In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is...
7.5AI Score
0.003EPSS
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for...
7.5AI Score
0.003EPSS
jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK...
7.5AI Score
0.001EPSS
A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and...
9.7AI Score
0.004EPSS
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure...
4.7CVSS
5.7AI Score
0.0004EPSS
Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service...
7AI Score
0.001EPSS
Security exception in DatatypeFuzzer.fuzzerTestOneInput
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50379 Crash type: Security exception Crash state: DatatypeFuzzer.fuzzerTestOneInput com.code_intelligence.jazzer.driver.FuzzTargetRunner.runOne...
-0.3AI Score
Moderate: pki-core:10.6 and pki-deps:10.6 security update
The Public Key Infrastructure (PKI) Core contains fundamental packages required by AlmaLinux Certificate System. Security Fix(es): jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518) For more details about the security issue(s), including the impact, a CVSS...
7AI Score
0.002EPSS
pki-core:10.6 and pki-deps:10.6 security update
apache-commons-collections apache-commons-lang apache-commons-net bea-stax fasterxml-oss-parent [49-1] - Rebase to upstream version 49 [26-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [26-5] - Fix license tag [26-4] - Rebuilt for...
7.2AI Score
0.002EPSS
Security exception in com.github.javaparser.ast.validator.TreeVisitorValidator.accept
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67672 Crash type: Security exception Crash state: com.github.javaparser.ast.validator.TreeVisitorValidator.accept com.github.javaparser.ast.expr.FieldAccessExpr.getMetaModel...
7.1AI Score
(RHSA-2024:3061) Moderate: pki-core:10.6 and pki-deps:10.6 security update
The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518) For more details about the security issue(s), including the impact, a CVSS...
7.1AI Score
0.002EPSS
RHEL 7 : jackson-databind (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper (CVE-2017-7525) A...
9.8AI Score
9.2AI Score
0.011EPSS
Fedora 29 : jackson-annotations / jackson-bom / jackson-core / jackson-databind (2019-fb23eccc03)
Update jackson-databind to version 2.9.9.3. Update jackson-core to version 2.9.9. Update jackson-annotations to version 2.9.9. Update jackson-bom to version 2.9.9. Resolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, and CVE-14439. Note that Tenable Network Security has...
8.3AI Score
Fedora 30 : jackson-annotations / jackson-bom / jackson-core / jackson-databind (2019-ae6a703b8f)
Update jackson-databind to version 2.9.9.3. Update jackson-core to version 2.9.9. Update jackson-annotations to version 2.9.9. Update jackson-bom to version 2.9.9. Resolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, and CVE-14439. Note that Tenable Network Security has...
8.3AI Score
FasterXML Jackson Databind Detection for Linux/UNIX
The host contains the FasterXML Jackson Databind package, a Java-based general-purpose data-binding package. Note that this plugin only detects FasterXML Jackson Databind package in commonly used installation directories or a user specified search...
1.7AI Score
Software: jackson-databind 2.10.0 OS: ROSA Virtualization 2.1 package_evr_string: jackson-databind-2.10.0 CVE-ID: CVE-2020-35490 BDU-ID: 2022-03804 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the org.apache.commons.dbcp2.datasources.PerUserPoolDataSource component of the Jackson-databind library.....
8.1AI Score
0.007EPSS
Debian DLA-1831-1 : jackson-databind security update
More Polymorphic Typing issues were discovered in jackson-databind. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x or logback-core jar in the classpath, an attacker can send a specifically...
8.7AI Score
Fedora 31 : jackson-annotations / jackson-bom / jackson-core / jackson-databind (2019-99ff6aa32c)
Update jackson-databind to version 2.9.9.3. Update jackson-core to version 2.9.9. Update jackson-annotations to version 2.9.9. Update jackson-bom to version 2.9.9. Resolves CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, and CVE-14439. Note that Tenable Network Security has...
8.3AI Score
Update jackson-parent to version 2.10. Update jackson-bom to version 2.10.0. Update jackson-annotations to version 2.10.0. Update jackson-core to version 2.10.0. Update jackson-databind to version 2.10.0. Resolves CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943. Note that...
9.9AI Score
lake-jackson-tx.findstoragefast.com Cross Site Scripting vulnerability OBB-3853490
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Moderate: pki-core:10.6 and pki-deps:10.6 security update
The Public Key Infrastructure (PKI) Core contains fundamental packages required by AlmaLinux Certificate System. Security Fix(es): jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518) For more details about the security issue(s), including the impact, a CVSS...
7AI Score
0.002EPSS
Debian DLA-1879-1 : jackson-databind security update
Deserialization flaws were discovered in jackson-databind relating to EHCache and logback/jndi, which could allow an unauthenticated user to perform remote code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. For Debian 8...
9.7AI Score
RHEL 9 : jackson (RHSA-2023:2312)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:2312 advisory. jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518) Note that Nessus has not tested for this issue but has...
7.7AI Score
Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID:...
9.3AI Score
0.166EPSS
Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests (using application/yaml content-type), it...
9.7AI Score
0.008EPSS
jackson-databind Vulnerability in Bitbucket Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, and 8.13.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
8.5AI Score
0.002EPSS
RHEL 7 : rh-maven35-jackson-databind (RHSA-2019:2743)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2743 advisory. jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379) Note that Nessus has not tested for this issue but...
7.8AI Score
jackson-databind Vulnerability in Bitbucket Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, and 8.13.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
7.5AI Score
0.001EPSS
RHEL 7 : rh-maven35-jackson-databind (RHSA-2019:0782)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0782 advisory. jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307) ...
8AI Score
RHEL 7 : rh-maven35-jackson-databind (RHSA-2019:4192)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:4192 advisory. jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.* (CVE-2019-17531) Note that Nessus has not tested for this issue but has...
6.9AI Score
RHEL 7 : rh-maven35-jackson-databind (RHSA-2019:1820)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1820 advisory. jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384) ...
7.8AI Score
RHEL 7 : rh-eclipse46-jackson-databind (RHSA-2018:0116)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0116 advisory. jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485) Note that Nessus has...
9AI Score
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Fasterxml jackson-databind, caused by a stack-based overflow [CVE-2023-35116]. Fasterxml jackson-databind is used in our Speech microservices. This vulnerabilitiy has been addressed....
8.3AI Score
0.0004EPSS
(RHSA-2024:2707) Important: Red Hat Build of Apache Camel security update
Red Hat build of Apache Camel 4.4.0 for Spring Boot release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Security Fix(es): xnio: StackOverflowException when the chain of notifier states becomes problematically big...
8AI Score
0.007EPSS
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...
6.5AI Score
0.011EPSS
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...
7AI Score
0.008EPSS
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
7AI Score
0.003EPSS
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
7AI Score
0.003EPSS
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
7AI Score
0.003EPSS
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...
7AI Score
0.008EPSS
Apache Camel's camel-jackson and camel-jacksonxml components are vulnerable to Java object de-serialisation vulnerability. Camel allows to specify such a type through the 'CamelJacksonUnmarshalType' property. De-serializing untrusted data can lead to security flaws as demonstrated in various...
9.8CVSS
9.5AI Score
0.088EPSS
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...
6.5AI Score
0.011EPSS
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
7AI Score
0.007EPSS
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
7AI Score
0.003EPSS
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
7AI Score
0.003EPSS
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...
7AI Score
0.004EPSS
Debian DLA-1943-1 : jackson-databind security update
More deserialization flaws were discovered in jackson-databind relating to the classes in com.zaxxer.hikari.HikariConfig, com.zaxxer.hikari.HikariDataSource, commons-dbcp and com.p6spy.engine.spy.P6DataSource, which could allow an unauthenticated user to perform remote code execution. The issue...
10AI Score
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...
6.5AI Score
0.008EPSS
Injection com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
This High severity com.fasterxml.jackson.core:jackson-databind Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This com.fasterxml.jackson.core:jackson-databind Dependency vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of...
6.5AI Score
0.008EPSS