Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-fjz8-msfe-27hv

Summary

Unsafe Deserialization in jackson-databind
FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to `oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS`.

Aliases

alias	CVE-2020-36179

alias	GHSA-9gph-22xh-8x98

Fixed_packages

url	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.12.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%3Fdistro=trixie

url pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1

purl pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2841-dnfz-2qgm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%252Bdeb11u1

url pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2841-dnfz-2qgm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.12.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0-1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/jackson-databind@2.14.0%2Bds-2?distro=trixie
purl	pkg:deb/debian/jackson-databind@2.14.0%2Bds-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.14.0%252Bds-2%3Fdistro=trixie

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1uan-q6u8-affj

vulnerability	VCID-5887-pcyq-nkht

vulnerability	VCID-88hx-kauy-4fcy

vulnerability	VCID-8ec9-5qt4-duat

vulnerability	VCID-8fr2-v728-cfcc

vulnerability	VCID-8htk-33f4-4ufg

vulnerability	VCID-8kwc-sxvr-skgp

vulnerability	VCID-auzw-j1fc-jff8

vulnerability	VCID-cnns-pjex-4ybt

vulnerability	VCID-ez2q-xgz1-rkab

vulnerability	VCID-fkct-tzwg-mkh8

vulnerability	VCID-kdkp-1ucy-w3g1

vulnerability	VCID-m3y5-xa6w-83b6

vulnerability	VCID-nz1v-4hgs-6yge

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-r94a-3fq2-efdg

vulnerability	VCID-skd6-gqh8-sbba

vulnerability	VCID-tfky-edec-13gw

vulnerability	VCID-uzry-ts4t-fbc8

vulnerability	VCID-vnh3-bvyq-13d6

vulnerability	VCID-vqke-p81x-sffn

vulnerability	VCID-w1c4-c4xs-yba4

vulnerability	VCID-w7nq-y9sx-nfcc

vulnerability	VCID-xqz3-k7ts-juck

vulnerability	VCID-zm3q-aquc-pqg7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.5

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8fr2-v728-cfcc

vulnerability	VCID-r94a-3fq2-efdg

vulnerability	VCID-w1c4-c4xs-yba4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.10.8

Affected_packages

url pkg:deb/debian/jackson-databind@2.4.2-2

purl pkg:deb/debian/jackson-databind@2.4.2-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18u1-9nc1-2feh

vulnerability	VCID-1uan-q6u8-affj

vulnerability	VCID-1z31-s1cu-bbh4

vulnerability	VCID-2uzw-pn14-p7a1

vulnerability	VCID-314g-t8xy-5khg

vulnerability	VCID-39mg-y1k8-xbf9

vulnerability	VCID-4mtm-6bjh-7ka1

vulnerability	VCID-4r6g-jwvd-1ke5

vulnerability	VCID-4x8s-rj62-tqca

vulnerability	VCID-5887-pcyq-nkht

vulnerability	VCID-58n5-hqdf-xff2

vulnerability	VCID-62jb-3d7y-y7ae

vulnerability	VCID-7pd3-dre3-wug9

vulnerability	VCID-7svn-u8ub-4faw

vulnerability	VCID-7t7w-fq26-auc7

vulnerability	VCID-88hx-kauy-4fcy

vulnerability	VCID-89dx-2s8k-mufw

vulnerability	VCID-8ec9-5qt4-duat

vulnerability	VCID-8fr2-v728-cfcc

vulnerability	VCID-8htk-33f4-4ufg

vulnerability	VCID-8kwc-sxvr-skgp

vulnerability	VCID-8mns-fyju-dqdr

vulnerability	VCID-a7vm-mty5-9bhg

vulnerability	VCID-auzw-j1fc-jff8

vulnerability	VCID-c1uz-emh5-9fhe

vulnerability	VCID-cnns-pjex-4ybt

vulnerability	VCID-crra-28kn-mqab

vulnerability	VCID-d6ez-jva8-hyag

vulnerability	VCID-dd77-bpcr-zfam

vulnerability	VCID-ez2q-xgz1-rkab

vulnerability	VCID-fjz8-msfe-27hv

vulnerability	VCID-fkct-tzwg-mkh8

vulnerability	VCID-fqzk-v2gt-s7am

vulnerability	VCID-gxpn-pz3c-gugf

vulnerability	VCID-h324-unyb-sbac

vulnerability	VCID-huxh-yrbr-s7bt

vulnerability	VCID-jrfy-e6wv-1kbc

vulnerability	VCID-kdkp-1ucy-w3g1

vulnerability	VCID-m3y5-xa6w-83b6

vulnerability	VCID-nz1v-4hgs-6yge

vulnerability	VCID-p52x-ese3-qkha

vulnerability	VCID-q6zd-khan-9yhj

vulnerability	VCID-q7ye-13eq-vuhy

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-r92s-4m4x-dqc7

vulnerability	VCID-r94a-3fq2-efdg

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-rg7k-kaxv-2ubx

vulnerability	VCID-rsg7-5tup-4bd1

vulnerability	VCID-s61k-e43h-13b5

vulnerability	VCID-skd6-gqh8-sbba

vulnerability	VCID-t4kd-zjrn-kueu

vulnerability	VCID-t79w-jeyp-suaw

vulnerability	VCID-tfky-edec-13gw

vulnerability	VCID-u37s-5nn4-wqbx

vulnerability	VCID-ujnp-2f3v-s3h3

vulnerability	VCID-uzry-ts4t-fbc8

vulnerability	VCID-vnh3-bvyq-13d6

vulnerability	VCID-vqke-p81x-sffn

vulnerability	VCID-w1c4-c4xs-yba4

vulnerability	VCID-w5gg-jtut-qkcc

vulnerability	VCID-wqg8-5kwe-vuem

vulnerability	VCID-xqz3-k7ts-juck

vulnerability	VCID-y3uj-myy6-kbha

vulnerability	VCID-z9uf-p9w2-57fj

vulnerability	VCID-zbfc-s76k-gfgv

vulnerability	VCID-zm3q-aquc-pqg7

vulnerability	VCID-zvn3-zvr5-buhg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.4.2-2

url pkg:deb/debian/jackson-databind@2.4.2-2%2Bdeb8u4

purl pkg:deb/debian/jackson-databind@2.4.2-2%2Bdeb8u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18u1-9nc1-2feh

vulnerability	VCID-1uan-q6u8-affj

vulnerability	VCID-1z31-s1cu-bbh4

vulnerability	VCID-2uzw-pn14-p7a1

vulnerability	VCID-314g-t8xy-5khg

vulnerability	VCID-39mg-y1k8-xbf9

vulnerability	VCID-4mtm-6bjh-7ka1

vulnerability	VCID-4r6g-jwvd-1ke5

vulnerability	VCID-4x8s-rj62-tqca

vulnerability	VCID-5887-pcyq-nkht

vulnerability	VCID-58n5-hqdf-xff2

vulnerability	VCID-62jb-3d7y-y7ae

vulnerability	VCID-7pd3-dre3-wug9

vulnerability	VCID-7svn-u8ub-4faw

vulnerability	VCID-7t7w-fq26-auc7

vulnerability	VCID-88hx-kauy-4fcy

vulnerability	VCID-89dx-2s8k-mufw

vulnerability	VCID-8ec9-5qt4-duat

vulnerability	VCID-8fr2-v728-cfcc

vulnerability	VCID-8htk-33f4-4ufg

vulnerability	VCID-8kwc-sxvr-skgp

vulnerability	VCID-8mns-fyju-dqdr

vulnerability	VCID-a7vm-mty5-9bhg

vulnerability	VCID-auzw-j1fc-jff8

vulnerability	VCID-c1uz-emh5-9fhe

vulnerability	VCID-cnns-pjex-4ybt

vulnerability	VCID-crra-28kn-mqab

vulnerability	VCID-d6ez-jva8-hyag

vulnerability	VCID-dd77-bpcr-zfam

vulnerability	VCID-ez2q-xgz1-rkab

vulnerability	VCID-fjz8-msfe-27hv

vulnerability	VCID-fkct-tzwg-mkh8

vulnerability	VCID-fqzk-v2gt-s7am

vulnerability	VCID-gxpn-pz3c-gugf

vulnerability	VCID-h324-unyb-sbac

vulnerability	VCID-huxh-yrbr-s7bt

vulnerability	VCID-jrfy-e6wv-1kbc

vulnerability	VCID-kdkp-1ucy-w3g1

vulnerability	VCID-m3y5-xa6w-83b6

vulnerability	VCID-nz1v-4hgs-6yge

vulnerability	VCID-p52x-ese3-qkha

vulnerability	VCID-q6zd-khan-9yhj

vulnerability	VCID-q7ye-13eq-vuhy

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-r92s-4m4x-dqc7

vulnerability	VCID-r94a-3fq2-efdg

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-rg7k-kaxv-2ubx

vulnerability	VCID-rsg7-5tup-4bd1

vulnerability	VCID-s61k-e43h-13b5

vulnerability	VCID-skd6-gqh8-sbba

vulnerability	VCID-t4kd-zjrn-kueu

vulnerability	VCID-t79w-jeyp-suaw

vulnerability	VCID-tfky-edec-13gw

vulnerability	VCID-u37s-5nn4-wqbx

vulnerability	VCID-ujnp-2f3v-s3h3

vulnerability	VCID-uzry-ts4t-fbc8

vulnerability	VCID-vnh3-bvyq-13d6

vulnerability	VCID-vqke-p81x-sffn

vulnerability	VCID-w1c4-c4xs-yba4

vulnerability	VCID-w5gg-jtut-qkcc

vulnerability	VCID-wqg8-5kwe-vuem

vulnerability	VCID-xqz3-k7ts-juck

vulnerability	VCID-y3uj-myy6-kbha

vulnerability	VCID-z9uf-p9w2-57fj

vulnerability	VCID-zbfc-s76k-gfgv

vulnerability	VCID-zm3q-aquc-pqg7

vulnerability	VCID-zvn3-zvr5-buhg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.4.2-2%252Bdeb8u4

url pkg:deb/debian/jackson-databind@2.8.6-1%2Bdeb9u7

purl pkg:deb/debian/jackson-databind@2.8.6-1%2Bdeb9u7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18u1-9nc1-2feh

vulnerability	VCID-1uan-q6u8-affj

vulnerability	VCID-1z31-s1cu-bbh4

vulnerability	VCID-2uzw-pn14-p7a1

vulnerability	VCID-314g-t8xy-5khg

vulnerability	VCID-39mg-y1k8-xbf9

vulnerability	VCID-4mtm-6bjh-7ka1

vulnerability	VCID-4r6g-jwvd-1ke5

vulnerability	VCID-4x8s-rj62-tqca

vulnerability	VCID-5887-pcyq-nkht

vulnerability	VCID-58n5-hqdf-xff2

vulnerability	VCID-62jb-3d7y-y7ae

vulnerability	VCID-7pd3-dre3-wug9

vulnerability	VCID-7svn-u8ub-4faw

vulnerability	VCID-7t7w-fq26-auc7

vulnerability	VCID-88hx-kauy-4fcy

vulnerability	VCID-89dx-2s8k-mufw

vulnerability	VCID-8ec9-5qt4-duat

vulnerability	VCID-8fr2-v728-cfcc

vulnerability	VCID-8htk-33f4-4ufg

vulnerability	VCID-8kwc-sxvr-skgp

vulnerability	VCID-8mns-fyju-dqdr

vulnerability	VCID-a7vm-mty5-9bhg

vulnerability	VCID-auzw-j1fc-jff8

vulnerability	VCID-c1uz-emh5-9fhe

vulnerability	VCID-cnns-pjex-4ybt

vulnerability	VCID-crra-28kn-mqab

vulnerability	VCID-d6ez-jva8-hyag

vulnerability	VCID-dd77-bpcr-zfam

vulnerability	VCID-ez2q-xgz1-rkab

vulnerability	VCID-fjz8-msfe-27hv

vulnerability	VCID-fkct-tzwg-mkh8

vulnerability	VCID-fqzk-v2gt-s7am

vulnerability	VCID-gxpn-pz3c-gugf

vulnerability	VCID-h324-unyb-sbac

vulnerability	VCID-huxh-yrbr-s7bt

vulnerability	VCID-jrfy-e6wv-1kbc

vulnerability	VCID-kdkp-1ucy-w3g1

vulnerability	VCID-m3y5-xa6w-83b6

vulnerability	VCID-nz1v-4hgs-6yge

vulnerability	VCID-p52x-ese3-qkha

vulnerability	VCID-q6zd-khan-9yhj

vulnerability	VCID-q7ye-13eq-vuhy

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-r92s-4m4x-dqc7

vulnerability	VCID-r94a-3fq2-efdg

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-rg7k-kaxv-2ubx

vulnerability	VCID-rsg7-5tup-4bd1

vulnerability	VCID-s61k-e43h-13b5

vulnerability	VCID-skd6-gqh8-sbba

vulnerability	VCID-t4kd-zjrn-kueu

vulnerability	VCID-t79w-jeyp-suaw

vulnerability	VCID-tfky-edec-13gw

vulnerability	VCID-u37s-5nn4-wqbx

vulnerability	VCID-ujnp-2f3v-s3h3

vulnerability	VCID-uzry-ts4t-fbc8

vulnerability	VCID-vnh3-bvyq-13d6

vulnerability	VCID-vqke-p81x-sffn

vulnerability	VCID-w1c4-c4xs-yba4

vulnerability	VCID-w5gg-jtut-qkcc

vulnerability	VCID-wqg8-5kwe-vuem

vulnerability	VCID-xqz3-k7ts-juck

vulnerability	VCID-y3uj-myy6-kbha

vulnerability	VCID-z9uf-p9w2-57fj

vulnerability	VCID-zbfc-s76k-gfgv

vulnerability	VCID-zm3q-aquc-pqg7

vulnerability	VCID-zvn3-zvr5-buhg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.8.6-1%252Bdeb9u7

url pkg:deb/debian/jackson-databind@2.9.8-3%2Bdeb10u3

purl pkg:deb/debian/jackson-databind@2.9.8-3%2Bdeb10u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1uan-q6u8-affj

vulnerability	VCID-1z31-s1cu-bbh4

vulnerability	VCID-314g-t8xy-5khg

vulnerability	VCID-4mtm-6bjh-7ka1

vulnerability	VCID-4r6g-jwvd-1ke5

vulnerability	VCID-4x8s-rj62-tqca

vulnerability	VCID-5887-pcyq-nkht

vulnerability	VCID-58n5-hqdf-xff2

vulnerability	VCID-7svn-u8ub-4faw

vulnerability	VCID-7t7w-fq26-auc7

vulnerability	VCID-88hx-kauy-4fcy

vulnerability	VCID-89dx-2s8k-mufw

vulnerability	VCID-8fr2-v728-cfcc

vulnerability	VCID-8htk-33f4-4ufg

vulnerability	VCID-8kwc-sxvr-skgp

vulnerability	VCID-auzw-j1fc-jff8

vulnerability	VCID-c1uz-emh5-9fhe

vulnerability	VCID-cnns-pjex-4ybt

vulnerability	VCID-crra-28kn-mqab

vulnerability	VCID-dd77-bpcr-zfam

vulnerability	VCID-fjz8-msfe-27hv

vulnerability	VCID-fkct-tzwg-mkh8

vulnerability	VCID-fqzk-v2gt-s7am

vulnerability	VCID-gxpn-pz3c-gugf

vulnerability	VCID-h324-unyb-sbac

vulnerability	VCID-huxh-yrbr-s7bt

vulnerability	VCID-jrfy-e6wv-1kbc

vulnerability	VCID-nz1v-4hgs-6yge

vulnerability	VCID-q6zd-khan-9yhj

vulnerability	VCID-q7ye-13eq-vuhy

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-r92s-4m4x-dqc7

vulnerability	VCID-r94a-3fq2-efdg

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-rsg7-5tup-4bd1

vulnerability	VCID-s61k-e43h-13b5

vulnerability	VCID-skd6-gqh8-sbba

vulnerability	VCID-t4kd-zjrn-kueu

vulnerability	VCID-ujnp-2f3v-s3h3

vulnerability	VCID-uzry-ts4t-fbc8

vulnerability	VCID-vnh3-bvyq-13d6

vulnerability	VCID-vqke-p81x-sffn

vulnerability	VCID-w1c4-c4xs-yba4

vulnerability	VCID-w5gg-jtut-qkcc

vulnerability	VCID-xqz3-k7ts-juck

vulnerability	VCID-y3uj-myy6-kbha

vulnerability	VCID-z9uf-p9w2-57fj

vulnerability	VCID-zbfc-s76k-gfgv

vulnerability	VCID-zm3q-aquc-pqg7

vulnerability	VCID-zvn3-zvr5-buhg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jackson-databind@2.9.8-3%252Bdeb10u3

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.0.0

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1uan-q6u8-affj

vulnerability	VCID-4mtm-6bjh-7ka1

vulnerability	VCID-5887-pcyq-nkht

vulnerability	VCID-58n5-hqdf-xff2

vulnerability	VCID-62jb-3d7y-y7ae

vulnerability	VCID-7pd3-dre3-wug9

vulnerability	VCID-7svn-u8ub-4faw

vulnerability	VCID-88hx-kauy-4fcy

vulnerability	VCID-8ec9-5qt4-duat

vulnerability	VCID-8fr2-v728-cfcc

vulnerability	VCID-8htk-33f4-4ufg

vulnerability	VCID-8kwc-sxvr-skgp

vulnerability	VCID-auzw-j1fc-jff8

vulnerability	VCID-cnns-pjex-4ybt

vulnerability	VCID-d6ez-jva8-hyag

vulnerability	VCID-ez2q-xgz1-rkab

vulnerability	VCID-fjz8-msfe-27hv

vulnerability	VCID-fkct-tzwg-mkh8

vulnerability	VCID-fqzk-v2gt-s7am

vulnerability	VCID-h324-unyb-sbac

vulnerability	VCID-jrfy-e6wv-1kbc

vulnerability	VCID-kdkp-1ucy-w3g1

vulnerability	VCID-m3y5-xa6w-83b6

vulnerability	VCID-nz1v-4hgs-6yge

vulnerability	VCID-p52x-ese3-qkha

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-r92s-4m4x-dqc7

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-rg7k-kaxv-2ubx

vulnerability	VCID-s61k-e43h-13b5

vulnerability	VCID-skd6-gqh8-sbba

vulnerability	VCID-t4kd-zjrn-kueu

vulnerability	VCID-t79w-jeyp-suaw

vulnerability	VCID-tfky-edec-13gw

vulnerability	VCID-ujnp-2f3v-s3h3

vulnerability	VCID-uzry-ts4t-fbc8

vulnerability	VCID-vnh3-bvyq-13d6

vulnerability	VCID-vqke-p81x-sffn

vulnerability	VCID-w7nq-y9sx-nfcc

vulnerability	VCID-wqg8-5kwe-vuem

vulnerability	VCID-xqz3-k7ts-juck

vulnerability	VCID-zm3q-aquc-pqg7

vulnerability	VCID-zvn3-zvr5-buhg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.0.0

url pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.0

purl pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18u1-9nc1-2feh

vulnerability	VCID-1uan-q6u8-affj

vulnerability	VCID-2uzw-pn14-p7a1

vulnerability	VCID-39mg-y1k8-xbf9

vulnerability	VCID-4r6g-jwvd-1ke5

vulnerability	VCID-4x8s-rj62-tqca

vulnerability	VCID-5887-pcyq-nkht

vulnerability	VCID-62jb-3d7y-y7ae

vulnerability	VCID-7pd3-dre3-wug9

vulnerability	VCID-7svn-u8ub-4faw

vulnerability	VCID-7t7w-fq26-auc7

vulnerability	VCID-88hx-kauy-4fcy

vulnerability	VCID-8ec9-5qt4-duat

vulnerability	VCID-8fr2-v728-cfcc

vulnerability	VCID-8htk-33f4-4ufg

vulnerability	VCID-8kwc-sxvr-skgp

vulnerability	VCID-8mns-fyju-dqdr

vulnerability	VCID-auzw-j1fc-jff8

vulnerability	VCID-cnns-pjex-4ybt

vulnerability	VCID-d6ez-jva8-hyag

vulnerability	VCID-ez2q-xgz1-rkab

vulnerability	VCID-fjz8-msfe-27hv

vulnerability	VCID-fkct-tzwg-mkh8

vulnerability	VCID-fqzk-v2gt-s7am

vulnerability	VCID-h324-unyb-sbac

vulnerability	VCID-j1pk-ygx5-5bfd

vulnerability	VCID-jrfy-e6wv-1kbc

vulnerability	VCID-kdkp-1ucy-w3g1

vulnerability	VCID-m3y5-xa6w-83b6

vulnerability	VCID-nz1v-4hgs-6yge

vulnerability	VCID-p52x-ese3-qkha

vulnerability	VCID-qx3m-tcqj-ukc2

vulnerability	VCID-r92s-4m4x-dqc7

vulnerability	VCID-r94a-3fq2-efdg

vulnerability	VCID-rfqz-nf3z-v3a3

vulnerability	VCID-rg7k-kaxv-2ubx

vulnerability	VCID-s61k-e43h-13b5

vulnerability	VCID-skd6-gqh8-sbba

vulnerability	VCID-t4kd-zjrn-kueu

vulnerability	VCID-t79w-jeyp-suaw

vulnerability	VCID-tfky-edec-13gw

vulnerability	VCID-u37s-5nn4-wqbx

vulnerability	VCID-ujnp-2f3v-s3h3

vulnerability	VCID-uzry-ts4t-fbc8

vulnerability	VCID-vnh3-bvyq-13d6

vulnerability	VCID-vqke-p81x-sffn

vulnerability	VCID-w1c4-c4xs-yba4

vulnerability	VCID-w7nq-y9sx-nfcc

vulnerability	VCID-wqg8-5kwe-vuem

vulnerability	VCID-xqz3-k7ts-juck

vulnerability	VCID-zbfc-s76k-gfgv

vulnerability	VCID-zm3q-aquc-pqg7

vulnerability	VCID-zvn3-zvr5-buhg

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.0

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36179.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36179.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36179

reference_id

reference_type

scores

value	0.61883
scoring_system	epss
scoring_elements	0.98367
published_at	2026-06-08T12:55:00Z

value	0.61883
scoring_system	epss
scoring_elements	0.98365
published_at	2026-06-09T12:55:00Z

value	0.61883
scoring_system	epss
scoring_elements	0.98362
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36179

reference_url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/

url

https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36179
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36179

reference_url

https://github.com/FasterXML/jackson-databind

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind

reference_url

https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b

reference_url

https://github.com/FasterXML/jackson-databind/issues/3004

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/

url

https://github.com/FasterXML/jackson-databind/issues/3004

reference_url

https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436@%3Cissues.spark.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436@%3Cissues.spark.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210205-0005

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1913871
reference_id	1913871
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1913871

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-36179

reference_id

CVE-2020-36179

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-36179

reference_url

https://github.com/advisories/GHSA-9gph-22xh-8x98

reference_id

GHSA-9gph-22xh-8x98

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9gph-22xh-8x98

reference_url

https://security.netapp.com/advisory/ntap-20210205-0005/

reference_id

ntap-20210205-0005

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/

url

https://security.netapp.com/advisory/ntap-20210205-0005/

reference_url

https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436%40%3Cissues.spark.apache.org%3E

reference_id

rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436%40%3Cissues.spark.apache.org%3E

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-25T04:00:53Z/

url

https://lists.apache.org/thread.html/rc255f41d9a61d3dc79a51fb5c713de4ae10e71e3673feeb0b180b436%40%3Cissues.spark.apache.org%3E

reference_url	https://access.redhat.com/errata/RHSA-2021:1230
reference_id	RHSA-2021:1230
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1230

reference_url	https://access.redhat.com/errata/RHSA-2021:1515
reference_id	RHSA-2021:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1515

Weaknesses

cwe_id	502
name	Deserialization of Untrusted Data
description	The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fjz8-msfe-27hv

Vulnerability Instance