{"url":"http://public2.vulnerablecode.io/api/packages/42031?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6","type":"maven","namespace":"com.fasterxml.jackson.core","name":"jackson-databind","version":"2.9.10.6","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.12.7.1","latest_non_vulnerable_version":"2.16.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11720?format=json","vulnerability_id":"VCID-4an1-3hs5-3yd6","summary":"Unsafe Deserialization in jackson-databind\nFasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36183.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36183.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36183","reference_id":"","reference_type":"","scores":[{"value":"0.02061","scoring_system":"epss","scoring_elements":"0.84088","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02061","scoring_system":"epss","scoring_elements":"0.84055","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02061","scoring_system":"epss","scoring_elements":"0.83914","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02061","scoring_system":"epss","scoring_elements":"0.8394","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02061","scoring_system":"epss","scoring_elements":"0.83939","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02061","scoring_system":"epss","scoring_elements":"0.83918","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02061","scoring_system":"epss","scoring_elements":"0.83924","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02061","scoring_system":"epss","scoring_elements":"0.83907","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02061","scoring_system":"epss","scoring_elements":"0.83901","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02061","scoring_system":"epss","scoring_elements":"0.83877","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02061","scoring_system":"epss","scoring_elements":"0.83876","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02061","scoring_system":"epss","scoring_elements":"0.8386","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02061","scoring_system":"epss","scoring_elements":"0.83846","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02068","scoring_system":"epss","scoring_elements":"0.83988","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02068","scoring_system":"epss","scoring_elements":"0.83995","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02241","scoring_system":"epss","scoring_elements":"0.84663","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02241","scoring_system":"epss","scoring_elements":"0.84637","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02241","scoring_system":"epss","scoring_elements":"0.84621","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02241","scoring_system":"epss","scoring_elements":"0.84677","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02241","scoring_system":"epss","scoring_elements":"0.8468","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36183"},{"reference_url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36183","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36183"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/12e23c962ffb4cf1857c5461d72ae54cc8008f29","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/12e23c962ffb4cf1857c5461d72ae54cc8008f29"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/3003","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/3003"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210205-0005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210205-0005/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913927","reference_id":"1913927","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913927"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36183","reference_id":"CVE-2020-36183","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36183"},{"reference_url":"https://github.com/advisories/GHSA-9m6f-7xcq-8vf8","reference_id":"GHSA-9m6f-7xcq-8vf8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9m6f-7xcq-8vf8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41767?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-36183","GHSA-9m6f-7xcq-8vf8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4an1-3hs5-3yd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41775?format=json","vulnerability_id":"VCID-9h46-72hw-bkcr","summary":"Multiple vulnerabilities have been found in FasterXML jackson-databind, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42003.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42003.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42003","reference_id":"","reference_type":"","scores":[{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.5256","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54935","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54883","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54909","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54878","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54928","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54926","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54939","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.5492","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.54897","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57148","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57138","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57117","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57184","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57124","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.593","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59358","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59295","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59252","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42003"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/blob/2.13/release-notes/VERSION-2.x","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/blob/2.13/release-notes/VERSION-2.x"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/2c4a601c626f7790cad9d3c322d244e182838288","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/2c4a601c626f7790cad9d3c322d244e182838288"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commits/jackson-databind-2.4.0-rc1?after=75b97b8519f0d50c62523ad85170d80a197a2c86+174&branch=jackson-databind-2.4.0-rc1&qualified_name=refs%2Ftags%2Fjackson-databind-2.4.0-rc1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commits/jackson-databind-2.4.0-rc1?after=75b97b8519f0d50c62523ad85170d80a197a2c86+174&branch=jackson-databind-2.4.0-rc1&qualified_name=refs%2Ftags%2Fjackson-databind-2.4.0-rc1"},{"reference_url":"https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.13.4.1...jackson-databind-2.13.4.2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.13.4.1...jackson-databind-2.13.4.2"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/3590","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/3590"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/3627","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/3627"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42003","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221124-0004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20221124-0004"},{"reference_url":"https://www.debian.org/security/2022/dsa-5283","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2022/dsa-5283"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135244","reference_id":"2135244","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135244"},{"reference_url":"https://github.com/advisories/GHSA-jjjh-jjxp-wpff","reference_id":"GHSA-jjjh-jjxp-wpff","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jjjh-jjxp-wpff"},{"reference_url":"https://security.gentoo.org/glsa/202210-21","reference_id":"GLSA-202210-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202210-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7435","reference_id":"RHSA-2022:7435","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7435"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8781","reference_id":"RHSA-2022:8781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8876","reference_id":"RHSA-2022:8876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8889","reference_id":"RHSA-2022:8889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9023","reference_id":"RHSA-2022:9023","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9023"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9032","reference_id":"RHSA-2022:9032","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9032"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0189","reference_id":"RHSA-2023:0189","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0189"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0261","reference_id":"RHSA-2023:0261","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0261"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0264","reference_id":"RHSA-2023:0264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0469","reference_id":"RHSA-2023:0469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0471","reference_id":"RHSA-2023:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0552","reference_id":"RHSA-2023:0552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0553","reference_id":"RHSA-2023:0553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0554","reference_id":"RHSA-2023:0554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0556","reference_id":"RHSA-2023:0556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0713","reference_id":"RHSA-2023:0713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1006","reference_id":"RHSA-2023:1006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1064","reference_id":"RHSA-2023:1064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1151","reference_id":"RHSA-2023:1151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2097","reference_id":"RHSA-2023:2097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2100","reference_id":"RHSA-2023:2100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3223","reference_id":"RHSA-2023:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3641","reference_id":"RHSA-2023:3641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3663","reference_id":"RHSA-2023:3663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1746","reference_id":"RHSA-2025:1746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1747","reference_id":"RHSA-2025:1747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1747"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79380?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/79381?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4.2"}],"aliases":["CVE-2022-42003","GHSA-jjjh-jjxp-wpff"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9h46-72hw-bkcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11731?format=json","vulnerability_id":"VCID-cytp-mr4h-g3ds","summary":"Unsafe Deserialization in jackson-databind\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36184.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36184.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36184","reference_id":"","reference_type":"","scores":[{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.91482","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.91474","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.91348","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.91421","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.91419","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.91423","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.91398","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.91399","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.91396","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.9139","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.91383","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.91371","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.91364","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0691","scoring_system":"epss","scoring_elements":"0.91354","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06933","scoring_system":"epss","scoring_elements":"0.91448","published_at":"2026-04-24T12:55:00Z"},{"value":"0.06933","scoring_system":"epss","scoring_elements":"0.91445","published_at":"2026-04-26T12:55:00Z"},{"value":"0.07471","scoring_system":"epss","scoring_elements":"0.91825","published_at":"2026-05-11T12:55:00Z"},{"value":"0.07471","scoring_system":"epss","scoring_elements":"0.91826","published_at":"2026-05-09T12:55:00Z"},{"value":"0.07471","scoring_system":"epss","scoring_elements":"0.91817","published_at":"2026-05-07T12:55:00Z"},{"value":"0.07471","scoring_system":"epss","scoring_elements":"0.91806","published_at":"2026-05-05T12:55:00Z"},{"value":"0.07471","scoring_system":"epss","scoring_elements":"0.91793","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36184"},{"reference_url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36184","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36184"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2998","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://github.com/FasterXML/jackson-databind/issues/2998"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210205-0005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210205-0005/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:50Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913928","reference_id":"1913928","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913928"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36184","reference_id":"CVE-2020-36184","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36184"},{"reference_url":"https://github.com/advisories/GHSA-m6x4-97wx-4q27","reference_id":"GHSA-m6x4-97wx-4q27","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m6x4-97wx-4q27"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41767?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-36184","GHSA-m6x4-97wx-4q27"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cytp-mr4h-g3ds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11723?format=json","vulnerability_id":"VCID-jcgb-bewy-4kff","summary":"Unsafe Deserialization in jackson-databind\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36185.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36185.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36185","reference_id":"","reference_type":"","scores":[{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.86074","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.86036","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85916","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85936","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85945","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85941","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85922","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85928","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85931","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85855","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85867","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85884","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85888","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02715","scoring_system":"epss","scoring_elements":"0.85906","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02725","scoring_system":"epss","scoring_elements":"0.85975","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02725","scoring_system":"epss","scoring_elements":"0.85983","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0295","scoring_system":"epss","scoring_elements":"0.86522","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0295","scoring_system":"epss","scoring_elements":"0.86554","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0295","scoring_system":"epss","scoring_elements":"0.86558","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0295","scoring_system":"epss","scoring_elements":"0.86541","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0295","scoring_system":"epss","scoring_elements":"0.86502","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36185"},{"reference_url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36185","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36185"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2998","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2998"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210205-0005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210205-0005/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913929","reference_id":"1913929","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913929"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36185","reference_id":"CVE-2020-36185","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36185"},{"reference_url":"https://github.com/advisories/GHSA-8w26-6f25-cm9x","reference_id":"GHSA-8w26-6f25-cm9x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8w26-6f25-cm9x"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41767?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-36185","GHSA-8w26-6f25-cm9x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jcgb-bewy-4kff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36429?format=json","vulnerability_id":"VCID-swqd-uk56-wkat","summary":"Serialization gadgets exploit in jackson-databind\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35491.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35491.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35491","reference_id":"","reference_type":"","scores":[{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90508","published_at":"2026-05-14T12:55:00Z"},{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90494","published_at":"2026-05-12T12:55:00Z"},{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90426","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90452","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90453","published_at":"2026-04-24T12:55:00Z"},{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90439","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90441","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90433","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90425","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90419","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90405","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90401","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90388","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05713","scoring_system":"epss","scoring_elements":"0.90386","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06186","scoring_system":"epss","scoring_elements":"0.90924","published_at":"2026-05-11T12:55:00Z"},{"value":"0.06186","scoring_system":"epss","scoring_elements":"0.90927","published_at":"2026-05-09T12:55:00Z"},{"value":"0.06186","scoring_system":"epss","scoring_elements":"0.90915","published_at":"2026-05-07T12:55:00Z"},{"value":"0.06186","scoring_system":"epss","scoring_elements":"0.90897","published_at":"2026-05-05T12:55:00Z"},{"value":"0.06186","scoring_system":"epss","scoring_elements":"0.90882","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35491"},{"reference_url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35491"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2986","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2986"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35491","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35491"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210122-0005","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210122-0005"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1909269","reference_id":"1909269","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1909269"},{"reference_url":"https://github.com/advisories/GHSA-r3gr-cxrf-hg25","reference_id":"GHSA-r3gr-cxrf-hg25","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r3gr-cxrf-hg25"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41767?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-35491","GHSA-r3gr-cxrf-hg25"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-swqd-uk56-wkat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36598?format=json","vulnerability_id":"VCID-u87p-2xgz-e3fj","summary":"Unsafe Deserialization in jackson-databind\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36187.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36187.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36187","reference_id":"","reference_type":"","scores":[{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.84405","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.84373","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.84251","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.84257","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.84252","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.84229","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.84232","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.84238","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.8422","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.84214","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.84192","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.84191","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.84173","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02147","scoring_system":"epss","scoring_elements":"0.8416","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02155","scoring_system":"epss","scoring_elements":"0.84317","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02155","scoring_system":"epss","scoring_elements":"0.84326","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02335","scoring_system":"epss","scoring_elements":"0.84941","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02335","scoring_system":"epss","scoring_elements":"0.84917","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02335","scoring_system":"epss","scoring_elements":"0.849","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02335","scoring_system":"epss","scoring_elements":"0.84955","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02335","scoring_system":"epss","scoring_elements":"0.84959","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36187"},{"reference_url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36187","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36187"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2997","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2997"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36187","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36187"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210205-0005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210205-0005/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913933","reference_id":"1913933","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913933"},{"reference_url":"https://github.com/advisories/GHSA-r695-7vr9-jgc2","reference_id":"GHSA-r695-7vr9-jgc2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r695-7vr9-jgc2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41767?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-36187","GHSA-r695-7vr9-jgc2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u87p-2xgz-e3fj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11712?format=json","vulnerability_id":"VCID-ukwd-7rkh-sfhj","summary":"Deserialization of Untrusted Data\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35728.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35728.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35728","reference_id":"","reference_type":"","scores":[{"value":"0.39669","scoring_system":"epss","scoring_elements":"0.97296","published_at":"2026-04-02T12:55:00Z"},{"value":"0.39669","scoring_system":"epss","scoring_elements":"0.973","published_at":"2026-04-04T12:55:00Z"},{"value":"0.40254","scoring_system":"epss","scoring_elements":"0.97322","published_at":"2026-04-01T12:55:00Z"},{"value":"0.40547","scoring_system":"epss","scoring_elements":"0.97365","published_at":"2026-04-16T12:55:00Z"},{"value":"0.40547","scoring_system":"epss","scoring_elements":"0.9737","published_at":"2026-04-26T12:55:00Z"},{"value":"0.40547","scoring_system":"epss","scoring_elements":"0.97369","published_at":"2026-04-24T12:55:00Z"},{"value":"0.40547","scoring_system":"epss","scoring_elements":"0.97367","published_at":"2026-04-18T12:55:00Z"},{"value":"0.40547","scoring_system":"epss","scoring_elements":"0.97356","published_at":"2026-04-13T12:55:00Z"},{"value":"0.40547","scoring_system":"epss","scoring_elements":"0.97355","published_at":"2026-04-12T12:55:00Z"},{"value":"0.40547","scoring_system":"epss","scoring_elements":"0.97352","published_at":"2026-04-09T12:55:00Z"},{"value":"0.40547","scoring_system":"epss","scoring_elements":"0.97351","published_at":"2026-04-08T12:55:00Z"},{"value":"0.40547","scoring_system":"epss","scoring_elements":"0.97345","published_at":"2026-04-07T12:55:00Z"},{"value":"0.41135","scoring_system":"epss","scoring_elements":"0.97407","published_at":"2026-05-05T12:55:00Z"},{"value":"0.41135","scoring_system":"epss","scoring_elements":"0.97402","published_at":"2026-04-29T12:55:00Z"},{"value":"0.42315","scoring_system":"epss","scoring_elements":"0.97491","published_at":"2026-05-14T12:55:00Z"},{"value":"0.42315","scoring_system":"epss","scoring_elements":"0.97482","published_at":"2026-05-12T12:55:00Z"},{"value":"0.42906","scoring_system":"epss","scoring_elements":"0.97507","published_at":"2026-05-09T12:55:00Z"},{"value":"0.42906","scoring_system":"epss","scoring_elements":"0.97504","published_at":"2026-05-07T12:55:00Z"},{"value":"0.42906","scoring_system":"epss","scoring_elements":"0.97509","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35728"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35728","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35728"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/1ca0388c2fb37ac6a06f1c188ae89c41e3e15e84","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/1ca0388c2fb37ac6a06f1c188ae89c41e3e15e84"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2999","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/"}],"url":"https://github.com/FasterXML/jackson-databind/issues/2999"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"},{"reference_url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210129-0007","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210129-0007"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210129-0007/","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210129-0007/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/"}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/"}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-27T20:33:41Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1911502","reference_id":"1911502","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1911502"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35728","reference_id":"CVE-2020-35728","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35728"},{"reference_url":"https://github.com/advisories/GHSA-5r5r-6hpj-8gg9","reference_id":"GHSA-5r5r-6hpj-8gg9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5r5r-6hpj-8gg9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41767?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-35728","GHSA-5r5r-6hpj-8gg9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ukwd-7rkh-sfhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41776?format=json","vulnerability_id":"VCID-v2pq-1qhm-4qb9","summary":"Multiple vulnerabilities have been found in FasterXML jackson-databind, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42004.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42004.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42004","reference_id":"","reference_type":"","scores":[{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45641","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50619","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50664","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50651","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50716","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50683","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50708","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50719","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50703","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50695","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50745","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50766","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.5076","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50735","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50758","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53161","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53119","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53068","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00298","scoring_system":"epss","scoring_elements":"0.53115","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42004"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/35de19e7144c4df8ab178b800ba86e80c3d84252","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/35de19e7144c4df8ab178b800ba86e80c3d84252"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/3582","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/3582"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42004"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221118-0008","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20221118-0008"},{"reference_url":"https://www.debian.org/security/2022/dsa-5283","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2022/dsa-5283"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135247","reference_id":"2135247","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135247"},{"reference_url":"https://github.com/advisories/GHSA-rgv9-q543-rqg4","reference_id":"GHSA-rgv9-q543-rqg4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rgv9-q543-rqg4"},{"reference_url":"https://security.gentoo.org/glsa/202210-21","reference_id":"GLSA-202210-21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202210-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7435","reference_id":"RHSA-2022:7435","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7435"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8781","reference_id":"RHSA-2022:8781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8876","reference_id":"RHSA-2022:8876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8889","reference_id":"RHSA-2022:8889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9023","reference_id":"RHSA-2022:9023","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9023"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:9032","reference_id":"RHSA-2022:9032","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:9032"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0189","reference_id":"RHSA-2023:0189","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0189"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0264","reference_id":"RHSA-2023:0264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0469","reference_id":"RHSA-2023:0469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0471","reference_id":"RHSA-2023:0471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0552","reference_id":"RHSA-2023:0552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0553","reference_id":"RHSA-2023:0553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0554","reference_id":"RHSA-2023:0554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0556","reference_id":"RHSA-2023:0556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0713","reference_id":"RHSA-2023:0713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1006","reference_id":"RHSA-2023:1006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1064","reference_id":"RHSA-2023:1064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2097","reference_id":"RHSA-2023:2097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2100","reference_id":"RHSA-2023:2100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3223","reference_id":"RHSA-2023:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3641","reference_id":"RHSA-2023:3641","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3641"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3663","reference_id":"RHSA-2023:3663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1746","reference_id":"RHSA-2025:1746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1747","reference_id":"RHSA-2025:1747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1747"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79380?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/79420?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9h46-72hw-bkcr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.4"}],"aliases":["CVE-2022-42004","GHSA-rgv9-q543-rqg4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v2pq-1qhm-4qb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13270?format=json","vulnerability_id":"VCID-v6ek-y7cn-kycd","summary":"Uncontrolled Resource Consumption\njackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36518.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36518.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36518","reference_id":"","reference_type":"","scores":[{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64923","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66688","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66714","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66671","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66627","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66653","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66654","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66639","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66615","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66631","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66613","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66505","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66541","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66708","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66569","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66544","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66577","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66609","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66621","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66603","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66589","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/0a8157c6ca478b1bc7be4ba7dccdb3863275f0de","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/0a8157c6ca478b1bc7be4ba7dccdb3863275f0de"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/3cc52f82ecf943e06c1d7c3b078e405fb3923d2b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/3cc52f82ecf943e06c1d7c3b078e405fb3923d2b"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/8238ab41d0350fb915797c89d46777b4496b74fd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/8238ab41d0350fb915797c89d46777b4496b74fd"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/b3587924ee5d8695942f364d0d404d48d0ea6126","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/b3587924ee5d8695942f364d0d404d48d0ea6126"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2816","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/"}],"url":"https://github.com/FasterXML/jackson-databind/issues/2816"},{"reference_url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12"},{"reference_url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220506-0004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220506-0004"},{"reference_url":"https://www.debian.org/security/2022/dsa-5283","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/"}],"url":"https://www.debian.org/security/2022/dsa-5283"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007109","reference_id":"1007109","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007109"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064698","reference_id":"2064698","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064698"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36518","reference_id":"CVE-2020-36518","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36518"},{"reference_url":"https://github.com/advisories/GHSA-57j2-w4cx-62h2","reference_id":"GHSA-57j2-w4cx-62h2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-57j2-w4cx-62h2"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220506-0004/","reference_id":"ntap-20220506-0004","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T20:34:26Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220506-0004/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2232","reference_id":"RHSA-2022:2232","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2232"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4918","reference_id":"RHSA-2022:4918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4919","reference_id":"RHSA-2022:4919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4922","reference_id":"RHSA-2022:4922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5029","reference_id":"RHSA-2022:5029","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5029"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5101","reference_id":"RHSA-2022:5101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5532","reference_id":"RHSA-2022:5532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5596","reference_id":"RHSA-2022:5596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6407","reference_id":"RHSA-2022:6407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6782","reference_id":"RHSA-2022:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6783","reference_id":"RHSA-2022:6783","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6783"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6787","reference_id":"RHSA-2022:6787","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6787"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6819","reference_id":"RHSA-2022:6819","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6819"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7409","reference_id":"RHSA-2022:7409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7410","reference_id":"RHSA-2022:7410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7411","reference_id":"RHSA-2022:7411","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7417","reference_id":"RHSA-2022:7417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7417"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7435","reference_id":"RHSA-2022:7435","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7435"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8781","reference_id":"RHSA-2022:8781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8889","reference_id":"RHSA-2022:8889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0264","reference_id":"RHSA-2023:0264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2312","reference_id":"RHSA-2023:2312","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2312"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3223","reference_id":"RHSA-2023:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3061","reference_id":"RHSA-2024:3061","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3061"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/47429?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/47431?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2.1"}],"aliases":["CVE-2020-36518","GHSA-57j2-w4cx-62h2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v6ek-y7cn-kycd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37195?format=json","vulnerability_id":"VCID-w51e-ntqd-8bbg","summary":"XML External Entity (XXE) Injection in Jackson Databind\nA flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25649.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25649.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25649","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04784","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04783","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04775","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0473","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04693","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04696","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0467","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04636","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04595","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04479","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04496","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04512","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04522","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04506","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04472","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0446","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04434","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04395","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04457","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04449","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25649"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1887664","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1887664"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25649","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25649"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/3d932709abd0b5390efe67451653fc9efa9db677","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/3d932709abd0b5390efe67451653fc9efa9db677"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2589","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2589"},{"reference_url":"https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386@%3Ccommits.turbine.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386@%3Ccommits.turbine.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a@%3Cnotifications.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a@%3Cnotifications.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda@%3Ccommits.druid.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda@%3Ccommits.druid.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1@%3Cdev.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1@%3Cdev.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb@%3Ccommits.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb@%3Ccommits.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd@%3Cissues.flink.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd@%3Cissues.flink.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042@%3Creviews.iotdb.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042@%3Creviews.iotdb.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805@%3Cnotifications.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805@%3Cnotifications.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61@%3Cdev.knox.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61@%3Cdev.knox.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cdev.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cdev.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cusers.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cusers.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb@%3Creviews.iotdb.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb@%3Creviews.iotdb.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4@%3Cnotifications.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4@%3Cnotifications.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07@%3Ccommits.iotdb.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07@%3Ccommits.iotdb.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8@%3Cnotifications.iotdb.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8@%3Cnotifications.iotdb.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60@%3Creviews.iotdb.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60@%3Creviews.iotdb.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5@%3Ccommits.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5@%3Ccommits.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3@%3Cuser.spark.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3@%3Cuser.spark.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cdev.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cdev.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cusers.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cusers.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0@%3Cdev.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0@%3Cdev.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22@%3Ccommits.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22@%3Ccommits.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7@%3Ccommits.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7@%3Ccommits.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3@%3Cissues.flink.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3@%3Cissues.flink.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb@%3Cdev.knox.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb@%3Cdev.knox.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d@%3Ccommits.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d@%3Ccommits.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3@%3Cissues.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3@%3Cissues.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1@%3Cissues.hive.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1@%3Cissues.hive.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc@%3Ccommits.zookeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc@%3Ccommits.zookeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1@%3Ccommits.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1@%3Ccommits.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402@%3Ccommits.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402@%3Ccommits.karaf.apache.org%3E"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25649","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25649"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210108-0007","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210108-0007"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://github.com/advisories/GHSA-288c-cq4h-88gq","reference_id":"GHSA-288c-cq4h-88gq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-288c-cq4h-88gq"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4312","reference_id":"RHSA-2020:4312","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4312"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4379","reference_id":"RHSA-2020:4379","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4379"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4401","reference_id":"RHSA-2020:4401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4401"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4402","reference_id":"RHSA-2020:4402","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4402"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5340","reference_id":"RHSA-2020:5340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5340"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5341","reference_id":"RHSA-2020:5341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5342","reference_id":"RHSA-2020:5342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5344","reference_id":"RHSA-2020:5344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5361","reference_id":"RHSA-2020:5361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5410","reference_id":"RHSA-2020:5410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5533","reference_id":"RHSA-2020:5533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5533"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0381","reference_id":"RHSA-2021:0381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0381"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0811","reference_id":"RHSA-2021:0811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0811"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1260","reference_id":"RHSA-2021:1260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1429","reference_id":"RHSA-2021:1429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2039","reference_id":"RHSA-2021:2039","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2039"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2475","reference_id":"RHSA-2021:2475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2476","reference_id":"RHSA-2021:2476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2476"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74354?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4an1-3hs5-3yd6"},{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-cytp-mr4h-g3ds"},{"vulnerability":"VCID-jcgb-bewy-4kff"},{"vulnerability":"VCID-swqd-uk56-wkat"},{"vulnerability":"VCID-u87p-2xgz-e3fj"},{"vulnerability":"VCID-ukwd-7rkh-sfhj"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"},{"vulnerability":"VCID-wds4-urpb-euby"},{"vulnerability":"VCID-ypbt-p34k-hfbc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.7"},{"url":"http://public2.vulnerablecode.io/api/packages/74605?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cup-9gdn-yyhk"},{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.5.1"}],"aliases":["CVE-2020-25649","GHSA-288c-cq4h-88gq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w51e-ntqd-8bbg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11594?format=json","vulnerability_id":"VCID-wds4-urpb-euby","summary":"Unsafe Deserialization in jackson-databind\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36186.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36186.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36186","reference_id":"","reference_type":"","scores":[{"value":"0.02413","scoring_system":"epss","scoring_elements":"0.85259","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02413","scoring_system":"epss","scoring_elements":"0.85223","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02413","scoring_system":"epss","scoring_elements":"0.85087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02413","scoring_system":"epss","scoring_elements":"0.85129","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02413","scoring_system":"epss","scoring_elements":"0.85126","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02413","scoring_system":"epss","scoring_elements":"0.85105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02413","scoring_system":"epss","scoring_elements":"0.85108","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02413","scoring_system":"epss","scoring_elements":"0.8511","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02413","scoring_system":"epss","scoring_elements":"0.85094","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02413","scoring_system":"epss","scoring_elements":"0.85031","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02413","scoring_system":"epss","scoring_elements":"0.85044","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02413","scoring_system":"epss","scoring_elements":"0.85061","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02413","scoring_system":"epss","scoring_elements":"0.85065","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02422","scoring_system":"epss","scoring_elements":"0.85186","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02422","scoring_system":"epss","scoring_elements":"0.85177","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02623","scoring_system":"epss","scoring_elements":"0.85763","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02623","scoring_system":"epss","scoring_elements":"0.85776","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02623","scoring_system":"epss","scoring_elements":"0.85725","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02623","scoring_system":"epss","scoring_elements":"0.85779","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02623","scoring_system":"epss","scoring_elements":"0.85741","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36186"},{"reference_url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36186","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36186"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2997","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2997"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210205-0005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210205-0005/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210205-0005/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913931","reference_id":"1913931","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913931"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36186","reference_id":"CVE-2020-36186","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36186"},{"reference_url":"https://github.com/advisories/GHSA-v585-23hc-c647","reference_id":"GHSA-v585-23hc-c647","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v585-23hc-c647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41767?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-36186","GHSA-v585-23hc-c647"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wds4-urpb-euby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37117?format=json","vulnerability_id":"VCID-ypbt-p34k-hfbc","summary":"Serialization gadgets exploit in jackson-databind\nFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35490.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35490.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35490","reference_id":"","reference_type":"","scores":[{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88415","published_at":"2026-05-14T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88387","published_at":"2026-05-12T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88247","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88336","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88331","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88313","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88314","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88317","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88303","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88311","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88301","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88295","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88275","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.8827","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03916","scoring_system":"epss","scoring_elements":"0.88254","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04249","scoring_system":"epss","scoring_elements":"0.88869","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04249","scoring_system":"epss","scoring_elements":"0.88874","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04249","scoring_system":"epss","scoring_elements":"0.88862","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04249","scoring_system":"epss","scoring_elements":"0.88845","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04249","scoring_system":"epss","scoring_elements":"0.88835","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35490"},{"reference_url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35490"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2986","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2986"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35490","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35490"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210122-0005","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210122-0005"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1909266","reference_id":"1909266","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1909266"},{"reference_url":"https://github.com/advisories/GHSA-wh8g-3j2c-rqj5","reference_id":"GHSA-wh8g-3j2c-rqj5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wh8g-3j2c-rqj5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41767?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8"}],"aliases":["CVE-2020-35490","GHSA-wh8g-3j2c-rqj5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ypbt-p34k-hfbc"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11719?format=json","vulnerability_id":"VCID-5te6-415m-c7df","summary":"Unsafe Deserialization in jackson-databind\nFasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24750.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24750.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24750","reference_id":"","reference_type":"","scores":[{"value":"0.01997","scoring_system":"epss","scoring_elements":"0.83829","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01997","scoring_system":"epss","scoring_elements":"0.83794","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01997","scoring_system":"epss","scoring_elements":"0.83778","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01997","scoring_system":"epss","scoring_elements":"0.83761","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01997","scoring_system":"epss","scoring_elements":"0.83741","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01997","scoring_system":"epss","scoring_elements":"0.83718","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01997","scoring_system":"epss","scoring_elements":"0.83713","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01997","scoring_system":"epss","scoring_elements":"0.83705","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01997","scoring_system":"epss","scoring_elements":"0.83681","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01997","scoring_system":"epss","scoring_elements":"0.8368","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01997","scoring_system":"epss","scoring_elements":"0.83645","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01997","scoring_system":"epss","scoring_elements":"0.8365","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01997","scoring_system":"epss","scoring_elements":"0.83657","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01997","scoring_system":"epss","scoring_elements":"0.8364","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01997","scoring_system":"epss","scoring_elements":"0.83632","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01997","scoring_system":"epss","scoring_elements":"0.83608","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01997","scoring_system":"epss","scoring_elements":"0.83606","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01997","scoring_system":"epss","scoring_elements":"0.83592","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01997","scoring_system":"epss","scoring_elements":"0.8358","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24750"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/2118e71325486c68f089a9761c9d8a11b4ddd1cb","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/2118e71325486c68f089a9761c9d8a11b4ddd1cb"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/6cc9f1a1af323cd156f5668a47e43bab324ae16f","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/6cc9f1a1af323cd156f5668a47e43bab324ae16f"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2798","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2798"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20201009-0003","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20201009-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20201009-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20201009-0003/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1882310","reference_id":"1882310","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1882310"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24750","reference_id":"CVE-2020-24750","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24750"},{"reference_url":"https://github.com/advisories/GHSA-qjw2-hr98-qgfh","reference_id":"GHSA-qjw2-hr98-qgfh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qjw2-hr98-qgfh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4173","reference_id":"RHSA-2020:4173","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4173"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5635","reference_id":"RHSA-2020:5635","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5635"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1230","reference_id":"RHSA-2021:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1515","reference_id":"RHSA-2021:1515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1515"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42026?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16af-yv1z-xufy"},{"vulnerability":"VCID-5r6v-ej7d-ubgv"},{"vulnerability":"VCID-6zee-aqcc-vfbp"},{"vulnerability":"VCID-8h7y-y4pv-cyd3"},{"vulnerability":"VCID-8jw8-6tev-aqgm"},{"vulnerability":"VCID-8tmq-zbmb-m7h4"},{"vulnerability":"VCID-96pq-m4f3-zbad"},{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-avut-gmwd-jqfp"},{"vulnerability":"VCID-bypv-wfhs-sbe4"},{"vulnerability":"VCID-ceub-d4s9-dkcd"},{"vulnerability":"VCID-cytp-mr4h-g3ds"},{"vulnerability":"VCID-hwnx-vf4v-f3db"},{"vulnerability":"VCID-jcgb-bewy-4kff"},{"vulnerability":"VCID-jx9y-fyfm-bqdr"},{"vulnerability":"VCID-svkb-adja-qfef"},{"vulnerability":"VCID-swqd-uk56-wkat"},{"vulnerability":"VCID-tm7y-tnx3-43dq"},{"vulnerability":"VCID-ukwd-7rkh-sfhj"},{"vulnerability":"VCID-unwq-s63h-uuaw"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"},{"vulnerability":"VCID-wds4-urpb-euby"},{"vulnerability":"VCID-x6g1-qw1v-jbas"},{"vulnerability":"VCID-ypbt-p34k-hfbc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5"},{"url":"http://public2.vulnerablecode.io/api/packages/42031?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4an1-3hs5-3yd6"},{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-cytp-mr4h-g3ds"},{"vulnerability":"VCID-jcgb-bewy-4kff"},{"vulnerability":"VCID-swqd-uk56-wkat"},{"vulnerability":"VCID-u87p-2xgz-e3fj"},{"vulnerability":"VCID-ukwd-7rkh-sfhj"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"},{"vulnerability":"VCID-w51e-ntqd-8bbg"},{"vulnerability":"VCID-wds4-urpb-euby"},{"vulnerability":"VCID-ypbt-p34k-hfbc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6"}],"aliases":["CVE-2020-24750","GHSA-qjw2-hr98-qgfh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5te6-415m-c7df"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11729?format=json","vulnerability_id":"VCID-hwnx-vf4v-f3db","summary":"Code Injection in jackson-databind\nThis project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24616.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24616.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24616","reference_id":"","reference_type":"","scores":[{"value":"0.02676","scoring_system":"epss","scoring_elements":"0.85984","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02676","scoring_system":"epss","scoring_elements":"0.85949","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02676","scoring_system":"epss","scoring_elements":"0.85936","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02676","scoring_system":"epss","scoring_elements":"0.85937","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02676","scoring_system":"epss","scoring_elements":"0.85768","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02676","scoring_system":"epss","scoring_elements":"0.85848","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02676","scoring_system":"epss","scoring_elements":"0.85829","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02676","scoring_system":"epss","scoring_elements":"0.85833","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02676","scoring_system":"epss","scoring_elements":"0.85837","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02676","scoring_system":"epss","scoring_elements":"0.85822","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02676","scoring_system":"epss","scoring_elements":"0.85811","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02676","scoring_system":"epss","scoring_elements":"0.85792","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02676","scoring_system":"epss","scoring_elements":"0.85756","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02676","scoring_system":"epss","scoring_elements":"0.85787","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02676","scoring_system":"epss","scoring_elements":"0.8592","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02676","scoring_system":"epss","scoring_elements":"0.85899","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02676","scoring_system":"epss","scoring_elements":"0.8588","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02676","scoring_system":"epss","scoring_elements":"0.85879","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02676","scoring_system":"epss","scoring_elements":"0.8587","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02676","scoring_system":"epss","scoring_elements":"0.85853","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24616"},{"reference_url":"https://github.com/FasterXML/jackson-databind","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind"},{"reference_url":"https://github.com/FasterXML/jackson-databind/commit/3d97153944f7de9c19c1b3637b33d3cf1fbbe4d7","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/commit/3d97153944f7de9c19c1b3637b33d3cf1fbbe4d7"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/2814","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FasterXML/jackson-databind/issues/2814"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"},{"reference_url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200904-0006","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200904-0006"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200904-0006/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200904-0006/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1872707","reference_id":"1872707","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1872707"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24616","reference_id":"CVE-2020-24616","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24616"},{"reference_url":"https://github.com/advisories/GHSA-h3cw-g4mq-c5x2","reference_id":"GHSA-h3cw-g4mq-c5x2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h3cw-g4mq-c5x2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42031?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4an1-3hs5-3yd6"},{"vulnerability":"VCID-9h46-72hw-bkcr"},{"vulnerability":"VCID-cytp-mr4h-g3ds"},{"vulnerability":"VCID-jcgb-bewy-4kff"},{"vulnerability":"VCID-swqd-uk56-wkat"},{"vulnerability":"VCID-u87p-2xgz-e3fj"},{"vulnerability":"VCID-ukwd-7rkh-sfhj"},{"vulnerability":"VCID-v2pq-1qhm-4qb9"},{"vulnerability":"VCID-v6ek-y7cn-kycd"},{"vulnerability":"VCID-w51e-ntqd-8bbg"},{"vulnerability":"VCID-wds4-urpb-euby"},{"vulnerability":"VCID-ypbt-p34k-hfbc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6"}],"aliases":["CVE-2020-24616","GHSA-h3cw-g4mq-c5x2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hwnx-vf4v-f3db"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6"}