Fasterxml Jackson-databind
10 CVEs affecting Fasterxml Jackson-databind. Latest disclosed: 2021-01-07. Critical: 1, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-9546 | Critical | 9.8 | 2020-03-02 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zax… |
CVE-2020-11113 | High | 8.8 | 2020-03-31 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistr… |
CVE-2020-11112 | High | 8.8 | 2020-03-31 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provide… |
CVE-2020-36183 | High | 8.1 | 2021-01-07 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib… |
CVE-2020-35728 | High | 8.1 | 2020-12-27 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache… |
CVE-2020-14060 | High | 8.1 | 2020-06-14 | FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JN… |
CVE-2020-14062 | High | 8.1 | 2020-06-14 | FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.interna… |
CVE-2020-11619 | High | 8.1 | 2020-04-07 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.M… |
CVE-2017-7525 | | 2018-02-06 | A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform… | |
CVE-2017-15095 | | 2018-02-06 | A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code ex… |