Lucene search

Jackson-databind Security Vulnerabilities

cve

CVE-2023-35116

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure...

4.7CVSS

5.7AI Score

0.0004EPSS

2023-06-14 02:15 PM

948

cve

CVE-2021-46877

jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK...

7.5CVSS

7.1AI Score

0.001EPSS

2023-03-18 10:15 PM

119

cve

CVE-2020-10650

A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and...

8.1CVSS

8.5AI Score

0.004EPSS

2022-12-26 08:15 PM

cve

CVE-2022-42004

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for...

7.5CVSS

7.6AI Score

0.003EPSS

2022-10-02 05:15 AM

274

cve

CVE-2022-42003

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is...

7.5CVSS

7.6AI Score

0.003EPSS

2022-10-02 05:15 AM

452

cve

CVE-2020-36518

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested...

7.5CVSS

7.6AI Score

0.002EPSS

2022-03-11 07:15 AM

338

cve

CVE-2021-20190

A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

8.1CVSS

8.5AI Score

0.004EPSS

2021-01-19 05:15 PM

195

cve

CVE-2020-36182

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

8.6AI Score

0.003EPSS

2021-01-07 12:15 AM

219

cve

CVE-2020-36179

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

8.6AI Score

0.004EPSS

2021-01-07 12:15 AM

220

cve

CVE-2020-36180

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

8.6AI Score

0.003EPSS

2021-01-07 12:15 AM

222

cve

CVE-2020-36183

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

8.6AI Score

0.003EPSS

2021-01-07 12:15 AM

220

cve

CVE-2020-36186

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

8.6AI Score

0.003EPSS

2021-01-06 11:15 PM

202

cve

CVE-2020-36185

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

8.6AI Score

0.003EPSS

2021-01-06 11:15 PM

207

cve

CVE-2020-36189

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

8.6AI Score

0.003EPSS

2021-01-06 11:15 PM

213

cve

CVE-2020-36188

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

8.6AI Score

0.003EPSS

2021-01-06 11:15 PM

207

cve

CVE-2020-36181

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

8.6AI Score

0.003EPSS

2021-01-06 11:15 PM

211

cve

CVE-2020-36184

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

8.6AI Score

0.003EPSS

2021-01-06 11:15 PM

210

cve

CVE-2020-36187

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

8.6AI Score

0.003EPSS

2021-01-06 11:15 PM

200

cve

CVE-2020-35728

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in...

8.1CVSS

8.5AI Score

0.007EPSS

2020-12-27 05:15 AM

217

cve

CVE-2020-35490

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

8.6AI Score

0.003EPSS

2020-12-17 07:15 PM

182

cve

CVE-2020-35491

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS

8.6AI Score

0.003EPSS

2020-12-17 07:15 PM

191

cve

CVE-2020-25649

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data...

7.5CVSS

7.4AI Score

0.004EPSS

2020-12-03 05:15 PM

282