Search for vulnerabilities
Vulnerability details: VCID-gqhw-ngh8-aaap
Vulnerability ID VCID-gqhw-ngh8-aaap
Aliases CVE-2022-42004
GHSA-rgv9-q543-rqg4
Summary Deserialization of Untrusted Data in FasterXML jackson-databind
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-502 Deserialization of Untrusted Data
CWE-400 Uncontrolled Resource Consumption
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 7.5 https://access.redhat.com/errata/RHSA-2023:2135
ssvc Track https://access.redhat.com/errata/RHSA-2023:2135
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42004.json
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.0018 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00239 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00264 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00271 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00289 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00289 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00289 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
epss 0.00289 https://api.first.org/data/v1/epss?cve=CVE-2022-42004
cvssv3.1 7.5 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490
generic_textual HIGH https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-rgv9-q543-rqg4
cvssv3.1 7.5 https://github.com/FasterXML/jackson-databind
generic_textual HIGH https://github.com/FasterXML/jackson-databind
cvssv3.1 7.5 https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88
generic_textual HIGH https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88
cvssv3.1 7.5 https://github.com/FasterXML/jackson-databind/commit/35de19e7144c4df8ab178b800ba86e80c3d84252
generic_textual HIGH https://github.com/FasterXML/jackson-databind/commit/35de19e7144c4df8ab178b800ba86e80c3d84252
cvssv3.1 7.5 https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea
generic_textual HIGH https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea
cvssv3.1 7.5 https://github.com/FasterXML/jackson-databind/issues/3582
generic_textual HIGH https://github.com/FasterXML/jackson-databind/issues/3582
cvssv3.1 7.5 https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html
generic_textual HIGH https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42004
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-42004
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2022-42004
cvssv3.1 7.5 https://security.gentoo.org/glsa/202210-21
generic_textual HIGH https://security.gentoo.org/glsa/202210-21
cvssv3.1 7.5 https://security.netapp.com/advisory/ntap-20221118-0008
generic_textual HIGH https://security.netapp.com/advisory/ntap-20221118-0008
cvssv3.1 7.5 https://www.debian.org/security/2022/dsa-5283
generic_textual HIGH https://www.debian.org/security/2022/dsa-5283
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42004.json
https://api.first.org/data/v1/epss?cve=CVE-2022-42004
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/FasterXML/jackson-databind
https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88
https://github.com/FasterXML/jackson-databind/commit/35de19e7144c4df8ab178b800ba86e80c3d84252
https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea
https://github.com/FasterXML/jackson-databind/issues/3582
https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html
https://security.gentoo.org/glsa/202210-21
https://security.netapp.com/advisory/ntap-20221118-0008
https://security.netapp.com/advisory/ntap-20221118-0008/
https://www.debian.org/security/2022/dsa-5283
2135247 https://bugzilla.redhat.com/show_bug.cgi?id=2135247
cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
CVE-2022-42004 https://nvd.nist.gov/vuln/detail/CVE-2022-42004
GHSA-rgv9-q543-rqg4 https://github.com/advisories/GHSA-rgv9-q543-rqg4
RHSA-2022:7435 https://access.redhat.com/errata/RHSA-2022:7435
RHSA-2022:8781 https://access.redhat.com/errata/RHSA-2022:8781
RHSA-2022:8876 https://access.redhat.com/errata/RHSA-2022:8876
RHSA-2022:8889 https://access.redhat.com/errata/RHSA-2022:8889
RHSA-2022:9023 https://access.redhat.com/errata/RHSA-2022:9023
RHSA-2022:9032 https://access.redhat.com/errata/RHSA-2022:9032
RHSA-2023:0189 https://access.redhat.com/errata/RHSA-2023:0189
RHSA-2023:0264 https://access.redhat.com/errata/RHSA-2023:0264
RHSA-2023:0469 https://access.redhat.com/errata/RHSA-2023:0469
RHSA-2023:0471 https://access.redhat.com/errata/RHSA-2023:0471
RHSA-2023:0552 https://access.redhat.com/errata/RHSA-2023:0552
RHSA-2023:0553 https://access.redhat.com/errata/RHSA-2023:0553
RHSA-2023:0554 https://access.redhat.com/errata/RHSA-2023:0554
RHSA-2023:0556 https://access.redhat.com/errata/RHSA-2023:0556
RHSA-2023:0713 https://access.redhat.com/errata/RHSA-2023:0713
RHSA-2023:1006 https://access.redhat.com/errata/RHSA-2023:1006
RHSA-2023:1064 https://access.redhat.com/errata/RHSA-2023:1064
RHSA-2023:2097 https://access.redhat.com/errata/RHSA-2023:2097
RHSA-2023:2100 https://access.redhat.com/errata/RHSA-2023:2100
RHSA-2023:2135 https://access.redhat.com/errata/RHSA-2023:2135
RHSA-2023:3223 https://access.redhat.com/errata/RHSA-2023:3223
RHSA-2023:3641 https://access.redhat.com/errata/RHSA-2023:3641
RHSA-2023:3663 https://access.redhat.com/errata/RHSA-2023:3663
RHSA-2025:1746 https://access.redhat.com/errata/RHSA-2025:1746
RHSA-2025:1747 https://access.redhat.com/errata/RHSA-2025:1747
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2023:2135
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/ Found at https://access.redhat.com/errata/RHSA-2023:2135
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42004.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/FasterXML/jackson-databind
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/FasterXML/jackson-databind/commit/35de19e7144c4df8ab178b800ba86e80c3d84252
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/FasterXML/jackson-databind/issues/3582
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-42004
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-42004
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.gentoo.org/glsa/202210-21
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20221118-0008
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2022/dsa-5283
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.40406
EPSS Score 0.0018
Published At May 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.