Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
Typemaven
Namespacecom.fasterxml.jackson.core
Namejackson-databind
Version2.6.7.5
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.7.9.1
Latest_non_vulnerable_version2.16.0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-4r6g-jwvd-1ke5
vulnerability_id VCID-4r6g-jwvd-1ke5
summary 
Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 an 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
references
0
reference_url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
1
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind
2
reference_url https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4
3
reference_url https://github.com/FasterXML/jackson-databind/issues/2996
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/2996
4
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
5
reference_url https://security.netapp.com/advisory/ntap-20210205-0005
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210205-0005
6
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuApr2021.html
7
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuapr2022.html
8
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujan2022.html
9
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
url https://www.oracle.com//security-alerts/cpujul2021.html
10
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujul2022.html
11
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuoct2021.html
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36189
reference_id CVE-2020-36189
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-36189
13
reference_url https://github.com/advisories/GHSA-vfqx-33qm-g869
reference_id GHSA-vfqx-33qm-g869
reference_type
scores
url https://github.com/advisories/GHSA-vfqx-33qm-g869
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-36189, GHSA-vfqx-33qm-g869
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4r6g-jwvd-1ke5
1
url VCID-fjz8-msfe-27hv
vulnerability_id VCID-fjz8-msfe-27hv
summary 
Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.
references
0
reference_url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
1
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind
2
reference_url https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b
3
reference_url https://github.com/FasterXML/jackson-databind/issues/3004
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/3004
4
reference_url https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436@%3Cissues.spark.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436@%3Cissues.spark.apache.org%3E
5
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
6
reference_url https://security.netapp.com/advisory/ntap-20210205-0005
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210205-0005
7
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuApr2021.html
8
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuapr2022.html
9
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujan2022.html
10
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
url https://www.oracle.com//security-alerts/cpujul2021.html
11
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujul2022.html
12
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuoct2021.html
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36179
reference_id CVE-2020-36179
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-36179
14
reference_url https://github.com/advisories/GHSA-9gph-22xh-8x98
reference_id GHSA-9gph-22xh-8x98
reference_type
scores
url https://github.com/advisories/GHSA-9gph-22xh-8x98
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-36179, GHSA-9gph-22xh-8x98
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fjz8-msfe-27hv
2
url VCID-fqzk-v2gt-s7am
vulnerability_id VCID-fqzk-v2gt-s7am
summary 
Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
references
0
reference_url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
1
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind
2
reference_url https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b
3
reference_url https://github.com/FasterXML/jackson-databind/issues/3004
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/3004
4
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
5
reference_url https://security.netapp.com/advisory/ntap-20210205-0005
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210205-0005
6
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuApr2021.html
7
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuapr2022.html
8
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujan2022.html
9
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
url https://www.oracle.com//security-alerts/cpujul2021.html
10
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujul2022.html
11
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuoct2021.html
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36182
reference_id CVE-2020-36182
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-36182
13
reference_url https://github.com/advisories/GHSA-89qr-369f-5m5x
reference_id GHSA-89qr-369f-5m5x
reference_type
scores
url https://github.com/advisories/GHSA-89qr-369f-5m5x
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-36182, GHSA-89qr-369f-5m5x
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fqzk-v2gt-s7am
3
url VCID-h324-unyb-sbac
vulnerability_id VCID-h324-unyb-sbac
summary 
Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource`.
references
0
reference_url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
1
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind
2
reference_url https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4
3
reference_url https://github.com/FasterXML/jackson-databind/issues/2996
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/2996
4
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
5
reference_url https://security.netapp.com/advisory/ntap-20210205-0005
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210205-0005
6
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuApr2021.html
7
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuapr2022.html
8
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujan2022.html
9
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
url https://www.oracle.com//security-alerts/cpujul2021.html
10
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujul2022.html
11
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuoct2021.html
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36188
reference_id CVE-2020-36188
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-36188
13
reference_url https://github.com/advisories/GHSA-f9xh-2qgp-cq57
reference_id GHSA-f9xh-2qgp-cq57
reference_type
scores
url https://github.com/advisories/GHSA-f9xh-2qgp-cq57
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-36188, GHSA-f9xh-2qgp-cq57
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h324-unyb-sbac
4
url VCID-jrfy-e6wv-1kbc
vulnerability_id VCID-jrfy-e6wv-1kbc
summary 
Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS`.
references
0
reference_url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
1
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind
2
reference_url https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b
3
reference_url https://github.com/FasterXML/jackson-databind/issues/3004
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/3004
4
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
5
reference_url https://security.netapp.com/advisory/ntap-20210205-0005
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210205-0005
6
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuApr2021.html
7
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuapr2022.html
8
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujan2022.html
9
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
url https://www.oracle.com//security-alerts/cpujul2021.html
10
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujul2022.html
11
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuoct2021.html
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36181
reference_id CVE-2020-36181
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-36181
13
reference_url https://github.com/advisories/GHSA-cvm9-fjm9-3572
reference_id GHSA-cvm9-fjm9-3572
reference_type
scores
url https://github.com/advisories/GHSA-cvm9-fjm9-3572
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-36181, GHSA-cvm9-fjm9-3572
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jrfy-e6wv-1kbc
5
url VCID-r92s-4m4x-dqc7
vulnerability_id VCID-r92s-4m4x-dqc7
summary 
Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
references
0
reference_url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
1
reference_url https://github.com/FasterXML/jackson-databind/commit/12e23c962ffb4cf1857c5461d72ae54cc8008f29
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/commit/12e23c962ffb4cf1857c5461d72ae54cc8008f29
2
reference_url https://github.com/FasterXML/jackson-databind/issues/3003
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/3003
3
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
4
reference_url https://security.netapp.com/advisory/ntap-20210205-0005
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210205-0005
5
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuApr2021.html
6
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuapr2022.html
7
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujan2022.html
8
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
url https://www.oracle.com//security-alerts/cpujul2021.html
9
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujul2022.html
10
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuoct2021.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36183
reference_id CVE-2020-36183
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-36183
12
reference_url https://github.com/advisories/GHSA-9m6f-7xcq-8vf8
reference_id GHSA-9m6f-7xcq-8vf8
reference_type
scores
url https://github.com/advisories/GHSA-9m6f-7xcq-8vf8
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-36183, GHSA-9m6f-7xcq-8vf8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r92s-4m4x-dqc7
6
url VCID-s61k-e43h-13b5
vulnerability_id VCID-s61k-e43h-13b5
summary 
Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
references
0
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind
1
reference_url https://github.com/FasterXML/jackson-databind/commit/2118e71325486c68f089a9761c9d8a11b4ddd1cb
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/commit/2118e71325486c68f089a9761c9d8a11b4ddd1cb
2
reference_url https://github.com/FasterXML/jackson-databind/commit/6cc9f1a1af323cd156f5668a47e43bab324ae16f
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/commit/6cc9f1a1af323cd156f5668a47e43bab324ae16f
3
reference_url https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b
4
reference_url https://github.com/FasterXML/jackson-databind/issues/2798
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/2798
5
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
6
reference_url https://security.netapp.com/advisory/ntap-20201009-0003
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20201009-0003
7
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuApr2021.html
8
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuapr2022.html
9
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujan2021.html
10
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujan2022.html
11
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
url https://www.oracle.com//security-alerts/cpujul2021.html
12
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuoct2021.html
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-24750
reference_id CVE-2020-24750
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-24750
14
reference_url https://github.com/advisories/GHSA-qjw2-hr98-qgfh
reference_id GHSA-qjw2-hr98-qgfh
reference_type
scores
url https://github.com/advisories/GHSA-qjw2-hr98-qgfh
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.6
aliases CVE-2020-24750, GHSA-qjw2-hr98-qgfh
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s61k-e43h-13b5
7
url VCID-zvn3-zvr5-buhg
vulnerability_id VCID-zvn3-zvr5-buhg
summary 
Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
references
0
reference_url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
reference_id
reference_type
scores
url https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
1
reference_url https://github.com/FasterXML/jackson-databind
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind
2
reference_url https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b
3
reference_url https://github.com/FasterXML/jackson-databind/issues/3004
reference_id
reference_type
scores
url https://github.com/FasterXML/jackson-databind/issues/3004
4
reference_url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
5
reference_url https://security.netapp.com/advisory/ntap-20210205-0005
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210205-0005
6
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuApr2021.html
7
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuapr2022.html
8
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujan2022.html
9
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
url https://www.oracle.com//security-alerts/cpujul2021.html
10
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujul2022.html
11
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuoct2021.html
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36180
reference_id CVE-2020-36180
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-36180
13
reference_url https://github.com/advisories/GHSA-8c4j-34r4-xr8g
reference_id GHSA-8c4j-34r4-xr8g
reference_type
scores
url https://github.com/advisories/GHSA-8c4j-34r4-xr8g
fixed_packages
0
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5
1
url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8
aliases CVE-2020-36180, GHSA-8c4j-34r4-xr8g
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zvn3-zvr5-buhg
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5