhs"},{"vulnerability":"VCID-j7qz-xhu9-aydr"},{"vulnerability":"VCID-pbp8-csc6-57bs"},{"vulnerability":"VCID-rg6h-uhep-kyce"},{"vulnerability":"VCID-tgta-jaet-vfd3"},{"vulnerability":"VCID-ymmu-u1mr-v7ae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.5"}],"aliases":["CVE-2020-14195","GHSA-mc6h-4qgp-37qh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gu8e-dgse-2be4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206836?format=json","vulnerability_id":"VCID-h5z6-4yu2-27dn","summary":"Unsafe Deserialization in jackson-databind","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36185.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36185.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36185","reference_id":"","reference_type":"","scores":[{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.86247","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.86297","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36185"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36185","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36185"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210205-0005"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913929","reference_id":"1913929","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913929"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36185","reference_id":"CVE-2020-36185","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36185"},{"reference_url":"https://github.com/advisories/GHSA-8w26-6f25-cm9x","reference_id":"GHSA-8w26-6f25-cm9x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8w26-6f25-cm9x"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18066?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-rg6h-uhep-kyce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-36185","GHSA-8w26-6f25-cm9x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h5z6-4yu2-27dn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206834?format=json","vulnerability_id":"VCID-j54g-s28q-cuhs","summary":"Serialization gadgets exploit in jackson-databind","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35490.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35490.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35490","reference_id":"","reference_type":"","scores":[{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88569","published_at":"2026-06-11T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88607","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35490"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35490"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2986","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2986"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210122-0005","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210122-0005"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1909266","reference_id":"1909266","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1909266"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35490","reference_id":"CVE-2020-35490","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35490"},{"reference_url":"https://github.com/advisories/GHSA-wh8g-3j2c-rqj5","reference_id":"GHSA-wh8g-3j2c-rqj5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wh8g-3j2c-rqj5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18066?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-rg6h-uhep-kyce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-35490","GHSA-wh8g-3j2c-rqj5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j54g-s28q-cuhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8169?format=json","vulnerability_id":"VCID-j7qz-xhu9-aydr","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24750.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24750.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24750","reference_id":"","reference_type":"","scores":[{"value":"0.01997","scoring_system":"epss","scoring_elements":"0.84026","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01997","scoring_system":"epss","scoring_elements":"0.84083","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24750"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/2118e71325486c68f089a9761c9d8a11b4ddd1cb","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/2118e71325486c68f089a9761c9d8a11b4ddd1cb"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/6cc9f1a1af323cd156f5668a47e43bab324ae16f","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/6cc9f1a1af323cd156f5668a47e43bab324ae16f"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2798","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2798"},{"reference_url":"https://security.netapp.com/advisory/ntap-20201009-0003","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20201009-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20201009-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20201009-0003/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1882310","reference_id":"1882310","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1882310"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24750","reference_id":"CVE-2020-24750","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24750"},{"reference_url":"https://github.com/advisories/GHSA-qjw2-hr98-qgfh","reference_id":"GHSA-qjw2-hr98-qgfh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qjw2-hr98-qgfh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4173","reference_id":"RHSA-2020:4173","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4173"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5635","reference_id":"RHSA-2020:5635","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5635"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18246?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-a4ns-753v-f3a4"},{"vulnerability":"VCID-beub-gxyy-ckaq"},{"vulnerability":"VCID-bwma-hhuz-8kes"},{"vulnerability":"VCID-ebf2-rfym-xuck"},{"vulnerability":"VCID-h5z6-4yu2-27dn"},{"vulnerability":"VCID-j54g-s28q-cuhs"},{"vulnerability":"VCID-pbp8-csc6-57bs"},{"vulnerability":"VCID-rg6h-uhep-kyce"},{"vulnerability":"VCID-tgta-jaet-vfd3"},{"vulnerability":"VCID-ymmu-u1mr-v7ae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6"}],"aliases":["CVE-2020-24750","GHSA-qjw2-hr98-qgfh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j7qz-xhu9-aydr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204963?format=json","vulnerability_id":"VCID-jftj-9w4n-w3dn","summary":"Deserialization of untrusted data in Jackson Databind","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14060.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14060.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14060","reference_id":"","reference_type":"","scores":[{"value":"0.08718","scoring_system":"epss","scoring_elements":"0.92702","published_at":"2026-06-12T12:55:00Z"},{"value":"0.08718","scoring_system":"epss","scoring_elements":"0.92677","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14060"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14060","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14060"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/ac7232e3f9004bdb4f11dcb5bc6c1fadf074f5f7","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/ac7232e3f9004bdb4f11dcb5bc6c1fadf074f5f7"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/d1c67a0396e84c08d0558fbb843b5bd1f26e1921","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/d1c67a0396e84c08d0558fbb843b5bd1f26e1921"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2688","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2688"},{"reference_url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200702-0003","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200702-0003"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572314","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572314"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848960","reference_id":"1848960","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848960"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14060","reference_id":"CVE-2020-14060","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14060"},{"reference_url":"https://github.com/advisories/GHSA-j823-4qch-3rgm","reference_id":"GHSA-j823-4qch-3rgm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j823-4qch-3rgm"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3196","reference_id":"RHSA-2020:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3197","reference_id":"RHSA-2020:3197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3197"},{"reference_url":"https://usn.ubuntu.com/USN-4813-1/","reference_id":"USN-USN-4813-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4813-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16677?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-9wva-fncp-5khs"},{"vulnerability":"VCID-a4ns-753v-f3a4"},{"vulnerability":"VCID-beub-gxyy-ckaq"},{"vulnerability":"VCID-bwma-hhuz-8kes"},{"vulnerability":"VCID-ebf2-rfym-xuck"},{"vulnerability":"VCID-h5z6-4yu2-27dn"},{"vulnerability":"VCID-j54g-s28q-cuhs"},{"vulnerability":"VCID-j7qz-xhu9-aydr"},{"vulnerability":"VCID-pbp8-csc6-57bs"},{"vulnerability":"VCID-rg6h-uhep-kyce"},{"vulnerability":"VCID-tgta-jaet-vfd3"},{"vulnerability":"VCID-ymmu-u1mr-v7ae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.5"}],"aliases":["CVE-2020-14060","GHSA-j823-4qch-3rgm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jftj-9w4n-w3dn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8218?format=json","vulnerability_id":"VCID-pbp8-csc6-57bs","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25649.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25649.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25649","reference_id":"","reference_type":"","scores":[{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.2279","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22595","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25649"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25649","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25649"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/3d932709abd0b5390efe67451653fc9efa9db677","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/3d932709abd0b5390efe67451653fc9efa9db677"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2589","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2589"},{"reference_url":"https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386@%3Ccommits.turbine.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386@%3Ccommits.turbine.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a@%3Cnotifications.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a@%3Cnotifications.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda@%3Ccommits.druid.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda@%3Ccommits.druid.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1@%3Cdev.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1@%3Cdev.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb@%3Ccommits.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb@%3Ccommits.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd@%3Cissues.flink.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd@%3Cissues.flink.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042@%3Creviews.iotdb.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042@%3Creviews.iotdb.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805@%3Cnotifications.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805@%3Cnotifications.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61@%3Cdev.knox.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61@%3Cdev.knox.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cdev.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cdev.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cusers.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cusers.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb@%3Creviews.iotdb.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb@%3Creviews.iotdb.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4@%3Cnotifications.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4@%3Cnotifications.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07@%3Ccommits.iotdb.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07@%3Ccommits.iotdb.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8@%3Cnotifications.iotdb.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8@%3Cnotifications.iotdb.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60@%3Creviews.iotdb.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60@%3Creviews.iotdb.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5@%3Ccommits.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5@%3Ccommits.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3@%3Cuser.spark.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3@%3Cuser.spark.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cdev.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cdev.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cusers.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cusers.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0@%3Cdev.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0@%3Cdev.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22@%3Ccommits.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22@%3Ccommits.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7@%3Ccommits.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7@%3Ccommits.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3@%3Cissues.flink.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3@%3Cissues.flink.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb@%3Cdev.knox.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb@%3Cdev.knox.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d@%3Ccommits.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d@%3Ccommits.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc@%3Ccommits.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc@%3Ccommits.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1@%3Ccommits.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1@%3Ccommits.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402@%3Ccommits.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402@%3Ccommits.karaf.apache.org%3E"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25649","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25649"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210108-0007","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210108-0007"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1887664","reference_id":"1887664","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1887664"},{"reference_url":"https://github.com/advisories/GHSA-288c-cq4h-88gq","reference_id":"GHSA-288c-cq4h-88gq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-288c-cq4h-88gq"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4312","reference_id":"RHSA-2020:4312","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4312"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4379","reference_id":"RHSA-2020:4379","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4379"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4401","reference_id":"RHSA-2020:4401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4401"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4402","reference_id":"RHSA-2020:4402","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4402"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5340","reference_id":"RHSA-2020:5340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5340"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5341","reference_id":"RHSA-2020:5341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5342","reference_id":"RHSA-2020:5342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5344","reference_id":"RHSA-2020:5344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5361","reference_id":"RHSA-2020:5361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5410","reference_id":"RHSA-2020:5410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5533","reference_id":"RHSA-2020:5533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5533"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0381","reference_id":"RHSA-2021:0381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0811","reference_id":"RHSA-2021:0811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0811"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1260","reference_id":"RHSA-2021:1260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1429","reference_id":"RHSA-2021:1429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2039","reference_id":"RHSA-2021:2039","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2039"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2475","reference_id":"RHSA-2021:2475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2476","reference_id":"RHSA-2021:2476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2476"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18247?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-a4ns-753v-f3a4"},{"vulnerability":"VCID-beub-gxyy-ckaq"},{"vulnerability":"VCID-bwma-hhuz-8kes"},{"vulnerability":"VCID-ebf2-rfym-xuck"},{"vulnerability":"VCID-h5z6-4yu2-27dn"},{"vulnerability":"VCID-j54g-s28q-cuhs"},{"vulnerability":"VCID-rg6h-uhep-kyce"},{"vulnerability":"VCID-tgta-jaet-vfd3"},{"vulnerability":"VCID-ymmu-u1mr-v7ae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.7"},{"url":"http://public2.vulnerablecode.io/api/packages/382772?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-4vx9-twgz-xbcs"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-rg6h-uhep-kyce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.5.1"}],"aliases":["CVE-2020-25649","GHSA-288c-cq4h-88gq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pbp8-csc6-57bs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12456?format=json","vulnerability_id":"VCID-rg6h-uhep-kyce","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42003.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42003.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42003","reference_id":"","reference_type":"","scores":[{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52997","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52869","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42003"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/blob/2.13/release-notes/VERSION-2.x","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/blob/2.13/release-notes/VERSION-2.x"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/2c4a601c626f7790cad9d3c322d244e182838288","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/2c4a601c626f7790cad9d3c322d244e182838288"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commits/jackson-databind-2.4.0-rc1?after=75b97b8519f0d50c62523ad85170d80a197a2c86+174&branch=jackson-databind-2.4.0-rc1&qualified_name=refs%2Ftags%2Fjackson-databind-2.4.0-rc1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commits/jackson-databind-2.4.0-rc1?after=75b97b8519f0d50c62523ad85170d80a197a2c86+174&branch=jackson-databind-2.4.0-rc1&qualified_name=refs%2Ftags%2Fjackson-databind-2.4.0-rc1"},{"reference_url":"https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.13.4.1...jackson-databind-2.13.4.2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.13.4.1...jackson-databind-2.13.4.2"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/3590","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/3590"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/3627","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/3627"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221124-0004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20221124-0004"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135244","reference_id":"2135244","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135244"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42003","reference_id":"CVE-2022-42003","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42003"},{"reference_url":"https://github.com/advisories/GHSA-jjjh-jjxp-wpff","reference_id":"GHSA-jjjh-jjxp-wpff","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jjjh-jjxp-wpff"},{"reference_url":"https://security.gentoo.org/glsa/202210-21","reference_id":"GLSA-202210-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202210-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7435","reference_id":"RHSA-2022:7435","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7435"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8781","reference_id":"RHSA-2022:8781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8876","reference_id":"RHSA-2022:8876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8889","reference_id":"RHSA-2022:8889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9023","reference_id":"RHSA-2022:9023","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9023"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9032","reference_id":"RHSA-2022:9032","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9032"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0189","reference_id":"RHSA-2023:0189","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0189"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0261","reference_id":"RHSA-2023:0261","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0261"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0264","reference_id":"RHSA-2023:0264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0469","reference_id":"RHSA-2023:0469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0471","reference_id":"RHSA-2023:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0552","reference_id":"RHSA-2023:0552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0553","reference_id":"RHSA-2023:0553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0554","reference_id":"RHSA-2023:0554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0556","reference_id":"RHSA-2023:0556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0713","reference_id":"RHSA-2023:0713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1006","reference_id":"RHSA-2023:1006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1043","reference_id":"RHSA-2023:1043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1044","reference_id":"RHSA-2023:1044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1045","reference_id":"RHSA-2023:1045","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1047","reference_id":"RHSA-2023:1047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1049","reference_id":"RHSA-2023:1049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1049"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1064","reference_id":"RHSA-2023:1064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1151","reference_id":"RHSA-2023:1151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2097","reference_id":"RHSA-2023:2097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2100","reference_id":"RHSA-2023:2100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2135","reference_id":"RHSA-2023:2135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3223","reference_id":"RHSA-2023:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3641","reference_id":"RHSA-2023:3641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3663","reference_id":"RHSA-2023:3663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1746","reference_id":"RHSA-2025:1746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1747","reference_id":"RHSA-2025:1747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1747"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27212?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/27213?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4.2"}],"aliases":["CVE-2022-42003","GHSA-jjjh-jjxp-wpff"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rg6h-uhep-kyce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206840?format=json","vulnerability_id":"VCID-tgta-jaet-vfd3","summary":"Unsafe Deserialization in jackson-databind","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36187.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36187.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36187","reference_id":"","reference_type":"","scores":[{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.84605","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.84658","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36187"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36187","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36187"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2997","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2997"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210205-0005"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913933","reference_id":"1913933","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913933"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36187","reference_id":"CVE-2020-36187","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36187"},{"reference_url":"https://github.com/advisories/GHSA-r695-7vr9-jgc2","reference_id":"GHSA-r695-7vr9-jgc2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r695-7vr9-jgc2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18066?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-rg6h-uhep-kyce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-36187","GHSA-r695-7vr9-jgc2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tgta-jaet-vfd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204964?format=json","vulnerability_id":"VCID-v2ad-amun-wqaq","summary":"Deserialization of untrusted data in Jackson Databind","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14062.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14062.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14062","reference_id":"","reference_type":"","scores":[{"value":"0.09636","scoring_system":"epss","scoring_elements":"0.93066","published_at":"2026-06-11T12:55:00Z"},{"value":"0.09636","scoring_system":"epss","scoring_elements":"0.9309","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14062","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14062"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/840eae2ca81c597a0010b2126f32dce17d384b70","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/840eae2ca81c597a0010b2126f32dce17d384b70"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/99001cdb6807b5c7b170ec6a9092ecbb618ae79c","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/99001cdb6807b5c7b170ec6a9092ecbb618ae79c"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2704","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2704"},{"reference_url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200702-0003","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200702-0003"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848962","reference_id":"1848962","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848962"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14062","reference_id":"CVE-2020-14062","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14062"},{"reference_url":"https://github.com/advisories/GHSA-c265-37vj-cwcc","reference_id":"GHSA-c265-37vj-cwcc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c265-37vj-cwcc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3196","reference_id":"RHSA-2020:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3197","reference_id":"RHSA-2020:3197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4366","reference_id":"RHSA-2020:4366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4366"},{"reference_url":"https://usn.ubuntu.com/USN-4813-1/","reference_id":"USN-USN-4813-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4813-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16677?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-9wva-fncp-5khs"},{"vulnerability":"VCID-a4ns-753v-f3a4"},{"vulnerability":"VCID-beub-gxyy-ckaq"},{"vulnerability":"VCID-bwma-hhuz-8kes"},{"vulnerability":"VCID-ebf2-rfym-xuck"},{"vulnerability":"VCID-h5z6-4yu2-27dn"},{"vulnerability":"VCID-j54g-s28q-cuhs"},{"vulnerability":"VCID-j7qz-xhu9-aydr"},{"vulnerability":"VCID-pbp8-csc6-57bs"},{"vulnerability":"VCID-rg6h-uhep-kyce"},{"vulnerability":"VCID-tgta-jaet-vfd3"},{"vulnerability":"VCID-ymmu-u1mr-v7ae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.5"}],"aliases":["CVE-2020-14062","GHSA-c265-37vj-cwcc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v2ad-amun-wqaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/152255?format=json","vulnerability_id":"VCID-ykb2-yqj3-vfgw","summary":"FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14061.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14061.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14061","reference_id":"","reference_type":"","scores":[{"value":"0.0615","scoring_system":"epss","scoring_elements":"0.91016","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0615","scoring_system":"epss","scoring_elements":"0.91047","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14061"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14061","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14061"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/5c8642aeae9c756b438ab7637c90ef3c77966e6e","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/5c8642aeae9c756b438ab7637c90ef3c77966e6e"},{"reference_url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200702-0003","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200702-0003"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848966","reference_id":"1848966","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848966"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2698","reference_id":"2698","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:32:59Z/"}],"url":"https://github.com/FasterXML/jackson-databind/issues/2698"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"cpuApr2021.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:32:59Z/"}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"cpujan2021.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:32:59Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"cpujul2021.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:32:59Z/"}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"cpuoct2020.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:32:59Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"cpuoct2021.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:32:59Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14061","reference_id":"CVE-2020-14061","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14061"},{"reference_url":"https://github.com/advisories/GHSA-c2q3-4qrh-fm48","reference_id":"GHSA-c2q3-4qrh-fm48","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c2q3-4qrh-fm48"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html","reference_id":"msg00001.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:32:59Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200702-0003/","reference_id":"ntap-20200702-0003","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:32:59Z/"}],"url":"https://security.netapp.com/advisory/ntap-20200702-0003/"},{"reference_url":"https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:32:59Z/"}],"url":"https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3196","reference_id":"RHSA-2020:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3197","reference_id":"RHSA-2020:3197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4366","reference_id":"RHSA-2020:4366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4366"},{"reference_url":"https://usn.ubuntu.com/USN-4813-1/","reference_id":"USN-USN-4813-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4813-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16677?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-9wva-fncp-5khs"},{"vulnerability":"VCID-a4ns-753v-f3a4"},{"vulnerability":"VCID-beub-gxyy-ckaq"},{"vulnerability":"VCID-bwma-hhuz-8kes"},{"vulnerability":"VCID-ebf2-rfym-xuck"},{"vulnerability":"VCID-h5z6-4yu2-27dn"},{"vulnerability":"VCID-j54g-s28q-cuhs"},{"vulnerability":"VCID-j7qz-xhu9-aydr"},{"vulnerability":"VCID-pbp8-csc6-57bs"},{"vulnerability":"VCID-rg6h-uhep-kyce"},{"vulnerability":"VCID-tgta-jaet-vfd3"},{"vulnerability":"VCID-ymmu-u1mr-v7ae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.5"}],"aliases":["CVE-2020-14061","GHSA-c2q3-4qrh-fm48"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ykb2-yqj3-vfgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206837?format=json","vulnerability_id":"VCID-ymmu-u1mr-v7ae","summary":"Unsafe Deserialization in jackson-databind","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36183.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36183.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36183","reference_id":"","reference_type":"","scores":[{"value":"0.02061","scoring_system":"epss","scoring_elements":"0.8428","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02061","scoring_system":"epss","scoring_elements":"0.84335","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36183"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36183","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36183"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/12e23c962ffb4cf1857c5461d72ae54cc8008f29","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/12e23c962ffb4cf1857c5461d72ae54cc8008f29"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/3003","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/3003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210205-0005"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913927","reference_id":"1913927","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913927"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36183","reference_id":"CVE-2020-36183","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36183"},{"reference_url":"https://github.com/advisories/GHSA-9m6f-7xcq-8vf8","reference_id":"GHSA-9m6f-7xcq-8vf8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9m6f-7xcq-8vf8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18066?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-rg6h-uhep-kyce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-36183","GHSA-9m6f-7xcq-8vf8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ymmu-u1mr-v7ae"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7480?format=json","vulnerability_id":"VCID-1rbn-tr82-nfhs","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10650","reference_id":"","reference_type":"","scores":[{"value":"0.08792","scoring_system":"epss","scoring_elements":"0.92731","published_at":"2026-06-12T12:55:00Z"},{"value":"0.08792","scoring_system":"epss","scoring_elements":"0.92706","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10650"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10650","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10650"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/pull/2864","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/pull/2864"},{"reference_url":"https://github.com/luisgarciacheckmarx/LGV_onefile/issues/19","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/luisgarciacheckmarx/LGV_onefile/issues/19"},{"reference_url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230818-0007","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230818-0007"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2658","reference_id":"2658","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-14T16:21:17Z/"}],"url":"https://github.com/FasterXML/jackson-databind/issues/2658"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/a424c038ba0c0d65e579e22001dec925902ac0ef","reference_id":"a424c038ba0c0d65e579e22001dec925902ac0ef","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-14T16:21:17Z/"}],"url":"https://github.com/FasterXML/jackson-databind/commit/a424c038ba0c0d65e579e22001dec925902ac0ef"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"cpujan2021.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-14T16:21:17Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2022.html","reference_id":"cpuoct2022.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-14T16:21:17Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2022.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10650","reference_id":"CVE-2020-10650","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10650"},{"reference_url":"https://github.com/advisories/GHSA-rpr3-cw39-3pxh","reference_id":"GHSA-rpr3-cw39-3pxh","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-14T16:21:17Z/"}],"url":"https://github.com/advisories/GHSA-rpr3-cw39-3pxh"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00032.html","reference_id":"msg00032.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-14T16:21:17Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00032.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230818-0007/","reference_id":"ntap-20230818-0007","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-14T16:21:17Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230818-0007/"},{"reference_url":"https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-14T16:21:17Z/"}],"url":"https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16392?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-9wva-fncp-5khs"},{"vulnerability":"VCID-a4ns-753v-f3a4"},{"vulnerability":"VCID-beub-gxyy-ckaq"},{"vulnerability":"VCID-bwma-hhuz-8kes"},{"vulnerability":"VCID-ebf2-rfym-xuck"},{"vulnerability":"VCID-gu8e-dgse-2be4"},{"vulnerability":"VCID-h5z6-4yu2-27dn"},{"vulnerability":"VCID-j54g-s28q-cuhs"},{"vulnerability":"VCID-j7qz-xhu9-aydr"},{"vulnerability":"VCID-jftj-9w4n-w3dn"},{"vulnerability":"VCID-pbp8-csc6-57bs"},{"vulnerability":"VCID-rg6h-uhep-kyce"},{"vulnerability":"VCID-tgta-jaet-vfd3"},{"vulnerability":"VCID-v2ad-amun-wqaq"},{"vulnerability":"VCID-ykb2-yqj3-vfgw"},{"vulnerability":"VCID-ymmu-u1mr-v7ae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4"}],"aliases":["CVE-2020-10650","GHSA-rpr3-cw39-3pxh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1rbn-tr82-nfhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204810?format=json","vulnerability_id":"VCID-4n15-13mm-sqfr","summary":"jackson-databind mishandles the interaction between serialization gadgets and typing","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9547.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9547.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9547","reference_id":"","reference_type":"","scores":[{"value":"0.38262","scoring_system":"epss","scoring_elements":"0.97336","published_at":"2026-06-12T12:55:00Z"},{"value":"0.38262","scoring_system":"epss","scoring_elements":"0.97329","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9547"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/9f4e97019fb0dd836533d0b6198c88787e235ae2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/9f4e97019fb0dd836533d0b6198c88787e235ae2"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2634","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2634"},{"reference_url":"https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4accb2e0de9679174efd3d113a059bab71ff3ec53e882790d21c1cc1@%3Cnotifications.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r4accb2e0de9679174efd3d113a059bab71ff3ec53e882790d21c1cc1@%3Cnotifications.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r742ef70d126548dcf7de5be5779355c9d76a9aec71d7a9ef02c6398a@%3Cnotifications.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r742ef70d126548dcf7de5be5779355c9d76a9aec71d7a9ef02c6398a@%3Cnotifications.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra3e90712f2d59f8cef03fa796f5adf163d32b81fe7b95385f21790e6@%3Cnotifications.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra3e90712f2d59f8cef03fa796f5adf163d32b81fe7b95385f21790e6@%3Cnotifications.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc0d5d0f72da1ed6fc5e438b1ddb3fa090c73006b55f873cf845375ab@%3Cnotifications.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc0d5d0f72da1ed6fc5e438b1ddb3fa090c73006b55f873cf845375ab@%3Cnotifications.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd0e958d6d5c5ee16efed73314cd0e445c8dbb4bdcc80fc9d1d6c11fc@%3Cdev.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd0e958d6d5c5ee16efed73314cd0e445c8dbb4bdcc80fc9d1d6c11fc@%3Cdev.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/redbe4f1e21bf080f637cf9fbec47729750a2f443a919765360337428@%3Cnotifications.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/redbe4f1e21bf080f637cf9fbec47729750a2f443a919765360337428@%3Cnotifications.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"},{"reference_url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200904-0006","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200904-0006"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200904-0006/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200904-0006/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1816337","reference_id":"1816337","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1816337"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9547","reference_id":"CVE-2020-9547","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9547"},{"reference_url":"https://github.com/advisories/GHSA-q93h-jc49-78gg","reference_id":"GHSA-q93h-jc49-78gg","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q93h-jc49-78gg"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1644","reference_id":"RHSA-2020:1644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2333","reference_id":"RHSA-2020:2333","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2511","reference_id":"RHSA-2020:2511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2512","reference_id":"RHSA-2020:2512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2513","reference_id":"RHSA-2020:2513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2515","reference_id":"RHSA-2020:2515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2813","reference_id":"RHSA-2020:2813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3196","reference_id":"RHSA-2020:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3197","reference_id":"RHSA-2020:3197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3637","reference_id":"RHSA-2020:3637","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3637"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3638","reference_id":"RHSA-2020:3638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3639","reference_id":"RHSA-2020:3639","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3639"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3642","reference_id":"RHSA-2020:3642","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3642"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3779","reference_id":"RHSA-2020:3779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4366","reference_id":"RHSA-2020:4366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1746","reference_id":"RHSA-2025:1746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1746"},{"reference_url":"https://usn.ubuntu.com/USN-4813-1/","reference_id":"USN-USN-4813-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4813-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16217?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-3e79-1pn2-hqbr"},{"vulnerability":"VCID-5j5q-hb8b-7ybh"},{"vulnerability":"VCID-5qe3-9uq1-w3fa"},{"vulnerability":"VCID-6mm1-mbhs-23bw"},{"vulnerability":"VCID-83rf-bazr-nyfm"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-9wva-fncp-5khs"},{"vulnerability":"VCID-9x2p-xss7-yyae"},{"vulnerability":"VCID-a4ns-753v-f3a4"},{"vulnerability":"VCID-beub-gxyy-ckaq"},{"vulnerability":"VCID-bwma-hhuz-8kes"},{"vulnerability":"VCID-c6yp-rbn5-ybft"},{"vulnerability":"VCID-d7fc-apg8-tyh5"},{"vulnerability":"VCID-ebf2-rfym-xuck"},{"vulnerability":"VCID-h5z6-4yu2-27dn"},{"vulnerability":"VCID-j54g-s28q-cuhs"},{"vulnerability":"VCID-j7qz-xhu9-aydr"},{"vulnerability":"VCID-kecy-wbgw-x7fu"},{"vulnerability":"VCID-ncr4-82xp-eqh5"},{"vulnerability":"VCID-rg6h-uhep-kyce"},{"vulnerability":"VCID-rwt6-z926-bfht"},{"vulnerability":"VCID-skzq-uaju-hqa7"},{"vulnerability":"VCID-tgta-jaet-vfd3"},{"vulnerability":"VCID-wcx6-jegk-mqg5"},{"vulnerability":"VCID-ymmu-u1mr-v7ae"},{"vulnerability":"VCID-ysq3-uksg-8uhe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.7"},{"url":"http://public2.vulnerablecode.io/api/packages/16479?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-3e79-1pn2-hqbr"},{"vulnerability":"VCID-5j5q-hb8b-7ybh"},{"vulnerability":"VCID-5qe3-9uq1-w3fa"},{"vulnerability":"VCID-6mm1-mbhs-23bw"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-9wva-fncp-5khs"},{"vulnerability":"VCID-9x2p-xss7-yyae"},{"vulnerability":"VCID-a4ns-753v-f3a4"},{"vulnerability":"VCID-beub-gxyy-ckaq"},{"vulnerability":"VCID-bwma-hhuz-8kes"},{"vulnerability":"VCID-c6yp-rbn5-ybft"},{"vulnerability":"VCID-d7fc-apg8-tyh5"},{"vulnerability":"VCID-ebf2-rfym-xuck"},{"vulnerability":"VCID-h5z6-4yu2-27dn"},{"vulnerability":"VCID-j54g-s28q-cuhs"},{"vulnerability":"VCID-j7qz-xhu9-aydr"},{"vulnerability":"VCID-kecy-wbgw-x7fu"},{"vulnerability":"VCID-ncr4-82xp-eqh5"},{"vulnerability":"VCID-rg6h-uhep-kyce"},{"vulnerability":"VCID-skzq-uaju-hqa7"},{"vulnerability":"VCID-tgta-jaet-vfd3"},{"vulnerability":"VCID-wcx6-jegk-mqg5"},{"vulnerability":"VCID-ymmu-u1mr-v7ae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.6"},{"url":"http://public2.vulnerablecode.io/api/packages/16392?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-9wva-fncp-5khs"},{"vulnerability":"VCID-a4ns-753v-f3a4"},{"vulnerability":"VCID-beub-gxyy-ckaq"},{"vulnerability":"VCID-bwma-hhuz-8kes"},{"vulnerability":"VCID-ebf2-rfym-xuck"},{"vulnerability":"VCID-gu8e-dgse-2be4"},{"vulnerability":"VCID-h5z6-4yu2-27dn"},{"vulnerability":"VCID-j54g-s28q-cuhs"},{"vulnerability":"VCID-j7qz-xhu9-aydr"},{"vulnerability":"VCID-jftj-9w4n-w3dn"},{"vulnerability":"VCID-pbp8-csc6-57bs"},{"vulnerability":"VCID-rg6h-uhep-kyce"},{"vulnerability":"VCID-tgta-jaet-vfd3"},{"vulnerability":"VCID-v2ad-amun-wqaq"},{"vulnerability":"VCID-ykb2-yqj3-vfgw"},{"vulnerability":"VCID-ymmu-u1mr-v7ae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4"}],"aliases":["CVE-2020-9547","GHSA-q93h-jc49-78gg"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4n15-13mm-sqfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204710?format=json","vulnerability_id":"VCID-7zr2-u3f1-jqd1","summary":"jackson-databind mishandles the interaction between serialization gadgets and typing","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9546.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9546.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9546","reference_id":"","reference_type":"","scores":[{"value":"0.02327","scoring_system":"epss","scoring_elements":"0.85222","published_at":"2026-06-12T12:55:00Z"},{"value":"0.02327","scoring_system":"epss","scoring_elements":"0.85169","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9546"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2631","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2631"},{"reference_url":"https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"},{"reference_url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200904-0006","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200904-0006"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1816332","reference_id":"1816332","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1816332"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9546","reference_id":"CVE-2020-9546","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9546"},{"reference_url":"https://github.com/advisories/GHSA-5p34-5m6p-p58g","reference_id":"GHSA-5p34-5m6p-p58g","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5p34-5m6p-p58g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1644","reference_id":"RHSA-2020:1644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2511","reference_id":"RHSA-2020:2511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2512","reference_id":"RHSA-2020:2512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2513","reference_id":"RHSA-2020:2513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2515","reference_id":"RHSA-2020:2515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2813","reference_id":"RHSA-2020:2813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3196","reference_id":"RHSA-2020:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3197","reference_id":"RHSA-2020:3197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3637","reference_id":"RHSA-2020:3637","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3637"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3638","reference_id":"RHSA-2020:3638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3639","reference_id":"RHSA-2020:3639","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3639"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3642","reference_id":"RHSA-2020:3642","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3642"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3779","reference_id":"RHSA-2020:3779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4366","reference_id":"RHSA-2020:4366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1746","reference_id":"RHSA-2025:1746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1746"},{"reference_url":"https://usn.ubuntu.com/USN-4813-1/","reference_id":"USN-USN-4813-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4813-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16392?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-9wva-fncp-5khs"},{"vulnerability":"VCID-a4ns-753v-f3a4"},{"vulnerability":"VCID-beub-gxyy-ckaq"},{"vulnerability":"VCID-bwma-hhuz-8kes"},{"vulnerability":"VCID-ebf2-rfym-xuck"},{"vulnerability":"VCID-gu8e-dgse-2be4"},{"vulnerability":"VCID-h5z6-4yu2-27dn"},{"vulnerability":"VCID-j54g-s28q-cuhs"},{"vulnerability":"VCID-j7qz-xhu9-aydr"},{"vulnerability":"VCID-jftj-9w4n-w3dn"},{"vulnerability":"VCID-pbp8-csc6-57bs"},{"vulnerability":"VCID-rg6h-uhep-kyce"},{"vulnerability":"VCID-tgta-jaet-vfd3"},{"vulnerability":"VCID-v2ad-amun-wqaq"},{"vulnerability":"VCID-ykb2-yqj3-vfgw"},{"vulnerability":"VCID-ymmu-u1mr-v7ae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4"}],"aliases":["CVE-2020-9546","GHSA-5p34-5m6p-p58g"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7zr2-u3f1-jqd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/153392?format=json","vulnerability_id":"VCID-9wy4-n4u7-pycp","summary":"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10672.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10672.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10672","reference_id":"","reference_type":"","scores":[{"value":"0.38909","scoring_system":"epss","scoring_elements":"0.9737","published_at":"2026-06-12T12:55:00Z"},{"value":"0.38909","scoring_system":"epss","scoring_elements":"0.97362","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10672"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10672","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10672"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/592872f4235c7f2a3280725278da55544032f72d","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/592872f4235c7f2a3280725278da55544032f72d"},{"reference_url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200403-0002","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200403-0002"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1815495","reference_id":"1815495","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1815495"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2659","reference_id":"2659","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:48Z/"}],"url":"https://github.com/FasterXML/jackson-databind/issues/2659"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"cpujan2021.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:48Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"cpujul2020.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:48Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"cpuoct2020.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:48Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"cpuoct2021.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:48Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10672","reference_id":"CVE-2020-10672","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10672"},{"reference_url":"https://github.com/advisories/GHSA-95cm-88f5-f2c7","reference_id":"GHSA-95cm-88f5-f2c7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-95cm-88f5-f2c7"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html","reference_id":"msg00027.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:48Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200403-0002/","reference_id":"ntap-20200403-0002","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:48Z/"}],"url":"https://security.netapp.com/advisory/ntap-20200403-0002/"},{"reference_url":"https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:48Z/"}],"url":"https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1644","reference_id":"RHSA-2020:1644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2333","reference_id":"RHSA-2020:2333","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3196","reference_id":"RHSA-2020:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3197","reference_id":"RHSA-2020:3197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3461","reference_id":"RHSA-2020:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3462","reference_id":"RHSA-2020:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3463","reference_id":"RHSA-2020:3463","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3463"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3464","reference_id":"RHSA-2020:3464","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3464"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3501","reference_id":"RHSA-2020:3501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3637","reference_id":"RHSA-2020:3637","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3637"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3638","reference_id":"RHSA-2020:3638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3639","reference_id":"RHSA-2020:3639","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3639"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3642","reference_id":"RHSA-2020:3642","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3642"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3779","reference_id":"RHSA-2020:3779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1746","reference_id":"RHSA-2025:1746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1746"},{"reference_url":"https://usn.ubuntu.com/USN-4813-1/","reference_id":"USN-USN-4813-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4813-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16392?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-9wva-fncp-5khs"},{"vulnerability":"VCID-a4ns-753v-f3a4"},{"vulnerability":"VCID-beub-gxyy-ckaq"},{"vulnerability":"VCID-bwma-hhuz-8kes"},{"vulnerability":"VCID-ebf2-rfym-xuck"},{"vulnerability":"VCID-gu8e-dgse-2be4"},{"vulnerability":"VCID-h5z6-4yu2-27dn"},{"vulnerability":"VCID-j54g-s28q-cuhs"},{"vulnerability":"VCID-j7qz-xhu9-aydr"},{"vulnerability":"VCID-jftj-9w4n-w3dn"},{"vulnerability":"VCID-pbp8-csc6-57bs"},{"vulnerability":"VCID-rg6h-uhep-kyce"},{"vulnerability":"VCID-tgta-jaet-vfd3"},{"vulnerability":"VCID-v2ad-amun-wqaq"},{"vulnerability":"VCID-ykb2-yqj3-vfgw"},{"vulnerability":"VCID-ymmu-u1mr-v7ae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4"}],"aliases":["CVE-2020-10672","GHSA-95cm-88f5-f2c7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9wy4-n4u7-pycp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204803?format=json","vulnerability_id":"VCID-djr3-bksw-ruc5","summary":"jackson-databind mishandles the interaction between serialization gadgets and typing","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9548.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9548.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9548","reference_id":"","reference_type":"","scores":[{"value":"0.62015","scoring_system":"epss","scoring_elements":"0.98377","published_at":"2026-06-12T12:55:00Z"},{"value":"0.62015","scoring_system":"epss","scoring_elements":"0.9837","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9548"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9548","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9548"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/1e64db6a2fad331f96c7363fda3bc5f3dffa25bb","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/1e64db6a2fad331f96c7363fda3bc5f3dffa25bb"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/9f4e97019fb0dd836533d0b6198c88787e235ae2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/9f4e97019fb0dd836533d0b6198c88787e235ae2"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2634","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2634"},{"reference_url":"https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"},{"reference_url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200904-0006","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200904-0006"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1816340","reference_id":"1816340","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1816340"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9548","reference_id":"CVE-2020-9548","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9548"},{"reference_url":"https://github.com/advisories/GHSA-p43x-xfjf-5jhr","reference_id":"GHSA-p43x-xfjf-5jhr","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p43x-xfjf-5jhr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1644","reference_id":"RHSA-2020:1644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2511","reference_id":"RHSA-2020:2511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2512","reference_id":"RHSA-2020:2512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2513","reference_id":"RHSA-2020:2513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2515","reference_id":"RHSA-2020:2515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2813","reference_id":"RHSA-2020:2813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3196","reference_id":"RHSA-2020:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3197","reference_id":"RHSA-2020:3197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3637","reference_id":"RHSA-2020:3637","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3637"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3638","reference_id":"RHSA-2020:3638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3639","reference_id":"RHSA-2020:3639","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3639"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3642","reference_id":"RHSA-2020:3642","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3642"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3779","reference_id":"RHSA-2020:3779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4366","reference_id":"RHSA-2020:4366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1746","reference_id":"RHSA-2025:1746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1746"},{"reference_url":"https://usn.ubuntu.com/USN-4813-1/","reference_id":"USN-USN-4813-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4813-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16217?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-3e79-1pn2-hqbr"},{"vulnerability":"VCID-5j5q-hb8b-7ybh"},{"vulnerability":"VCID-5qe3-9uq1-w3fa"},{"vulnerability":"VCID-6mm1-mbhs-23bw"},{"vulnerability":"VCID-83rf-bazr-nyfm"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-9wva-fncp-5khs"},{"vulnerability":"VCID-9x2p-xss7-yyae"},{"vulnerability":"VCID-a4ns-753v-f3a4"},{"vulnerability":"VCID-beub-gxyy-ckaq"},{"vulnerability":"VCID-bwma-hhuz-8kes"},{"vulnerability":"VCID-c6yp-rbn5-ybft"},{"vulnerability":"VCID-d7fc-apg8-tyh5"},{"vulnerability":"VCID-ebf2-rfym-xuck"},{"vulnerability":"VCID-h5z6-4yu2-27dn"},{"vulnerability":"VCID-j54g-s28q-cuhs"},{"vulnerability":"VCID-j7qz-xhu9-aydr"},{"vulnerability":"VCID-kecy-wbgw-x7fu"},{"vulnerability":"VCID-ncr4-82xp-eqh5"},{"vulnerability":"VCID-rg6h-uhep-kyce"},{"vulnerability":"VCID-rwt6-z926-bfht"},{"vulnerability":"VCID-skzq-uaju-hqa7"},{"vulnerability":"VCID-tgta-jaet-vfd3"},{"vulnerability":"VCID-wcx6-jegk-mqg5"},{"vulnerability":"VCID-ymmu-u1mr-v7ae"},{"vulnerability":"VCID-ysq3-uksg-8uhe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.7"},{"url":"http://public2.vulnerablecode.io/api/packages/16479?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-3e79-1pn2-hqbr"},{"vulnerability":"VCID-5j5q-hb8b-7ybh"},{"vulnerability":"VCID-5qe3-9uq1-w3fa"},{"vulnerability":"VCID-6mm1-mbhs-23bw"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-9wva-fncp-5khs"},{"vulnerability":"VCID-9x2p-xss7-yyae"},{"vulnerability":"VCID-a4ns-753v-f3a4"},{"vulnerability":"VCID-beub-gxyy-ckaq"},{"vulnerability":"VCID-bwma-hhuz-8kes"},{"vulnerability":"VCID-c6yp-rbn5-ybft"},{"vulnerability":"VCID-d7fc-apg8-tyh5"},{"vulnerability":"VCID-ebf2-rfym-xuck"},{"vulnerability":"VCID-h5z6-4yu2-27dn"},{"vulnerability":"VCID-j54g-s28q-cuhs"},{"vulnerability":"VCID-j7qz-xhu9-aydr"},{"vulnerability":"VCID-kecy-wbgw-x7fu"},{"vulnerability":"VCID-ncr4-82xp-eqh5"},{"vulnerability":"VCID-rg6h-uhep-kyce"},{"vulnerability":"VCID-skzq-uaju-hqa7"},{"vulnerability":"VCID-tgta-jaet-vfd3"},{"vulnerability":"VCID-wcx6-jegk-mqg5"},{"vulnerability":"VCID-ymmu-u1mr-v7ae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.6"},{"url":"http://public2.vulnerablecode.io/api/packages/16392?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-9wva-fncp-5khs"},{"vulnerability":"VCID-a4ns-753v-f3a4"},{"vulnerability":"VCID-beub-gxyy-ckaq"},{"vulnerability":"VCID-bwma-hhuz-8kes"},{"vulnerability":"VCID-ebf2-rfym-xuck"},{"vulnerability":"VCID-gu8e-dgse-2be4"},{"vulnerability":"VCID-h5z6-4yu2-27dn"},{"vulnerability":"VCID-j54g-s28q-cuhs"},{"vulnerability":"VCID-j7qz-xhu9-aydr"},{"vulnerability":"VCID-jftj-9w4n-w3dn"},{"vulnerability":"VCID-pbp8-csc6-57bs"},{"vulnerability":"VCID-rg6h-uhep-kyce"},{"vulnerability":"VCID-tgta-jaet-vfd3"},{"vulnerability":"VCID-v2ad-amun-wqaq"},{"vulnerability":"VCID-ykb2-yqj3-vfgw"},{"vulnerability":"VCID-ymmu-u1mr-v7ae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4"}],"aliases":["CVE-2020-9548","GHSA-p43x-xfjf-5jhr"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-djr3-bksw-ruc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204706?format=json","vulnerability_id":"VCID-gkxx-gcqv-1kfa","summary":"jackson-databind mishandles the interaction between serialization gadgets and typing","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11620.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11620.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11620","reference_id":"","reference_type":"","scores":[{"value":"0.02124","scoring_system":"epss","scoring_elements":"0.84521","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02124","scoring_system":"epss","scoring_elements":"0.84574","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11620"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/77040d85e3eb6710508e6445640ae1a3d5e60c22","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/77040d85e3eb6710508e6445640ae1a3d5e60c22"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2682","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2682"},{"reference_url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"},{"reference_url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200511-0004","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200511-0004"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1826798","reference_id":"1826798","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1826798"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11620","reference_id":"CVE-2020-11620","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11620"},{"reference_url":"https://github.com/advisories/GHSA-h4rc-386g-6m85","reference_id":"GHSA-h4rc-386g-6m85","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h4rc-386g-6m85"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2320","reference_id":"RHSA-2020:2320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2565","reference_id":"RHSA-2020:2565","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2565"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3196","reference_id":"RHSA-2020:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3197","reference_id":"RHSA-2020:3197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3779","reference_id":"RHSA-2020:3779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5625","reference_id":"RHSA-2020:5625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5625"},{"reference_url":"https://usn.ubuntu.com/USN-4813-1/","reference_id":"USN-USN-4813-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4813-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16392?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-9wva-fncp-5khs"},{"vulnerability":"VCID-a4ns-753v-f3a4"},{"vulnerability":"VCID-beub-gxyy-ckaq"},{"vulnerability":"VCID-bwma-hhuz-8kes"},{"vulnerability":"VCID-ebf2-rfym-xuck"},{"vulnerability":"VCID-gu8e-dgse-2be4"},{"vulnerability":"VCID-h5z6-4yu2-27dn"},{"vulnerability":"VCID-j54g-s28q-cuhs"},{"vulnerability":"VCID-j7qz-xhu9-aydr"},{"vulnerability":"VCID-jftj-9w4n-w3dn"},{"vulnerability":"VCID-pbp8-csc6-57bs"},{"vulnerability":"VCID-rg6h-uhep-kyce"},{"vulnerability":"VCID-tgta-jaet-vfd3"},{"vulnerability":"VCID-v2ad-amun-wqaq"},{"vulnerability":"VCID-ykb2-yqj3-vfgw"},{"vulnerability":"VCID-ymmu-u1mr-v7ae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4"}],"aliases":["CVE-2020-11620","GHSA-h4rc-386g-6m85"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gkxx-gcqv-1kfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/153570?format=json","vulnerability_id":"VCID-j5vg-pbkx-3ya4","summary":"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11113.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11113.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11113","reference_id":"","reference_type":"","scores":[{"value":"0.60714","scoring_system":"epss","scoring_elements":"0.98329","published_at":"2026-06-12T12:55:00Z"},{"value":"0.60714","scoring_system":"epss","scoring_elements":"0.98323","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11113","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11113"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/e2ba12d5d60715d95105e3e790fc234cfb59893d","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/e2ba12d5d60715d95105e3e790fc234cfb59893d"},{"reference_url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200403-0002","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200403-0002"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1821315","reference_id":"1821315","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1821315"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2670","reference_id":"2670","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:43Z/"}],"url":"https://github.com/FasterXML/jackson-databind/issues/2670"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"cpujan2021.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:43Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"cpujul2020.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:43Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"cpuoct2020.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:43Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"cpuoct2021.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:43Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11113","reference_id":"CVE-2020-11113","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11113"},{"reference_url":"https://github.com/advisories/GHSA-9vvp-fxw6-jcxr","reference_id":"GHSA-9vvp-fxw6-jcxr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9vvp-fxw6-jcxr"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html","reference_id":"msg00012.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:43Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200403-0002/","reference_id":"ntap-20200403-0002","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:43Z/"}],"url":"https://security.netapp.com/advisory/ntap-20200403-0002/"},{"reference_url":"https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:43Z/"}],"url":"https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1523","reference_id":"RHSA-2020:1523","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1523"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2333","reference_id":"RHSA-2020:2333","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3196","reference_id":"RHSA-2020:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3197","reference_id":"RHSA-2020:3197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3779","reference_id":"RHSA-2020:3779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3817","reference_id":"RHSA-2020:3817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5625","reference_id":"RHSA-2020:5625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5625"},{"reference_url":"https://usn.ubuntu.com/USN-4813-1/","reference_id":"USN-USN-4813-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4813-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16392?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-9wva-fncp-5khs"},{"vulnerability":"VCID-a4ns-753v-f3a4"},{"vulnerability":"VCID-beub-gxyy-ckaq"},{"vulnerability":"VCID-bwma-hhuz-8kes"},{"vulnerability":"VCID-ebf2-rfym-xuck"},{"vulnerability":"VCID-gu8e-dgse-2be4"},{"vulnerability":"VCID-h5z6-4yu2-27dn"},{"vulnerability":"VCID-j54g-s28q-cuhs"},{"vulnerability":"VCID-j7qz-xhu9-aydr"},{"vulnerability":"VCID-jftj-9w4n-w3dn"},{"vulnerability":"VCID-pbp8-csc6-57bs"},{"vulnerability":"VCID-rg6h-uhep-kyce"},{"vulnerability":"VCID-tgta-jaet-vfd3"},{"vulnerability":"VCID-v2ad-amun-wqaq"},{"vulnerability":"VCID-ykb2-yqj3-vfgw"},{"vulnerability":"VCID-ymmu-u1mr-v7ae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4"}],"aliases":["CVE-2020-11113","GHSA-9vvp-fxw6-jcxr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j5vg-pbkx-3ya4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/153383?format=json","vulnerability_id":"VCID-nasd-q68s-nqcu","summary":"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10968.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10968.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10968","reference_id":"","reference_type":"","scores":[{"value":"0.03824","scoring_system":"epss","scoring_elements":"0.88437","published_at":"2026-06-12T12:55:00Z"},{"value":"0.03824","scoring_system":"epss","scoring_elements":"0.88397","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10968"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10968","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10968"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/05d7e0e13f43e12db6a51726df12c8b4d8040676","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/05d7e0e13f43e12db6a51726df12c8b4d8040676"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/08fbfacf89a4a4c026a6227a1b470ab7a13e2e88"},{"reference_url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200403-0002","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200403-0002"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1819208","reference_id":"1819208","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1819208"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2662","reference_id":"2662","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:46Z/"}],"url":"https://github.com/FasterXML/jackson-databind/issues/2662"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"cpujan2021.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:46Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"cpujul2020.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:46Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"cpuoct2020.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:46Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"cpuoct2021.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:46Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10968","reference_id":"CVE-2020-10968","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10968"},{"reference_url":"https://github.com/advisories/GHSA-rf6r-2c4q-2vwg","reference_id":"GHSA-rf6r-2c4q-2vwg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rf6r-2c4q-2vwg"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html","reference_id":"msg00012.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:46Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200403-0002/","reference_id":"ntap-20200403-0002","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:46Z/"}],"url":"https://security.netapp.com/advisory/ntap-20200403-0002/"},{"reference_url":"https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:46Z/"}],"url":"https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1523","reference_id":"RHSA-2020:1523","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1523"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2333","reference_id":"RHSA-2020:2333","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3196","reference_id":"RHSA-2020:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3197","reference_id":"RHSA-2020:3197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3779","reference_id":"RHSA-2020:3779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4366","reference_id":"RHSA-2020:4366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5625","reference_id":"RHSA-2020:5625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5625"},{"reference_url":"https://usn.ubuntu.com/USN-4813-1/","reference_id":"USN-USN-4813-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4813-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16392?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-9wva-fncp-5khs"},{"vulnerability":"VCID-a4ns-753v-f3a4"},{"vulnerability":"VCID-beub-gxyy-ckaq"},{"vulnerability":"VCID-bwma-hhuz-8kes"},{"vulnerability":"VCID-ebf2-rfym-xuck"},{"vulnerability":"VCID-gu8e-dgse-2be4"},{"vulnerability":"VCID-h5z6-4yu2-27dn"},{"vulnerability":"VCID-j54g-s28q-cuhs"},{"vulnerability":"VCID-j7qz-xhu9-aydr"},{"vulnerability":"VCID-jftj-9w4n-w3dn"},{"vulnerability":"VCID-pbp8-csc6-57bs"},{"vulnerability":"VCID-rg6h-uhep-kyce"},{"vulnerability":"VCID-tgta-jaet-vfd3"},{"vulnerability":"VCID-v2ad-amun-wqaq"},{"vulnerability":"VCID-ykb2-yqj3-vfgw"},{"vulnerability":"VCID-ymmu-u1mr-v7ae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4"}],"aliases":["CVE-2020-10968","GHSA-rf6r-2c4q-2vwg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nasd-q68s-nqcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/153599?format=json","vulnerability_id":"VCID-s846-v89n-pfb4","summary":"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11111.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11111.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11111","reference_id":"","reference_type":"","scores":[{"value":"0.02082","scoring_system":"epss","scoring_elements":"0.84408","published_at":"2026-06-12T12:55:00Z"},{"value":"0.02082","scoring_system":"epss","scoring_elements":"0.84353","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11111"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200403-0002","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200403-0002"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1821304","reference_id":"1821304","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1821304"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2664","reference_id":"2664","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:44Z/"}],"url":"https://github.com/FasterXML/jackson-databind/issues/2664"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"cpujan2021.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:44Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"cpujul2020.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:44Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"cpuoct2020.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:44Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"cpuoct2021.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:44Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11111","reference_id":"CVE-2020-11111","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11111"},{"reference_url":"https://github.com/advisories/GHSA-v3xw-c963-f5hc","reference_id":"GHSA-v3xw-c963-f5hc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v3xw-c963-f5hc"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html","reference_id":"msg00012.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:44Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200403-0002/","reference_id":"ntap-20200403-0002","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:44Z/"}],"url":"https://security.netapp.com/advisory/ntap-20200403-0002/"},{"reference_url":"https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:44Z/"}],"url":"https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1523","reference_id":"RHSA-2020:1523","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1523"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2333","reference_id":"RHSA-2020:2333","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3196","reference_id":"RHSA-2020:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3197","reference_id":"RHSA-2020:3197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3779","reference_id":"RHSA-2020:3779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5625","reference_id":"RHSA-2020:5625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5625"},{"reference_url":"https://usn.ubuntu.com/USN-4813-1/","reference_id":"USN-USN-4813-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4813-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16392?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-9wva-fncp-5khs"},{"vulnerability":"VCID-a4ns-753v-f3a4"},{"vulnerability":"VCID-beub-gxyy-ckaq"},{"vulnerability":"VCID-bwma-hhuz-8kes"},{"vulnerability":"VCID-ebf2-rfym-xuck"},{"vulnerability":"VCID-gu8e-dgse-2be4"},{"vulnerability":"VCID-h5z6-4yu2-27dn"},{"vulnerability":"VCID-j54g-s28q-cuhs"},{"vulnerability":"VCID-j7qz-xhu9-aydr"},{"vulnerability":"VCID-jftj-9w4n-w3dn"},{"vulnerability":"VCID-pbp8-csc6-57bs"},{"vulnerability":"VCID-rg6h-uhep-kyce"},{"vulnerability":"VCID-tgta-jaet-vfd3"},{"vulnerability":"VCID-v2ad-amun-wqaq"},{"vulnerability":"VCID-ykb2-yqj3-vfgw"},{"vulnerability":"VCID-ymmu-u1mr-v7ae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4"}],"aliases":["CVE-2020-11111","GHSA-v3xw-c963-f5hc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s846-v89n-pfb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/153385?format=json","vulnerability_id":"VCID-y8zh-9nz1-6bh4","summary":"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10969.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10969.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10969","reference_id":"","reference_type":"","scores":[{"value":"0.01035","scoring_system":"epss","scoring_elements":"0.77871","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01035","scoring_system":"epss","scoring_elements":"0.77803","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10969"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/6ba48457984943df0de92c54144f7dcae01b1221","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/6ba48457984943df0de92c54144f7dcae01b1221"},{"reference_url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200403-0002","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200403-0002"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1819212","reference_id":"1819212","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1819212"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2642","reference_id":"2642","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:45Z/"}],"url":"https://github.com/FasterXML/jackson-databind/issues/2642"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"cpujan2021.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:45Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"cpujul2020.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:45Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"cpuoct2020.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:45Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"cpuoct2021.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:45Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10969","reference_id":"CVE-2020-10969","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10969"},{"reference_url":"https://github.com/advisories/GHSA-758m-v56v-grj4","reference_id":"GHSA-758m-v56v-grj4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-758m-v56v-grj4"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html","reference_id":"msg00012.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:45Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200403-0002/","reference_id":"ntap-20200403-0002","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:45Z/"}],"url":"https://security.netapp.com/advisory/ntap-20200403-0002/"},{"reference_url":"https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:45Z/"}],"url":"https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1523","reference_id":"RHSA-2020:1523","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1523"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2333","reference_id":"RHSA-2020:2333","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2813","reference_id":"RHSA-2020:2813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3196","reference_id":"RHSA-2020:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3197","reference_id":"RHSA-2020:3197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3779","reference_id":"RHSA-2020:3779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4366","reference_id":"RHSA-2020:4366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4366"},{"reference_url":"https://usn.ubuntu.com/USN-4813-1/","reference_id":"USN-USN-4813-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4813-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16217?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-3e79-1pn2-hqbr"},{"vulnerability":"VCID-5j5q-hb8b-7ybh"},{"vulnerability":"VCID-5qe3-9uq1-w3fa"},{"vulnerability":"VCID-6mm1-mbhs-23bw"},{"vulnerability":"VCID-83rf-bazr-nyfm"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-9wva-fncp-5khs"},{"vulnerability":"VCID-9x2p-xss7-yyae"},{"vulnerability":"VCID-a4ns-753v-f3a4"},{"vulnerability":"VCID-beub-gxyy-ckaq"},{"vulnerability":"VCID-bwma-hhuz-8kes"},{"vulnerability":"VCID-c6yp-rbn5-ybft"},{"vulnerability":"VCID-d7fc-apg8-tyh5"},{"vulnerability":"VCID-ebf2-rfym-xuck"},{"vulnerability":"VCID-h5z6-4yu2-27dn"},{"vulnerability":"VCID-j54g-s28q-cuhs"},{"vulnerability":"VCID-j7qz-xhu9-aydr"},{"vulnerability":"VCID-kecy-wbgw-x7fu"},{"vulnerability":"VCID-ncr4-82xp-eqh5"},{"vulnerability":"VCID-rg6h-uhep-kyce"},{"vulnerability":"VCID-rwt6-z926-bfht"},{"vulnerability":"VCID-skzq-uaju-hqa7"},{"vulnerability":"VCID-tgta-jaet-vfd3"},{"vulnerability":"VCID-wcx6-jegk-mqg5"},{"vulnerability":"VCID-ymmu-u1mr-v7ae"},{"vulnerability":"VCID-ysq3-uksg-8uhe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.7"},{"url":"http://public2.vulnerablecode.io/api/packages/16479?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-3e79-1pn2-hqbr"},{"vulnerability":"VCID-5j5q-hb8b-7ybh"},{"vulnerability":"VCID-5qe3-9uq1-w3fa"},{"vulnerability":"VCID-6mm1-mbhs-23bw"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-9wva-fncp-5khs"},{"vulnerability":"VCID-9x2p-xss7-yyae"},{"vulnerability":"VCID-a4ns-753v-f3a4"},{"vulnerability":"VCID-beub-gxyy-ckaq"},{"vulnerability":"VCID-bwma-hhuz-8kes"},{"vulnerability":"VCID-c6yp-rbn5-ybft"},{"vulnerability":"VCID-d7fc-apg8-tyh5"},{"vulnerability":"VCID-ebf2-rfym-xuck"},{"vulnerability":"VCID-h5z6-4yu2-27dn"},{"vulnerability":"VCID-j54g-s28q-cuhs"},{"vulnerability":"VCID-j7qz-xhu9-aydr"},{"vulnerability":"VCID-kecy-wbgw-x7fu"},{"vulnerability":"VCID-ncr4-82xp-eqh5"},{"vulnerability":"VCID-rg6h-uhep-kyce"},{"vulnerability":"VCID-skzq-uaju-hqa7"},{"vulnerability":"VCID-tgta-jaet-vfd3"},{"vulnerability":"VCID-wcx6-jegk-mqg5"},{"vulnerability":"VCID-ymmu-u1mr-v7ae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.6"},{"url":"http://public2.vulnerablecode.io/api/packages/16392?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-9wva-fncp-5khs"},{"vulnerability":"VCID-a4ns-753v-f3a4"},{"vulnerability":"VCID-beub-gxyy-ckaq"},{"vulnerability":"VCID-bwma-hhuz-8kes"},{"vulnerability":"VCID-ebf2-rfym-xuck"},{"vulnerability":"VCID-gu8e-dgse-2be4"},{"vulnerability":"VCID-h5z6-4yu2-27dn"},{"vulnerability":"VCID-j54g-s28q-cuhs"},{"vulnerability":"VCID-j7qz-xhu9-aydr"},{"vulnerability":"VCID-jftj-9w4n-w3dn"},{"vulnerability":"VCID-pbp8-csc6-57bs"},{"vulnerability":"VCID-rg6h-uhep-kyce"},{"vulnerability":"VCID-tgta-jaet-vfd3"},{"vulnerability":"VCID-v2ad-amun-wqaq"},{"vulnerability":"VCID-ykb2-yqj3-vfgw"},{"vulnerability":"VCID-ymmu-u1mr-v7ae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4"}],"aliases":["CVE-2020-10969","GHSA-758m-v56v-grj4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y8zh-9nz1-6bh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/153577?format=json","vulnerability_id":"VCID-yk4b-82wg-auf5","summary":"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11112.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11112.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11112","reference_id":"","reference_type":"","scores":[{"value":"0.06772","scoring_system":"epss","scoring_elements":"0.91539","published_at":"2026-06-12T12:55:00Z"},{"value":"0.06772","scoring_system":"epss","scoring_elements":"0.91509","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11112"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11112","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11112"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200403-0002","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200403-0002"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1821311","reference_id":"1821311","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1821311"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2666","reference_id":"2666","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:42Z/"}],"url":"https://github.com/FasterXML/jackson-databind/issues/2666"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"cpujan2021.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:42Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"cpujul2020.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:42Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"cpuoct2020.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:42Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"cpuoct2021.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:42Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11112","reference_id":"CVE-2020-11112","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11112"},{"reference_url":"https://github.com/advisories/GHSA-58pp-9c76-5625","reference_id":"GHSA-58pp-9c76-5625","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-58pp-9c76-5625"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html","reference_id":"msg00012.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:42Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200403-0002/","reference_id":"ntap-20200403-0002","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:42Z/"}],"url":"https://security.netapp.com/advisory/ntap-20200403-0002/"},{"reference_url":"https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:42Z/"}],"url":"https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1523","reference_id":"RHSA-2020:1523","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1523"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2333","reference_id":"RHSA-2020:2333","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3196","reference_id":"RHSA-2020:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3197","reference_id":"RHSA-2020:3197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3779","reference_id":"RHSA-2020:3779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5625","reference_id":"RHSA-2020:5625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5625"},{"reference_url":"https://usn.ubuntu.com/USN-4813-1/","reference_id":"USN-USN-4813-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4813-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16392?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-9wva-fncp-5khs"},{"vulnerability":"VCID-a4ns-753v-f3a4"},{"vulnerability":"VCID-beub-gxyy-ckaq"},{"vulnerability":"VCID-bwma-hhuz-8kes"},{"vulnerability":"VCID-ebf2-rfym-xuck"},{"vulnerability":"VCID-gu8e-dgse-2be4"},{"vulnerability":"VCID-h5z6-4yu2-27dn"},{"vulnerability":"VCID-j54g-s28q-cuhs"},{"vulnerability":"VCID-j7qz-xhu9-aydr"},{"vulnerability":"VCID-jftj-9w4n-w3dn"},{"vulnerability":"VCID-pbp8-csc6-57bs"},{"vulnerability":"VCID-rg6h-uhep-kyce"},{"vulnerability":"VCID-tgta-jaet-vfd3"},{"vulnerability":"VCID-v2ad-amun-wqaq"},{"vulnerability":"VCID-ykb2-yqj3-vfgw"},{"vulnerability":"VCID-ymmu-u1mr-v7ae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4"}],"aliases":["CVE-2020-11112","GHSA-58pp-9c76-5625"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yk4b-82wg-auf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/153381?format=json","vulnerability_id":"VCID-yn5b-b6qq-xffs","summary":"FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10673.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10673.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10673","reference_id":"","reference_type":"","scores":[{"value":"0.20473","scoring_system":"epss","scoring_elements":"0.95702","published_at":"2026-06-12T12:55:00Z"},{"value":"0.20473","scoring_system":"epss","scoring_elements":"0.95689","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10673"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10673","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10673"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/1645efbd392989cf015f459a91c999e59c921b15","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/1645efbd392989cf015f459a91c999e59c921b15"},{"reference_url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200403-0002","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200403-0002"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1815470","reference_id":"1815470","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1815470"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2660","reference_id":"2660","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:47Z/"}],"url":"https://github.com/FasterXML/jackson-databind/issues/2660"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"cpujan2021.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:47Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"cpujul2020.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:47Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"cpuoct2020.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:47Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"cpuoct2021.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:47Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10673","reference_id":"CVE-2020-10673","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10673"},{"reference_url":"https://github.com/advisories/GHSA-fqwf-pjwf-7vqv","reference_id":"GHSA-fqwf-pjwf-7vqv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fqwf-pjwf-7vqv"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html","reference_id":"msg00027.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:47Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200403-0002/","reference_id":"ntap-20200403-0002","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:47Z/"}],"url":"https://security.netapp.com/advisory/ntap-20200403-0002/"},{"reference_url":"https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:47Z/"}],"url":"https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1644","reference_id":"RHSA-2020:1644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3196","reference_id":"RHSA-2020:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3197","reference_id":"RHSA-2020:3197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3461","reference_id":"RHSA-2020:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3462","reference_id":"RHSA-2020:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3463","reference_id":"RHSA-2020:3463","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3463"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3464","reference_id":"RHSA-2020:3464","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3464"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3501","reference_id":"RHSA-2020:3501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3585","reference_id":"RHSA-2020:3585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3637","reference_id":"RHSA-2020:3637","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3637"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3638","reference_id":"RHSA-2020:3638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3639","reference_id":"RHSA-2020:3639","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3639"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3642","reference_id":"RHSA-2020:3642","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3642"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3779","reference_id":"RHSA-2020:3779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1746","reference_id":"RHSA-2025:1746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1746"},{"reference_url":"https://usn.ubuntu.com/USN-4813-1/","reference_id":"USN-USN-4813-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4813-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16216?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-176g-xhm6-37cm"},{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-3e79-1pn2-hqbr"},{"vulnerability":"VCID-5qe3-9uq1-w3fa"},{"vulnerability":"VCID-6mm1-mbhs-23bw"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-9wva-fncp-5khs"},{"vulnerability":"VCID-9x2p-xss7-yyae"},{"vulnerability":"VCID-a4ns-753v-f3a4"},{"vulnerability":"VCID-beub-gxyy-ckaq"},{"vulnerability":"VCID-bwma-hhuz-8kes"},{"vulnerability":"VCID-c6yp-rbn5-ybft"},{"vulnerability":"VCID-d7fc-apg8-tyh5"},{"vulnerability":"VCID-ebf2-rfym-xuck"},{"vulnerability":"VCID-epj9-sgcj-2ygr"},{"vulnerability":"VCID-f9uf-9x2e-dkb5"},{"vulnerability":"VCID-h5z6-4yu2-27dn"},{"vulnerability":"VCID-j54g-s28q-cuhs"},{"vulnerability":"VCID-j7qz-xhu9-aydr"},{"vulnerability":"VCID-kens-84bv-f3g9"},{"vulnerability":"VCID-ncr4-82xp-eqh5"},{"vulnerability":"VCID-nd7y-81kk-cbhw"},{"vulnerability":"VCID-rg6h-uhep-kyce"},{"vulnerability":"VCID-rwt6-z926-bfht"},{"vulnerability":"VCID-tgta-jaet-vfd3"},{"vulnerability":"VCID-ymmu-u1mr-v7ae"},{"vulnerability":"VCID-ysq3-uksg-8uhe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.4"},{"url":"http://public2.vulnerablecode.io/api/packages/16392?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-9wva-fncp-5khs"},{"vulnerability":"VCID-a4ns-753v-f3a4"},{"vulnerability":"VCID-beub-gxyy-ckaq"},{"vulnerability":"VCID-bwma-hhuz-8kes"},{"vulnerability":"VCID-ebf2-rfym-xuck"},{"vulnerability":"VCID-gu8e-dgse-2be4"},{"vulnerability":"VCID-h5z6-4yu2-27dn"},{"vulnerability":"VCID-j54g-s28q-cuhs"},{"vulnerability":"VCID-j7qz-xhu9-aydr"},{"vulnerability":"VCID-jftj-9w4n-w3dn"},{"vulnerability":"VCID-pbp8-csc6-57bs"},{"vulnerability":"VCID-rg6h-uhep-kyce"},{"vulnerability":"VCID-tgta-jaet-vfd3"},{"vulnerability":"VCID-v2ad-amun-wqaq"},{"vulnerability":"VCID-ykb2-yqj3-vfgw"},{"vulnerability":"VCID-ymmu-u1mr-v7ae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4"}],"aliases":["CVE-2020-10673","GHSA-fqwf-pjwf-7vqv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yn5b-b6qq-xffs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204801?format=json","vulnerability_id":"VCID-yv39-gzve-yke1","summary":"jackson-databind mishandles the interaction between serialization gadgets and typing","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11619.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11619.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11619","reference_id":"","reference_type":"","scores":[{"value":"0.0133","scoring_system":"epss","scoring_elements":"0.80424","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0133","scoring_system":"epss","scoring_elements":"0.80363","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11619","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11619"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2680","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2680"},{"reference_url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"},{"reference_url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200511-0004","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200511-0004"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1826805","reference_id":"1826805","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1826805"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11619","reference_id":"CVE-2020-11619","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11619"},{"reference_url":"https://github.com/advisories/GHSA-27xj-rqx5-2255","reference_id":"GHSA-27xj-rqx5-2255","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-27xj-rqx5-2255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2320","reference_id":"RHSA-2020:2320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2565","reference_id":"RHSA-2020:2565","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2565"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3196","reference_id":"RHSA-2020:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3197","reference_id":"RHSA-2020:3197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3779","reference_id":"RHSA-2020:3779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4366","reference_id":"RHSA-2020:4366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5625","reference_id":"RHSA-2020:5625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5625"},{"reference_url":"https://usn.ubuntu.com/USN-4813-1/","reference_id":"USN-USN-4813-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4813-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16392?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1zgj-pwjz-tkf9"},{"vulnerability":"VCID-9gek-hwbv-87hc"},{"vulnerability":"VCID-9wva-fncp-5khs"},{"vulnerability":"VCID-a4ns-753v-f3a4"},{"vulnerability":"VCID-beub-gxyy-ckaq"},{"vulnerability":"VCID-bwma-hhuz-8kes"},{"vulnerability":"VCID-ebf2-rfym-xuck"},{"vulnerability":"VCID-gu8e-dgse-2be4"},{"vulnerability":"VCID-h5z6-4yu2-27dn"},{"vulnerability":"VCID-j54g-s28q-cuhs"},{"vulnerability":"VCID-j7qz-xhu9-aydr"},{"vulnerability":"VCID-jftj-9w4n-w3dn"},{"vulnerability":"VCID-pbp8-csc6-57bs"},{"vulnerability":"VCID-rg6h-uhep-kyce"},{"vulnerability":"VCID-tgta-jaet-vfd3"},{"vulnerability":"VCID-v2ad-amun-wqaq"},{"vulnerability":"VCID-ykb2-yqj3-vfgw"},{"vulnerability":"VCID-ymmu-u1mr-v7ae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4"}],"aliases":["CVE-2020-11619","GHSA-27xj-rqx5-2255"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yv39-gzve-yke1"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.4"}