Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.2

Type maven

Namespace com.fasterxml.jackson.core

Name jackson-databind

Version 2.6.7.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.6.7.3

Latest_non_vulnerable_version 2.16.0

Affected_by_vulnerabilities

url VCID-18u1-9nc1-2feh

vulnerability_id VCID-18u1-9nc1-2feh

summary

Deserialization of Untrusted Data
FasterXML jackson-databind might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.

references

reference_url	https://github.com/FasterXML/jackson-databind/issues/2186
reference_id
reference_type
scores
url	https://github.com/FasterXML/jackson-databind/issues/2186

reference_url	https://issues.apache.org/jira/browse/TINKERPOP-2121
reference_id
reference_type
scores
url	https://issues.apache.org/jira/browse/TINKERPOP-2121

reference_url	http://www.securityfocus.com/bid/107985
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/107985

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-19360
reference_id	CVE-2018-19360
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-19360

fixed_packages

url	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
purl	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-p52x-ese3-qkha

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-p52x-ese3-qkha

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

url	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
purl	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8

aliases CVE-2018-19360

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-18u1-9nc1-2feh

url VCID-8mns-fyju-dqdr

vulnerability_id VCID-8mns-fyju-dqdr

summary

Deserialization of Untrusted Data
FasterXML jackson-databind might allow attackers to have unspecified impact by leveraging failure to block the `openjpa` class from polymorphic deserialization.

references

reference_url	https://github.com/FasterXML/jackson-databind/issues/2186
reference_id
reference_type
scores
url	https://github.com/FasterXML/jackson-databind/issues/2186

reference_url	https://issues.apache.org/jira/browse/TINKERPOP-2121
reference_id
reference_type
scores
url	https://issues.apache.org/jira/browse/TINKERPOP-2121

reference_url	http://www.securityfocus.com/bid/107985
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/107985

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-19361
reference_id	CVE-2018-19361
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-19361

fixed_packages

url	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
purl	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-p52x-ese3-qkha

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-p52x-ese3-qkha

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

url	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
purl	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8

aliases CVE-2018-19361

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8mns-fyju-dqdr

url VCID-d6ez-jva8-hyag

vulnerability_id VCID-d6ez-jva8-hyag

summary

Deserialization of Untrusted Data
FasterXML jackson-databind might allow attackers to have unspecified impact by leveraging failure to block the `jboss-common-core` class from polymorphic deserialization.

references

reference_url	https://github.com/FasterXML/jackson-databind/issues/2186
reference_id
reference_type
scores
url	https://github.com/FasterXML/jackson-databind/issues/2186

reference_url	https://issues.apache.org/jira/browse/TINKERPOP-2121
reference_id
reference_type
scores
url	https://issues.apache.org/jira/browse/TINKERPOP-2121

reference_url	http://www.securityfocus.com/bid/107985
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/107985

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-19362
reference_id	CVE-2018-19362
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-19362

fixed_packages

url	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
purl	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.3

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-p52x-ese3-qkha

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.5

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-p52x-ese3-qkha

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.11.3

url	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
purl	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.8

aliases CVE-2018-19362

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d6ez-jva8-hyag

Fixing_vulnerabilities

url VCID-39mg-y1k8-xbf9

vulnerability_id VCID-39mg-y1k8-xbf9

summary

Improper Restriction of XML External Entity Reference
FasterXML jackson-databind might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

references

reference_url	https://github.com/FasterXML/jackson-databind/issues/2097
reference_id
reference_type
scores
url	https://github.com/FasterXML/jackson-databind/issues/2097

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-14720
reference_id	CVE-2018-14720
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-14720

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.2

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18u1-9nc1-2feh

vulnerability	VCID-8mns-fyju-dqdr

vulnerability	VCID-d6ez-jva8-hyag

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.2

url	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7
purl	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7

aliases CVE-2018-14720

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-39mg-y1k8-xbf9

url VCID-t79w-jeyp-suaw

vulnerability_id VCID-t79w-jeyp-suaw

summary

Deserialization of Untrusted Data
FasterXML jackson-databind might allow remote attackers to execute arbitrary code by leveraging failure to block the `blaze-ds-opt` and `blaze-ds-core` classes from polymorphic deserialization.

references

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-14719
reference_id	CVE-2018-14719
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-14719

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.2

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18u1-9nc1-2feh

vulnerability	VCID-8mns-fyju-dqdr

vulnerability	VCID-d6ez-jva8-hyag

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.2

url	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7
purl	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7

aliases CVE-2018-14719

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t79w-jeyp-suaw

url VCID-u37s-5nn4-wqbx

vulnerability_id VCID-u37s-5nn4-wqbx

summary

Server-Side Request Forgery (SSRF)
FasterXML jackson-databind might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the `axis2-jaxws` class from polymorphic deserialization.

references

reference_url	https://github.com/FasterXML/jackson-databind/issues/2097
reference_id
reference_type
scores
url	https://github.com/FasterXML/jackson-databind/issues/2097

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-14721
reference_id	CVE-2018-14721
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-14721

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.2

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18u1-9nc1-2feh

vulnerability	VCID-8mns-fyju-dqdr

vulnerability	VCID-d6ez-jva8-hyag

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.2

url	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7
purl	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7

aliases CVE-2018-14721

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u37s-5nn4-wqbx

url VCID-wqg8-5kwe-vuem

vulnerability_id VCID-wqg8-5kwe-vuem

summary

Deserialization of Untrusted Data
FasterXML jackson-databind might allow remote attackers to execute arbitrary code by leveraging failure to block the `slf4j-ext` class from polymorphic deserialization.

references

reference_url	http://www.securityfocus.com/bid/106601
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106601

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-14718
reference_id	CVE-2018-14718
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-14718

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.2

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18u1-9nc1-2feh

vulnerability	VCID-8mns-fyju-dqdr

vulnerability	VCID-d6ez-jva8-hyag

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.2

url	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7
purl	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.7

aliases CVE-2018-14718

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wqg8-5kwe-vuem

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.2

Package Instance