{"url":"http://public2.vulnerablecode.io/api/packages/41767?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","type":"maven","namespace":"com.fasterxml.jackson.core","name":"jackson-databind","version":"2.9.10.8","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.12.7.1","latest_non_vulnerable_version":"2.16.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41775?format=json","vulnerability_id":"VCID-9h46-72hw-bkcr","summary":"Multiple vulnerabilities have been found in FasterXML jackson-databind, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42003.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42003.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42003","reference_id":"","reference_type":"","scores":[{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.5256","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54935","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54883","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54909","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54878","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54928","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54926","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54939","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.5492","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54897","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57148","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57138","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57117","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57184","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57124","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.593","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59358","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59295","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59252","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42003"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/blob/2.13/release-notes/VERSION-2.x","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/blob/2.13/release-notes/VERSION-2.x"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/2c4a601c626f7790cad9d3c322d244e182838288","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/2c4a601c626f7790cad9d3c322d244e182838288"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commits/jackson-databind-2.4.0-rc1?after=75b97b8519f0d50c62523ad85170d80a197a2c86+174&branch=jackson-databind-2.4.0-rc1&qualified_name=refs%2Ftags%2Fjackson-databind-2.4.0-rc1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commits/jackson-databind-2.4.0-rc1?after=75b97b8519f0d50c62523ad85170d80a197a2c86+174&branch=jackson-databind-2.4.0-rc1&qualified_name=refs%2Ftags%2Fjackson-databind-2.4.0-rc1"},{"reference_url":"https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.13.4.1...jackson-databind-2.13.4.2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.13.4.1...jackson-databind-2.13.4.2"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/3590","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/3590"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/3627","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/3627"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42003","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221124-0004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20221124-0004"},{"reference_url":"https://www.debian.org/security/2022/dsa-5283","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2022/dsa-5283"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135244","reference_id":"2135244","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135244"},{"reference_url":"https://github.com/advisories/GHSA-jjjh-jjxp-wpff","reference_id":"GHSA-jjjh-jjxp-wpff","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jjjh-jjxp-wpff"},{"reference_url":"https://security.gentoo.org/glsa/202210-21","reference_id":"GLSA-202210-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202210-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7435","reference_id":"RHSA-2022:7435","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7435"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8781","reference_id":"RHSA-2022:8781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8876","reference_id":"RHSA-2022:8876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8889","reference_id":"RHSA-2022:8889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9023","reference_id":"RHSA-2022:9023","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9023"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9032","reference_id":"RHSA-2022:9032","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9032"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0189","reference_id":"RHSA-2023:0189","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0189"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0261","reference_id":"RHSA-2023:0261","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0261"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0264","reference_id":"RHSA-2023:0264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0469","reference_id":"RHSA-2023:0469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0471","reference_id":"RHSA-2023:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0552","reference_id":"RHSA-2023:0552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0553","reference_id":"RHSA-2023:0553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0554","reference_id":"RHSA-2023:0554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0556","reference_id":"RHSA-2023:0556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0713","reference_id":"RHSA-2023:0713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1006","reference_id":"RHSA-2023:1006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1064","reference_id":"RHSA-2023:1064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1151","reference_id":"RHSA-2023:1151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2097","reference_id":"RHSA-2023:2097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2100","reference_id":"RHSA-2023:2100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3223","reference_id":"RHSA-2023:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3641","reference_id":"RHSA-2023:3641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3663","reference_id":"RHSA-2023:3663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1746","reference_id":"RHSA-2025:1746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1747","reference_id":"RHSA-2025:1747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1747"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79380?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/79381?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4.2"}],"aliases":["CVE-2022-42003","GHSA-jjjh-jjxp-wpff"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9h46-72hw-bkcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41776?format=json","vulnerability_id":"VCID-v2pq-1qhm-4qb9","summary":"Multiple vulnerabilities have been found in FasterXML jackson-databind, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42004.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42004.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42004","reference_id":"","reference_type":"","scores":[{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45641","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50619","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50664","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50651","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50716","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50683","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50708","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50719","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50703","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50695","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50745","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50766","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.5076","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50735","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50758","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53161","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53119","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53068","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53115","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42004"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/35de19e7144c4df8ab178b800ba86e80c3d84252","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/35de19e7144c4df8ab178b800ba86e80c3d84252"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/3582","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/3582"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42004"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221118-0008","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20221118-0008"},{"reference_url":"https://www.debian.org/security/2022/dsa-5283","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2022/dsa-5283"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135247","reference_id":"2135247","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135247"},{"reference_url":"https://github.com/advisories/GHSA-rgv9-q543-rqg4","reference_id":"GHSA-rgv9-q543-rqg4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rgv9-q543-rqg4"},{"reference_url":"https://security.gentoo.org/glsa/202210-21","reference_id":"GLSA-202210-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202210-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7435","reference_id":"RHSA-2022:7435","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7435"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8781","reference_id":"RHSA-2022:8781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8876","reference_id":"RHSA-2022:8876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8889","reference_id":"RHSA-2022:8889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9023","reference_id":"RHSA-2022:9023","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9023"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9032","reference_id":"RHSA-2022:9032","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9032"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0189","reference_id":"RHSA-2023:0189","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0189"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0264","reference_id":"RHSA-2023:0264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0469","reference_id":"RHSA-2023:0469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0471","reference_id":"RHSA-2023:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0552","reference_id":"RHSA-2023:0552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0553","reference_id":"RHSA-2023:0553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0554","reference_id":"RHSA-2023:0554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0556","reference_id":"RHSA-2023:0556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0713","reference_id":"RHSA-2023:0713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1006","reference_id":"RHSA-2023:1006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1064","reference_id":"RHSA-2023:1064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2097","reference_id":"RHSA-2023:2097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2100","reference_id":"RHSA-2023:2100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3223","reference_id":"RHSA-2023:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3641","reference_id":"RHSA-2023:3641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3663","reference_id":"RHSA-2023:3663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1746","reference_id":"RHSA-2025:1746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1747","reference_id":"RHSA-2025:1747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1747"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79380?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/79420?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9h46-72hw-bkcr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4"}],"aliases":["CVE-2022-42004","GHSA-rgv9-q543-rqg4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v2pq-1qhm-4qb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13270?format=json","vulnerability_id":"VCID-v6ek-y7cn-kycd","summary":"Uncontrolled Resource Consumption\njackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36518.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36518.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36518","reference_id":"","reference_type":"","scores":[{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64923","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66688","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66714","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66671","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66627","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66653","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66654","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66639","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66615","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66631","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66613","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66505","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66541","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66708","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66569","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66544","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66577","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66609","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66621","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66603","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66589","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/0a8157c6ca478b1bc7be4ba7dccdb3863275f0de","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/0a8157c6ca478b1bc7be4ba7dccdb3863275f0de"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/3cc52f82ecf943e06c1d7c3b078e405fb3923d2b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/3cc52f82ecf943e06c1d7c3b078e405fb3923d2b"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/8238ab41d0350fb915797c89d46777b4496b74fd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/8238ab41d0350fb915797c89d46777b4496b74fd"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/b3587924ee5d8695942f364d0d404d48d0ea6126","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/b3587924ee5d8695942f364d0d404d48d0ea6126"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2816","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/"}],"url":"https://github.com/FasterXML/jackson-databind/issues/2816"},{"reference_url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12"},{"reference_url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220506-0004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220506-0004"},{"reference_url":"https://www.debian.org/security/2022/dsa-5283","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/"}],"url":"https://www.debian.org/security/2022/dsa-5283"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007109","reference_id":"1007109","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007109"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064698","reference_id":"2064698","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064698"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36518","reference_id":"CVE-2020-36518","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36518"},{"reference_url":"https://github.com/advisories/GHSA-57j2-w4cx-62h2","reference_id":"GHSA-57j2-w4cx-62h2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-57j2-w4cx-62h2"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220506-0004/","reference_id":"ntap-20220506-0004","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220506-0004/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2232","reference_id":"RHSA-2022:2232","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2232"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4918","reference_id":"RHSA-2022:4918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4919","reference_id":"RHSA-2022:4919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4922","reference_id":"RHSA-2022:4922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5029","reference_id":"RHSA-2022:5029","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5029"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5101","reference_id":"RHSA-2022:5101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5532","reference_id":"RHSA-2022:5532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5596","reference_id":"RHSA-2022:5596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6407","reference_id":"RHSA-2022:6407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6782","reference_id":"RHSA-2022:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6783","reference_id":"RHSA-2022:6783","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6783"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6787","reference_id":"RHSA-2022:6787","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6787"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6819","reference_id":"RHSA-2022:6819","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6819"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7409","reference_id":"RHSA-2022:7409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7410","reference_id":"RHSA-2022:7410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7411","reference_id":"RHSA-2022:7411","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7417","reference_id":"RHSA-2022:7417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7417"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7435","reference_id":"RHSA-2022:7435","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7435"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8781","reference_id":"RHSA-2022:8781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8889","reference_id":"RHSA-2022:8889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0264","reference_id":"RHSA-2023:0264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2312","reference_id":"RHSA-2023:2312","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2312"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3223","reference_id":"RHSA-2023:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3061","reference_id":"RHSA-2024:3061","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3061"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/47429?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/47431?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2.1"}],"aliases":["CVE-2020-36518","GHSA-57j2-w4cx-62h2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v6ek-y7cn-kycd"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11720?format=json","vulnerability_id":"VCID-4an1-3hs5-3yd6","summary":"Unsafe Deserialization in jackson-databind\nFasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36183.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36183.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36183","reference_id":"","reference_type":"","scores":[{"value":"0.02061","scoring_system":"epss","scoring_elements":"0.84088","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02061","scoring_system":"epss","scoring_elements":"0.84055","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02061","scoring_system":"epss","scoring_elements":"0.83914","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02061","scoring_system":"epss","scoring_elements":"0.8394","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02061","scoring_system":"epss","scoring_elements":"0.83939","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02061","scoring_system":"epss","scoring_elements":"0.83918","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02061","scoring_system":"epss","scoring_elements":"0.83924","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02061","scoring_system":"epss","scoring_elements":"0.83907","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02061","scoring_system":"epss","scoring_elements":"0.83901","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02061","scoring_system":"epss","scoring_elements":"0.83877","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02061","scoring_system":"epss","scoring_elements":"0.83876","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02061","scoring_system":"epss","scoring_elements":"0.8386","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02061","scoring_system":"epss","scoring_elements":"0.83846","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02068","scoring_system":"epss","scoring_elements":"0.83988","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02068","scoring_system":"epss","scoring_elements":"0.83995","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02241","scoring_system":"epss","scoring_elements":"0.84663","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02241","scoring_system":"epss","scoring_elements":"0.84637","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02241","scoring_system":"epss","scoring_elements":"0.84621","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02241","scoring_system":"epss","scoring_elements":"0.84677","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02241","scoring_system":"epss","scoring_elements":"0.8468","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36183"},{"reference_url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36183","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36183"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/12e23c962ffb4cf1857c5461d72ae54cc8008f29","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/12e23c962ffb4cf1857c5461d72ae54cc8008f29"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/3003","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/3003"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210205-0005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210205-0005/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913927","reference_id":"1913927","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913927"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36183","reference_id":"CVE-2020-36183","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36183"},{"reference_url":"https://github.com/advisories/GHSA-9m6f-7xcq-8vf8","reference_id":"GHSA-9m6f-7xcq-8vf8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9m6f-7xcq-8vf8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42026?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16af-yv1z-xufy"},{"vulnerability":"VCID-5r6v-ej7d-ubgv"},{"vulnerability":"VCID-6zee-aqcc-vfbp"},{"vulnerability":"VCID-8h7y-y4pv-cyd3"},{"vulnerability":"VCID-8jw8-6tev-aqgm"},{"vulnerability":"VCID-8tmq-zbmb-m7h4"},{"vulnerability":"VCID-96pq-m4f3-zbad"},{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-avut-gmwd-jqfp"},{"vulnerability":"VCID-bypv-wfhs-sbe4"},{"vulnerability":"VCID-ceub-d4s9-dkcd"},{"vulnerability":"VCID-cytp-mr4h-g3ds"},{"vulnerability":"VCID-hwnx-vf4v-f3db"},{"vulnerability":"VCID-jcgb-bewy-4kff"},{"vulnerability":"VCID-jx9y-fyfm-bqdr"},{"vulnerability":"VCID-svkb-adja-qfef"},{"vulnerability":"VCID-swqd-uk56-wkat"},{"vulnerability":"VCID-tm7y-tnx3-43dq"},{"vulnerability":"VCID-ukwd-7rkh-sfhj"},{"vulnerability":"VCID-unwq-s63h-uuaw"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"},{"vulnerability":"VCID-wds4-urpb-euby"},{"vulnerability":"VCID-x6g1-qw1v-jbas"},{"vulnerability":"VCID-ypbt-p34k-hfbc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5"},{"url":"http://public2.vulnerablecode.io/api/packages/41767?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-36183","GHSA-9m6f-7xcq-8vf8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4an1-3hs5-3yd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11714?format=json","vulnerability_id":"VCID-4vx2-s262-ckbp","summary":"Unsafe Deserialization in jackson-databind\nFasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36188.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36188.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36188","reference_id":"","reference_type":"","scores":[{"value":"0.0944","scoring_system":"epss","scoring_elements":"0.92892","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0944","scoring_system":"epss","scoring_elements":"0.92867","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0944","scoring_system":"epss","scoring_elements":"0.92813","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0944","scoring_system":"epss","scoring_elements":"0.92818","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0944","scoring_system":"epss","scoring_elements":"0.92814","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0944","scoring_system":"epss","scoring_elements":"0.92802","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0944","scoring_system":"epss","scoring_elements":"0.92803","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0944","scoring_system":"epss","scoring_elements":"0.92799","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0944","scoring_system":"epss","scoring_elements":"0.92795","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0944","scoring_system":"epss","scoring_elements":"0.92785","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0944","scoring_system":"epss","scoring_elements":"0.92788","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0944","scoring_system":"epss","scoring_elements":"0.92783","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0944","scoring_system":"epss","scoring_elements":"0.92777","published_at":"2026-04-01T12:55:00Z"},{"value":"0.09471","scoring_system":"epss","scoring_elements":"0.92842","published_at":"2026-04-24T12:55:00Z"},{"value":"0.09471","scoring_system":"epss","scoring_elements":"0.92844","published_at":"2026-04-26T12:55:00Z"},{"value":"0.10179","scoring_system":"epss","scoring_elements":"0.93173","published_at":"2026-05-07T12:55:00Z"},{"value":"0.10179","scoring_system":"epss","scoring_elements":"0.93158","published_at":"2026-05-05T12:55:00Z"},{"value":"0.10179","scoring_system":"epss","scoring_elements":"0.93152","published_at":"2026-04-29T12:55:00Z"},{"value":"0.10179","scoring_system":"epss","scoring_elements":"0.93184","published_at":"2026-05-11T12:55:00Z"},{"value":"0.10179","scoring_system":"epss","scoring_elements":"0.93183","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36188"},{"reference_url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36188","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36188"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2996","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2996"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210205-0005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210205-0005/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913934","reference_id":"1913934","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913934"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36188","reference_id":"CVE-2020-36188","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36188"},{"reference_url":"https://github.com/advisories/GHSA-f9xh-2qgp-cq57","reference_id":"GHSA-f9xh-2qgp-cq57","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f9xh-2qgp-cq57"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42026?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16af-yv1z-xufy"},{"vulnerability":"VCID-5r6v-ej7d-ubgv"},{"vulnerability":"VCID-6zee-aqcc-vfbp"},{"vulnerability":"VCID-8h7y-y4pv-cyd3"},{"vulnerability":"VCID-8jw8-6tev-aqgm"},{"vulnerability":"VCID-8tmq-zbmb-m7h4"},{"vulnerability":"VCID-96pq-m4f3-zbad"},{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-avut-gmwd-jqfp"},{"vulnerability":"VCID-bypv-wfhs-sbe4"},{"vulnerability":"VCID-ceub-d4s9-dkcd"},{"vulnerability":"VCID-cytp-mr4h-g3ds"},{"vulnerability":"VCID-hwnx-vf4v-f3db"},{"vulnerability":"VCID-jcgb-bewy-4kff"},{"vulnerability":"VCID-jx9y-fyfm-bqdr"},{"vulnerability":"VCID-svkb-adja-qfef"},{"vulnerability":"VCID-swqd-uk56-wkat"},{"vulnerability":"VCID-tm7y-tnx3-43dq"},{"vulnerability":"VCID-ukwd-7rkh-sfhj"},{"vulnerability":"VCID-unwq-s63h-uuaw"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"},{"vulnerability":"VCID-wds4-urpb-euby"},{"vulnerability":"VCID-x6g1-qw1v-jbas"},{"vulnerability":"VCID-ypbt-p34k-hfbc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5"},{"url":"http://public2.vulnerablecode.io/api/packages/41767?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-36188","GHSA-f9xh-2qgp-cq57"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4vx2-s262-ckbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11726?format=json","vulnerability_id":"VCID-7qga-wsz6-kqcn","summary":"Unsafe Deserialization in jackson-databind\nFasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36182.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36182.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36182","reference_id":"","reference_type":"","scores":[{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.86074","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.86036","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85928","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85936","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85945","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85941","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85922","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85931","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85867","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85855","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85916","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85906","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85888","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85884","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02725","scoring_system":"epss","scoring_elements":"0.85983","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02725","scoring_system":"epss","scoring_elements":"0.85975","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0295","scoring_system":"epss","scoring_elements":"0.86554","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0295","scoring_system":"epss","scoring_elements":"0.86558","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0295","scoring_system":"epss","scoring_elements":"0.86541","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0295","scoring_system":"epss","scoring_elements":"0.86522","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0295","scoring_system":"epss","scoring_elements":"0.86502","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36182"},{"reference_url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/"}],"url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36182","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36182"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/3004","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/"}],"url":"https://github.com/FasterXML/jackson-databind/issues/3004"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210205-0005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210205-0005/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/"}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/"}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:52Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913926","reference_id":"1913926","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913926"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36182","reference_id":"CVE-2020-36182","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36182"},{"reference_url":"https://github.com/advisories/GHSA-89qr-369f-5m5x","reference_id":"GHSA-89qr-369f-5m5x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-89qr-369f-5m5x"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42026?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16af-yv1z-xufy"},{"vulnerability":"VCID-5r6v-ej7d-ubgv"},{"vulnerability":"VCID-6zee-aqcc-vfbp"},{"vulnerability":"VCID-8h7y-y4pv-cyd3"},{"vulnerability":"VCID-8jw8-6tev-aqgm"},{"vulnerability":"VCID-8tmq-zbmb-m7h4"},{"vulnerability":"VCID-96pq-m4f3-zbad"},{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-avut-gmwd-jqfp"},{"vulnerability":"VCID-bypv-wfhs-sbe4"},{"vulnerability":"VCID-ceub-d4s9-dkcd"},{"vulnerability":"VCID-cytp-mr4h-g3ds"},{"vulnerability":"VCID-hwnx-vf4v-f3db"},{"vulnerability":"VCID-jcgb-bewy-4kff"},{"vulnerability":"VCID-jx9y-fyfm-bqdr"},{"vulnerability":"VCID-svkb-adja-qfef"},{"vulnerability":"VCID-swqd-uk56-wkat"},{"vulnerability":"VCID-tm7y-tnx3-43dq"},{"vulnerability":"VCID-ukwd-7rkh-sfhj"},{"vulnerability":"VCID-unwq-s63h-uuaw"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"},{"vulnerability":"VCID-wds4-urpb-euby"},{"vulnerability":"VCID-x6g1-qw1v-jbas"},{"vulnerability":"VCID-ypbt-p34k-hfbc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5"},{"url":"http://public2.vulnerablecode.io/api/packages/41767?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-36182","GHSA-89qr-369f-5m5x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7qga-wsz6-kqcn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11716?format=json","vulnerability_id":"VCID-8ns6-kacn-dkeg","summary":"Unsafe Deserialization in jackson-databind\nFasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36189.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36189.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36189","reference_id":"","reference_type":"","scores":[{"value":"0.03941","scoring_system":"epss","scoring_elements":"0.88453","published_at":"2026-05-14T12:55:00Z"},{"value":"0.03941","scoring_system":"epss","scoring_elements":"0.88425","published_at":"2026-05-12T12:55:00Z"},{"value":"0.03941","scoring_system":"epss","scoring_elements":"0.88343","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03941","scoring_system":"epss","scoring_elements":"0.88352","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03941","scoring_system":"epss","scoring_elements":"0.88356","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03941","scoring_system":"epss","scoring_elements":"0.88351","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03941","scoring_system":"epss","scoring_elements":"0.88341","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03941","scoring_system":"epss","scoring_elements":"0.88335","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03941","scoring_system":"epss","scoring_elements":"0.88315","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03941","scoring_system":"epss","scoring_elements":"0.88311","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03941","scoring_system":"epss","scoring_elements":"0.88297","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03941","scoring_system":"epss","scoring_elements":"0.88289","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03985","scoring_system":"epss","scoring_elements":"0.88437","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03985","scoring_system":"epss","scoring_elements":"0.88432","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04276","scoring_system":"epss","scoring_elements":"0.88907","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04276","scoring_system":"epss","scoring_elements":"0.88913","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04276","scoring_system":"epss","scoring_elements":"0.88901","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04276","scoring_system":"epss","scoring_elements":"0.88884","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04276","scoring_system":"epss","scoring_elements":"0.88875","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36189"},{"reference_url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36189","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36189"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2996","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2996"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210205-0005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210205-0005/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913937","reference_id":"1913937","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913937"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36189","reference_id":"CVE-2020-36189","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36189"},{"reference_url":"https://github.com/advisories/GHSA-vfqx-33qm-g869","reference_id":"GHSA-vfqx-33qm-g869","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vfqx-33qm-g869"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42026?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16af-yv1z-xufy"},{"vulnerability":"VCID-5r6v-ej7d-ubgv"},{"vulnerability":"VCID-6zee-aqcc-vfbp"},{"vulnerability":"VCID-8h7y-y4pv-cyd3"},{"vulnerability":"VCID-8jw8-6tev-aqgm"},{"vulnerability":"VCID-8tmq-zbmb-m7h4"},{"vulnerability":"VCID-96pq-m4f3-zbad"},{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-avut-gmwd-jqfp"},{"vulnerability":"VCID-bypv-wfhs-sbe4"},{"vulnerability":"VCID-ceub-d4s9-dkcd"},{"vulnerability":"VCID-cytp-mr4h-g3ds"},{"vulnerability":"VCID-hwnx-vf4v-f3db"},{"vulnerability":"VCID-jcgb-bewy-4kff"},{"vulnerability":"VCID-jx9y-fyfm-bqdr"},{"vulnerability":"VCID-svkb-adja-qfef"},{"vulnerability":"VCID-swqd-uk56-wkat"},{"vulnerability":"VCID-tm7y-tnx3-43dq"},{"vulnerability":"VCID-ukwd-7rkh-sfhj"},{"vulnerability":"VCID-unwq-s63h-uuaw"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"},{"vulnerability":"VCID-wds4-urpb-euby"},{"vulnerability":"VCID-x6g1-qw1v-jbas"},{"vulnerability":"VCID-ypbt-p34k-hfbc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5"},{"url":"http://public2.vulnerablecode.io/api/packages/41767?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-36189","GHSA-vfqx-33qm-g869"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ns6-kacn-dkeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11731?format=json","vulnerability_id":"VCID-cytp-mr4h-g3ds","summary":"Unsafe Deserialization in jackson-databind\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36184.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36184.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36184","reference_id":"","reference_type":"","scores":[{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.91482","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.91474","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.91348","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.91421","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.91419","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.91423","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.91398","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.91399","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.91396","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.9139","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.91383","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.91371","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.91364","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.91354","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06933","scoring_system":"epss","scoring_elements":"0.91448","published_at":"2026-04-24T12:55:00Z"},{"value":"0.06933","scoring_system":"epss","scoring_elements":"0.91445","published_at":"2026-04-26T12:55:00Z"},{"value":"0.07471","scoring_system":"epss","scoring_elements":"0.91825","published_at":"2026-05-11T12:55:00Z"},{"value":"0.07471","scoring_system":"epss","scoring_elements":"0.91826","published_at":"2026-05-09T12:55:00Z"},{"value":"0.07471","scoring_system":"epss","scoring_elements":"0.91817","published_at":"2026-05-07T12:55:00Z"},{"value":"0.07471","scoring_system":"epss","scoring_elements":"0.91806","published_at":"2026-05-05T12:55:00Z"},{"value":"0.07471","scoring_system":"epss","scoring_elements":"0.91793","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36184"},{"reference_url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36184","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36184"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2998","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://github.com/FasterXML/jackson-databind/issues/2998"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210205-0005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210205-0005/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913928","reference_id":"1913928","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913928"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36184","reference_id":"CVE-2020-36184","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36184"},{"reference_url":"https://github.com/advisories/GHSA-m6x4-97wx-4q27","reference_id":"GHSA-m6x4-97wx-4q27","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m6x4-97wx-4q27"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41767?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-36184","GHSA-m6x4-97wx-4q27"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cytp-mr4h-g3ds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11734?format=json","vulnerability_id":"VCID-gtzx-y5f1-vye3","summary":"Unsafe Deserialization in jackson-databind\nFasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36181.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36181.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36181","reference_id":"","reference_type":"","scores":[{"value":"0.05412","scoring_system":"epss","scoring_elements":"0.90225","published_at":"2026-05-14T12:55:00Z"},{"value":"0.05412","scoring_system":"epss","scoring_elements":"0.90212","published_at":"2026-05-12T12:55:00Z"},{"value":"0.05412","scoring_system":"epss","scoring_elements":"0.9016","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05412","scoring_system":"epss","scoring_elements":"0.90143","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05412","scoring_system":"epss","scoring_elements":"0.90148","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05412","scoring_system":"epss","scoring_elements":"0.90149","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05412","scoring_system":"epss","scoring_elements":"0.90141","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05412","scoring_system":"epss","scoring_elements":"0.90134","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05412","scoring_system":"epss","scoring_elements":"0.90119","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05412","scoring_system":"epss","scoring_elements":"0.90115","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05412","scoring_system":"epss","scoring_elements":"0.90103","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05412","scoring_system":"epss","scoring_elements":"0.901","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05412","scoring_system":"epss","scoring_elements":"0.90156","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90196","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90197","published_at":"2026-04-24T12:55:00Z"},{"value":"0.05862","scoring_system":"epss","scoring_elements":"0.906","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05862","scoring_system":"epss","scoring_elements":"0.90587","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05862","scoring_system":"epss","scoring_elements":"0.90627","published_at":"2026-05-11T12:55:00Z"},{"value":"0.05862","scoring_system":"epss","scoring_elements":"0.90618","published_at":"2026-05-07T12:55:00Z"},{"value":"0.05862","scoring_system":"epss","scoring_elements":"0.9063","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36181"},{"reference_url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/"}],"url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36181","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36181"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/3004","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/"}],"url":"https://github.com/FasterXML/jackson-databind/issues/3004"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210205-0005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210205-0005/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/"}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/"}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:51Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913874","reference_id":"1913874","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913874"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36181","reference_id":"CVE-2020-36181","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36181"},{"reference_url":"https://github.com/advisories/GHSA-cvm9-fjm9-3572","reference_id":"GHSA-cvm9-fjm9-3572","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cvm9-fjm9-3572"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42026?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16af-yv1z-xufy"},{"vulnerability":"VCID-5r6v-ej7d-ubgv"},{"vulnerability":"VCID-6zee-aqcc-vfbp"},{"vulnerability":"VCID-8h7y-y4pv-cyd3"},{"vulnerability":"VCID-8jw8-6tev-aqgm"},{"vulnerability":"VCID-8tmq-zbmb-m7h4"},{"vulnerability":"VCID-96pq-m4f3-zbad"},{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-avut-gmwd-jqfp"},{"vulnerability":"VCID-bypv-wfhs-sbe4"},{"vulnerability":"VCID-ceub-d4s9-dkcd"},{"vulnerability":"VCID-cytp-mr4h-g3ds"},{"vulnerability":"VCID-hwnx-vf4v-f3db"},{"vulnerability":"VCID-jcgb-bewy-4kff"},{"vulnerability":"VCID-jx9y-fyfm-bqdr"},{"vulnerability":"VCID-svkb-adja-qfef"},{"vulnerability":"VCID-swqd-uk56-wkat"},{"vulnerability":"VCID-tm7y-tnx3-43dq"},{"vulnerability":"VCID-ukwd-7rkh-sfhj"},{"vulnerability":"VCID-unwq-s63h-uuaw"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"},{"vulnerability":"VCID-wds4-urpb-euby"},{"vulnerability":"VCID-x6g1-qw1v-jbas"},{"vulnerability":"VCID-ypbt-p34k-hfbc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5"},{"url":"http://public2.vulnerablecode.io/api/packages/41767?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-36181","GHSA-cvm9-fjm9-3572"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gtzx-y5f1-vye3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11723?format=json","vulnerability_id":"VCID-jcgb-bewy-4kff","summary":"Unsafe Deserialization in jackson-databind\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36185.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36185.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36185","reference_id":"","reference_type":"","scores":[{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.86074","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.86036","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85916","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85936","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85945","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85941","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85922","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85928","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85931","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85855","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85867","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85884","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85888","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85906","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02725","scoring_system":"epss","scoring_elements":"0.85975","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02725","scoring_system":"epss","scoring_elements":"0.85983","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0295","scoring_system":"epss","scoring_elements":"0.86522","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0295","scoring_system":"epss","scoring_elements":"0.86554","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0295","scoring_system":"epss","scoring_elements":"0.86558","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0295","scoring_system":"epss","scoring_elements":"0.86541","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0295","scoring_system":"epss","scoring_elements":"0.86502","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36185"},{"reference_url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36185","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36185"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2998","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2998"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210205-0005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210205-0005/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913929","reference_id":"1913929","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913929"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36185","reference_id":"CVE-2020-36185","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36185"},{"reference_url":"https://github.com/advisories/GHSA-8w26-6f25-cm9x","reference_id":"GHSA-8w26-6f25-cm9x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8w26-6f25-cm9x"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41767?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-36185","GHSA-8w26-6f25-cm9x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jcgb-bewy-4kff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36429?format=json","vulnerability_id":"VCID-swqd-uk56-wkat","summary":"Serialization gadgets exploit in jackson-databind\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35491.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35491.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35491","reference_id":"","reference_type":"","scores":[{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90508","published_at":"2026-05-14T12:55:00Z"},{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90494","published_at":"2026-05-12T12:55:00Z"},{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90426","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90452","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90453","published_at":"2026-04-24T12:55:00Z"},{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90439","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90441","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90433","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90425","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90419","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90405","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90401","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90388","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90386","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06186","scoring_system":"epss","scoring_elements":"0.90924","published_at":"2026-05-11T12:55:00Z"},{"value":"0.06186","scoring_system":"epss","scoring_elements":"0.90927","published_at":"2026-05-09T12:55:00Z"},{"value":"0.06186","scoring_system":"epss","scoring_elements":"0.90915","published_at":"2026-05-07T12:55:00Z"},{"value":"0.06186","scoring_system":"epss","scoring_elements":"0.90897","published_at":"2026-05-05T12:55:00Z"},{"value":"0.06186","scoring_system":"epss","scoring_elements":"0.90882","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35491"},{"reference_url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35491"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2986","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2986"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35491","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35491"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210122-0005","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210122-0005"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1909269","reference_id":"1909269","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1909269"},{"reference_url":"https://github.com/advisories/GHSA-r3gr-cxrf-hg25","reference_id":"GHSA-r3gr-cxrf-hg25","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r3gr-cxrf-hg25"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41767?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-35491","GHSA-r3gr-cxrf-hg25"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-swqd-uk56-wkat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36598?format=json","vulnerability_id":"VCID-u87p-2xgz-e3fj","summary":"Unsafe Deserialization in jackson-databind\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36187.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36187.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36187","reference_id":"","reference_type":"","scores":[{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.84405","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.84373","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.84251","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.84257","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.84252","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.84229","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.84232","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.84238","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.8422","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.84214","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.84192","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.84191","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.84173","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.8416","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02155","scoring_system":"epss","scoring_elements":"0.84317","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02155","scoring_system":"epss","scoring_elements":"0.84326","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02335","scoring_system":"epss","scoring_elements":"0.84941","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02335","scoring_system":"epss","scoring_elements":"0.84917","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02335","scoring_system":"epss","scoring_elements":"0.849","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02335","scoring_system":"epss","scoring_elements":"0.84955","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02335","scoring_system":"epss","scoring_elements":"0.84959","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36187"},{"reference_url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36187","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36187"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2997","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2997"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36187","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36187"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210205-0005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210205-0005/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913933","reference_id":"1913933","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913933"},{"reference_url":"https://github.com/advisories/GHSA-r695-7vr9-jgc2","reference_id":"GHSA-r695-7vr9-jgc2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r695-7vr9-jgc2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42026?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16af-yv1z-xufy"},{"vulnerability":"VCID-5r6v-ej7d-ubgv"},{"vulnerability":"VCID-6zee-aqcc-vfbp"},{"vulnerability":"VCID-8h7y-y4pv-cyd3"},{"vulnerability":"VCID-8jw8-6tev-aqgm"},{"vulnerability":"VCID-8tmq-zbmb-m7h4"},{"vulnerability":"VCID-96pq-m4f3-zbad"},{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-avut-gmwd-jqfp"},{"vulnerability":"VCID-bypv-wfhs-sbe4"},{"vulnerability":"VCID-ceub-d4s9-dkcd"},{"vulnerability":"VCID-cytp-mr4h-g3ds"},{"vulnerability":"VCID-hwnx-vf4v-f3db"},{"vulnerability":"VCID-jcgb-bewy-4kff"},{"vulnerability":"VCID-jx9y-fyfm-bqdr"},{"vulnerability":"VCID-svkb-adja-qfef"},{"vulnerability":"VCID-swqd-uk56-wkat"},{"vulnerability":"VCID-tm7y-tnx3-43dq"},{"vulnerability":"VCID-ukwd-7rkh-sfhj"},{"vulnerability":"VCID-unwq-s63h-uuaw"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"},{"vulnerability":"VCID-wds4-urpb-euby"},{"vulnerability":"VCID-x6g1-qw1v-jbas"},{"vulnerability":"VCID-ypbt-p34k-hfbc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5"},{"url":"http://public2.vulnerablecode.io/api/packages/41767?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-36187","GHSA-r695-7vr9-jgc2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u87p-2xgz-e3fj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11739?format=json","vulnerability_id":"VCID-uhnv-3cny-qkgx","summary":"Unsafe Deserialization in jackson-databind\nFasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36179.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36179.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36179","reference_id":"","reference_type":"","scores":[{"value":"0.60256","scoring_system":"epss","scoring_elements":"0.98299","published_at":"2026-05-14T12:55:00Z"},{"value":"0.60256","scoring_system":"epss","scoring_elements":"0.98298","published_at":"2026-05-12T12:55:00Z"},{"value":"0.60256","scoring_system":"epss","scoring_elements":"0.98261","published_at":"2026-04-01T12:55:00Z"},{"value":"0.60256","scoring_system":"epss","scoring_elements":"0.98273","published_at":"2026-04-09T12:55:00Z"},{"value":"0.60256","scoring_system":"epss","scoring_elements":"0.98272","published_at":"2026-04-08T12:55:00Z"},{"value":"0.60256","scoring_system":"epss","scoring_elements":"0.98267","published_at":"2026-04-07T12:55:00Z"},{"value":"0.60256","scoring_system":"epss","scoring_elements":"0.98264","published_at":"2026-04-02T12:55:00Z"},{"value":"0.60256","scoring_system":"epss","scoring_elements":"0.98287","published_at":"2026-04-26T12:55:00Z"},{"value":"0.60256","scoring_system":"epss","scoring_elements":"0.98285","published_at":"2026-04-24T12:55:00Z"},{"value":"0.60256","scoring_system":"epss","scoring_elements":"0.98283","published_at":"2026-04-21T12:55:00Z"},{"value":"0.60256","scoring_system":"epss","scoring_elements":"0.98277","published_at":"2026-04-13T12:55:00Z"},{"value":"0.60256","scoring_system":"epss","scoring_elements":"0.98276","published_at":"2026-04-11T12:55:00Z"},{"value":"0.61883","scoring_system":"epss","scoring_elements":"0.98357","published_at":"2026-05-09T12:55:00Z"},{"value":"0.61883","scoring_system":"epss","scoring_elements":"0.98354","published_at":"2026-05-07T12:55:00Z"},{"value":"0.61883","scoring_system":"epss","scoring_elements":"0.9835","published_at":"2026-04-29T12:55:00Z"},{"value":"0.61883","scoring_system":"epss","scoring_elements":"0.98356","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36179"},{"reference_url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/"}],"url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36179","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36179"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/3004","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/"}],"url":"https://github.com/FasterXML/jackson-databind/issues/3004"},{"reference_url":"https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436@%3Cissues.spark.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436@%3Cissues.spark.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210205-0005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210205-0005/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/"}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/"}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913871","reference_id":"1913871","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913871"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36179","reference_id":"CVE-2020-36179","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36179"},{"reference_url":"https://github.com/advisories/GHSA-9gph-22xh-8x98","reference_id":"GHSA-9gph-22xh-8x98","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9gph-22xh-8x98"},{"reference_url":"https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436%40%3Cissues.spark.apache.org%3E","reference_id":"rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436%40%3Cissues.spark.apache.org%3E","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/"}],"url":"https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436%40%3Cissues.spark.apache.org%3E"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42026?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16af-yv1z-xufy"},{"vulnerability":"VCID-5r6v-ej7d-ubgv"},{"vulnerability":"VCID-6zee-aqcc-vfbp"},{"vulnerability":"VCID-8h7y-y4pv-cyd3"},{"vulnerability":"VCID-8jw8-6tev-aqgm"},{"vulnerability":"VCID-8tmq-zbmb-m7h4"},{"vulnerability":"VCID-96pq-m4f3-zbad"},{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-avut-gmwd-jqfp"},{"vulnerability":"VCID-bypv-wfhs-sbe4"},{"vulnerability":"VCID-ceub-d4s9-dkcd"},{"vulnerability":"VCID-cytp-mr4h-g3ds"},{"vulnerability":"VCID-hwnx-vf4v-f3db"},{"vulnerability":"VCID-jcgb-bewy-4kff"},{"vulnerability":"VCID-jx9y-fyfm-bqdr"},{"vulnerability":"VCID-svkb-adja-qfef"},{"vulnerability":"VCID-swqd-uk56-wkat"},{"vulnerability":"VCID-tm7y-tnx3-43dq"},{"vulnerability":"VCID-ukwd-7rkh-sfhj"},{"vulnerability":"VCID-unwq-s63h-uuaw"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"},{"vulnerability":"VCID-wds4-urpb-euby"},{"vulnerability":"VCID-x6g1-qw1v-jbas"},{"vulnerability":"VCID-ypbt-p34k-hfbc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5"},{"url":"http://public2.vulnerablecode.io/api/packages/41767?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-36179","GHSA-9gph-22xh-8x98"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uhnv-3cny-qkgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11712?format=json","vulnerability_id":"VCID-ukwd-7rkh-sfhj","summary":"Deserialization of Untrusted Data\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35728.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35728.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35728","reference_id":"","reference_type":"","scores":[{"value":"0.39669","scoring_system":"epss","scoring_elements":"0.97296","published_at":"2026-04-02T12:55:00Z"},{"value":"0.39669","scoring_system":"epss","scoring_elements":"0.973","published_at":"2026-04-04T12:55:00Z"},{"value":"0.40254","scoring_system":"epss","scoring_elements":"0.97322","published_at":"2026-04-01T12:55:00Z"},{"value":"0.40547","scoring_system":"epss","scoring_elements":"0.97365","published_at":"2026-04-16T12:55:00Z"},{"value":"0.40547","scoring_system":"epss","scoring_elements":"0.9737","published_at":"2026-04-26T12:55:00Z"},{"value":"0.40547","scoring_system":"epss","scoring_elements":"0.97369","published_at":"2026-04-24T12:55:00Z"},{"value":"0.40547","scoring_system":"epss","scoring_elements":"0.97367","published_at":"2026-04-18T12:55:00Z"},{"value":"0.40547","scoring_system":"epss","scoring_elements":"0.97356","published_at":"2026-04-13T12:55:00Z"},{"value":"0.40547","scoring_system":"epss","scoring_elements":"0.97355","published_at":"2026-04-12T12:55:00Z"},{"value":"0.40547","scoring_system":"epss","scoring_elements":"0.97352","published_at":"2026-04-09T12:55:00Z"},{"value":"0.40547","scoring_system":"epss","scoring_elements":"0.97351","published_at":"2026-04-08T12:55:00Z"},{"value":"0.40547","scoring_system":"epss","scoring_elements":"0.97345","published_at":"2026-04-07T12:55:00Z"},{"value":"0.41135","scoring_system":"epss","scoring_elements":"0.97407","published_at":"2026-05-05T12:55:00Z"},{"value":"0.41135","scoring_system":"epss","scoring_elements":"0.97402","published_at":"2026-04-29T12:55:00Z"},{"value":"0.42315","scoring_system":"epss","scoring_elements":"0.97491","published_at":"2026-05-14T12:55:00Z"},{"value":"0.42315","scoring_system":"epss","scoring_elements":"0.97482","published_at":"2026-05-12T12:55:00Z"},{"value":"0.42906","scoring_system":"epss","scoring_elements":"0.97507","published_at":"2026-05-09T12:55:00Z"},{"value":"0.42906","scoring_system":"epss","scoring_elements":"0.97504","published_at":"2026-05-07T12:55:00Z"},{"value":"0.42906","scoring_system":"epss","scoring_elements":"0.97509","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35728"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35728","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35728"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/1ca0388c2fb37ac6a06f1c188ae89c41e3e15e84","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/1ca0388c2fb37ac6a06f1c188ae89c41e3e15e84"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2999","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/"}],"url":"https://github.com/FasterXML/jackson-databind/issues/2999"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"},{"reference_url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210129-0007","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210129-0007"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210129-0007/","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210129-0007/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/"}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/"}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1911502","reference_id":"1911502","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1911502"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35728","reference_id":"CVE-2020-35728","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35728"},{"reference_url":"https://github.com/advisories/GHSA-5r5r-6hpj-8gg9","reference_id":"GHSA-5r5r-6hpj-8gg9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5r5r-6hpj-8gg9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41767?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-35728","GHSA-5r5r-6hpj-8gg9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ukwd-7rkh-sfhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11594?format=json","vulnerability_id":"VCID-wds4-urpb-euby","summary":"Unsafe Deserialization in jackson-databind\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36186.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36186.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36186","reference_id":"","reference_type":"","scores":[{"value":"0.02413","scoring_system":"epss","scoring_elements":"0.85259","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02413","scoring_system":"epss","scoring_elements":"0.85223","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02413","scoring_system":"epss","scoring_elements":"0.85087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02413","scoring_system":"epss","scoring_elements":"0.85129","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02413","scoring_system":"epss","scoring_elements":"0.85126","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02413","scoring_system":"epss","scoring_elements":"0.85105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02413","scoring_system":"epss","scoring_elements":"0.85108","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02413","scoring_system":"epss","scoring_elements":"0.8511","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02413","scoring_system":"epss","scoring_elements":"0.85094","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02413","scoring_system":"epss","scoring_elements":"0.85031","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02413","scoring_system":"epss","scoring_elements":"0.85044","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02413","scoring_system":"epss","scoring_elements":"0.85061","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02413","scoring_system":"epss","scoring_elements":"0.85065","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02422","scoring_system":"epss","scoring_elements":"0.85186","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02422","scoring_system":"epss","scoring_elements":"0.85177","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02623","scoring_system":"epss","scoring_elements":"0.85763","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02623","scoring_system":"epss","scoring_elements":"0.85776","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02623","scoring_system":"epss","scoring_elements":"0.85725","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02623","scoring_system":"epss","scoring_elements":"0.85779","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02623","scoring_system":"epss","scoring_elements":"0.85741","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36186"},{"reference_url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36186","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36186"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2997","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2997"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210205-0005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210205-0005/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913931","reference_id":"1913931","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913931"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36186","reference_id":"CVE-2020-36186","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36186"},{"reference_url":"https://github.com/advisories/GHSA-v585-23hc-c647","reference_id":"GHSA-v585-23hc-c647","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v585-23hc-c647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41767?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-36186","GHSA-v585-23hc-c647"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wds4-urpb-euby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11727?format=json","vulnerability_id":"VCID-yp37-9z2d-akaj","summary":"Unsafe Deserialization in jackson-databind\nFasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36180.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36180.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36180","reference_id":"","reference_type":"","scores":[{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85928","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.86036","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85888","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85867","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85855","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85906","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85916","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.86074","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85884","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85931","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85945","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85922","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85941","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02725","scoring_system":"epss","scoring_elements":"0.85975","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02725","scoring_system":"epss","scoring_elements":"0.85983","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0295","scoring_system":"epss","scoring_elements":"0.86554","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0295","scoring_system":"epss","scoring_elements":"0.86502","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0295","scoring_system":"epss","scoring_elements":"0.86522","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0295","scoring_system":"epss","scoring_elements":"0.86541","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0295","scoring_system":"epss","scoring_elements":"0.86558","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0295","scoring_system":"epss","scoring_elements":"0.86474","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36180"},{"reference_url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/"}],"url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36180","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36180"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/3004","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/"}],"url":"https://github.com/FasterXML/jackson-databind/issues/3004"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210205-0005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210205-0005/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/"}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/"}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:49Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913872","reference_id":"1913872","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913872"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36180","reference_id":"CVE-2020-36180","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36180"},{"reference_url":"https://github.com/advisories/GHSA-8c4j-34r4-xr8g","reference_id":"GHSA-8c4j-34r4-xr8g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8c4j-34r4-xr8g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42026?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16af-yv1z-xufy"},{"vulnerability":"VCID-5r6v-ej7d-ubgv"},{"vulnerability":"VCID-6zee-aqcc-vfbp"},{"vulnerability":"VCID-8h7y-y4pv-cyd3"},{"vulnerability":"VCID-8jw8-6tev-aqgm"},{"vulnerability":"VCID-8tmq-zbmb-m7h4"},{"vulnerability":"VCID-96pq-m4f3-zbad"},{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-avut-gmwd-jqfp"},{"vulnerability":"VCID-bypv-wfhs-sbe4"},{"vulnerability":"VCID-ceub-d4s9-dkcd"},{"vulnerability":"VCID-cytp-mr4h-g3ds"},{"vulnerability":"VCID-hwnx-vf4v-f3db"},{"vulnerability":"VCID-jcgb-bewy-4kff"},{"vulnerability":"VCID-jx9y-fyfm-bqdr"},{"vulnerability":"VCID-svkb-adja-qfef"},{"vulnerability":"VCID-swqd-uk56-wkat"},{"vulnerability":"VCID-tm7y-tnx3-43dq"},{"vulnerability":"VCID-ukwd-7rkh-sfhj"},{"vulnerability":"VCID-unwq-s63h-uuaw"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"},{"vulnerability":"VCID-wds4-urpb-euby"},{"vulnerability":"VCID-x6g1-qw1v-jbas"},{"vulnerability":"VCID-ypbt-p34k-hfbc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5"},{"url":"http://public2.vulnerablecode.io/api/packages/41767?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-36180","GHSA-8c4j-34r4-xr8g"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yp37-9z2d-akaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37117?format=json","vulnerability_id":"VCID-ypbt-p34k-hfbc","summary":"Serialization gadgets exploit in jackson-databind\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35490.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35490.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35490","reference_id":"","reference_type":"","scores":[{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88415","published_at":"2026-05-14T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88387","published_at":"2026-05-12T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88247","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88336","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88331","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88313","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88314","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88317","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88303","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88311","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88301","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88295","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88275","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.8827","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88254","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04249","scoring_system":"epss","scoring_elements":"0.88869","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04249","scoring_system":"epss","scoring_elements":"0.88874","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04249","scoring_system":"epss","scoring_elements":"0.88862","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04249","scoring_system":"epss","scoring_elements":"0.88845","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04249","scoring_system":"epss","scoring_elements":"0.88835","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35490"},{"reference_url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35490"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2986","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2986"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35490","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35490"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210122-0005","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210122-0005"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1909266","reference_id":"1909266","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1909266"},{"reference_url":"https://github.com/advisories/GHSA-wh8g-3j2c-rqj5","reference_id":"GHSA-wh8g-3j2c-rqj5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wh8g-3j2c-rqj5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41767?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-35490","GHSA-wh8g-3j2c-rqj5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ypbt-p34k-hfbc"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}