pkg:Maven/com.fasterxml.jackson.core:jackson-databind

69 total CVEsCRITICAL25HIGH42MEDIUM2

✅ Check your installed version

All known vulnerabilities

  • CRITICAL10.0CVE-2018-14721Server-Side Request Forgery (SSRF) in jackson-databind
    >= 2.9.0, < 2.9.7
  • CRITICAL9.8CVE-2019-17267jackson-databind - security update
    >= 2.9.0, < 2.9.10
  • CRITICAL9.8CVE-2020-9547jackson-databind mishandles the interaction between serialization gadgets and typing
    >= 2.9.0, < 2.9.10.4
  • CRITICAL9.8CVE-2019-14893Polymorphic deserialization of malicious object in jackson-databind
    >= 2.9.0, < 2.9.10
  • CRITICAL9.8CVE-2020-9548jackson-databind mishandles the interaction between serialization gadgets and typing
    >= 2.9.0, < 2.9.10.4
  • CRITICAL9.8CVE-2020-9546jackson-databind mishandles the interaction between serialization gadgets and typing
    >= 2.9.0, < 2.9.10.4
  • CRITICAL9.8CVE-2020-8840Deserialization of Untrusted Data in jackson-databind
    >= 2.0.0, < 2.6.7.4
  • CRITICAL9.8CVE-2019-20330jackson-databind - security update
    >= 2.0.0, < 2.6.7.4
  • CRITICAL9.8CVE-2019-17531jackson-databind polymorphic typing issue
    >= 2.9.0, < 2.9.10.1
  • CRITICAL9.8CVE-2019-16943jackson-databind polymorphic typing issue
    >= 2.9.0, < 2.9.10.1
  • CRITICAL9.8CVE-2019-16942Polymorphic Typing in FasterXML jackson-databind
    >= 2.9.0, < 2.9.10.1
  • CRITICAL9.8CVE-2019-16335Polymorphic Typing issue in FasterXML jackson-databind
    >= 2.9.0, < 2.9.10
  • CRITICAL9.8CVE-2019-14540jackson-databind - security update
    >= 2.9.0, < 2.9.10
  • CRITICAL9.8CVE-2019-14379jackson-databind - security update
    >= 2.9.0, < 2.9.9.2
  • CRITICAL9.8CVE-2018-11307jackson-databind - security update
    >= 2.0.0, < 2.7.9.4
  • CRITICAL9.8CVE-2018-14719Arbitrary Code Execution in jackson-databind
    >= 2.9.0, < 2.9.7
  • CRITICAL9.8CVE-2018-14720XML External Entity Reference (XXE) in jackson-databind
    >= 2.9.0, < 2.9.7
  • CRITICAL9.8CVE-2018-19362com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data
    >= 2.9.0, < 2.9.8
  • CRITICAL9.8CVE-2018-19361Deserialization of Untrusted Data in jackson-databind
    >= 2.7.0, < 2.7.9.5
  • CRITICAL9.8CVE-2018-19360Deserialization of Untrusted Data in jackson-databind due to polymorphic deserialization
    >= 2.9.0, < 2.9.8
  • CRITICAL9.8CVE-2018-14718Arbitrary Code Execution in jackson-databind
    >= 2.9.0, < 2.9.7
  • CRITICAL9.8CVE-2017-17485jackson-databind - security update
    >= 2.9.0, < 2.9.4
  • CRITICAL9.8CVE-2017-15095jackson-databind - security update
    >= 2.8.0, < 2.8.11
  • CRITICAL9.8CVE-2018-7489jackson-databind - security update
    >= 2.8.0, < 2.8.11.1
  • CRITICAL9.8CVE-2017-7525jackson-databind - security update
    from 0, < 2.6.7.1
  • HIGH8.8CVE-2020-11112jackson-databind mishandles the interaction between serialization gadgets and typing
    >= 2.9.0, < 2.9.10.4
  • HIGH8.8CVE-2020-10673jackson-databind mishandles the interaction between serialization gadgets and typing
    >= 2.7.0, < 2.9.10.4
  • HIGH8.8CVE-2020-10968jackson-databind - security update
    >= 2.9.0, < 2.9.10.4
  • HIGH8.8CVE-2020-11111jackson-databind mishandles the interaction between serialization gadgets and typing
    >= 2.9.0, < 2.9.10.4
  • HIGH8.8CVE-2020-11113jackson-databind mishandles the interaction between serialization gadgets and typing
    >= 2.9.0, < 2.9.10.4
  • HIGH8.8CVE-2020-10969jackson-databind mishandles the interaction between serialization gadgets and typing
    >= 2.9.0, < 2.9.10.4
  • HIGH8.8CVE-2020-10672jackson-databind - security update
    >= 2.9.0, < 2.9.10.4
  • HIGH8.1CVE-2020-10650jackson-databind vulnerable to unsafe deserialization
    from 0, < 2.9.10.4
  • HIGH8.1CVE-2020-36189Unsafe Deserialization in jackson-databind
    >= 2.7.0, < 2.9.10.8
  • HIGH8.1CVE-2020-36187Unsafe Deserialization in jackson-databind
    >= 2.0.0, < 2.9.10.8
  • HIGH8.1CVE-2020-36188Unsafe Deserialization in jackson-databind
    >= 2.7.0, < 2.9.10.8
  • HIGH8.1CVE-2020-36183Unsafe Deserialization in jackson-databind
    >= 2.7.00, < 2.9.10.8
  • HIGH8.1CVE-2020-36184Unsafe Deserialization in jackson-databind
    >= 2.0.0, < 2.9.10.8
  • HIGH8.1CVE-2020-36180Unsafe Deserialization in jackson-databind
    >= 2.7.0, < 2.9.10.8
  • HIGH8.1CVE-2020-36181Unsafe Deserialization in jackson-databind
    >= 2.7.0, < 2.9.10.8
  • HIGH8.1CVE-2020-36185Unsafe Deserialization in jackson-databind
    >= 2.0.0, < 2.9.10.8
  • HIGH8.1CVE-2020-36179Unsafe Deserialization in jackson-databind
    >= 2.7.0, < 2.9.10.8
  • HIGH8.1CVE-2020-36182Unsafe Deserialization in jackson-databind
    >= 2.7.0, < 2.9.10.8
  • HIGH8.1CVE-2020-24750Unsafe Deserialization in jackson-databind
    >= 2.0, < 2.6.7.5
  • HIGH8.1CVE-2020-35728Serialization gadget exploit in jackson-databind
    >= 2.0.0, < 2.9.10.8
  • HIGH8.1CVE-2020-35491Serialization gadgets exploit in jackson-databind
    >= 2.0.0, < 2.9.10.8
  • HIGH8.1CVE-2020-35490Serialization gadgets exploit in jackson-databind
    >= 2.0.0, < 2.9.10.8
  • HIGH8.1CVE-2020-24616jackson-databind - security update
    >= 2.0.0, < 2.9.10.6
  • HIGH8.1CVE-2020-36186Unsafe Deserialization in jackson-databind
    >= 2.0.0, < 2.9.10.8
  • HIGH8.1CVE-2021-20190Deserialization of untrusted data in jackson-databind
    >= 2.7.0, < 2.9.10.7
  • HIGH8.1CVE-2018-5968Deserialization of Untrusted Data in jackson-databind
    >= 2.8.0, < 2.8.11.1
  • HIGH8.1CVE-2020-14061Deserialization of untrusted data in Jackson Databind
    >= 2.9.0, < 2.9.10.5
  • HIGH8.1CVE-2020-14062Deserialization of untrusted data in Jackson Databind
    >= 2.9.0, < 2.9.10.5
  • HIGH8.1CVE-2020-14060Deserialization of untrusted data in Jackson Databind
    >= 2.9.0, < 2.9.10.5
  • HIGH8.1CVE-2020-14195Deserialization of untrusted data in Jackson Databind
    >= 2.9.0, < 2.9.10.5
  • HIGH8.1CVE-2020-11619jackson-databind mishandles the interaction between serialization gadgets and typing
    >= 2.9.0, < 2.9.10.4
  • HIGH8.1CVE-2020-11620jackson-databind mishandles the interaction between serialization gadgets and typing
    >= 2.9.0, < 2.9.10.4
  • HIGH7.5CVE-2021-46877jackson-databind possible Denial of Service if using JDK serialization to serialize JsonNode
    >= 2.10.0, < 2.12.6
  • HIGH7.5CVE-2022-42004Uncontrolled Resource Consumption in FasterXML jackson-databind
    >= 2.4.0-rc1, < 2.12.7.1
  • HIGH7.5CVE-2022-42003Uncontrolled Resource Consumption in Jackson-databind
    >= 2.4.0-rc1, < 2.12.7.1
  • HIGH7.5CVE-2020-36518jackson-databind - security update
    >= 2.13.0, < 2.13.2.1
  • HIGH7.5CVE-2020-25649jackson-databind - security update
    >= 2.6.0, < 2.6.7.4
  • HIGH7.5CVE-2018-12023Deserialization of Untrusted Data
    >= 2.7.0, < 2.7.9.4
  • HIGH7.5CVE-2019-14892Polymorphic deserialization of malicious object in jackson-databind
    from 0, < 2.6.7.3
  • HIGH7.5CVE-2019-14439Deserialization of untrusted data in FasterXML jackson-databind
    >= 2.9.0, < 2.9.9.2
  • HIGH7.5CVE-2019-12086jackson-databind - security update
    >= 2.9.0, < 2.9.9
  • HIGH7.5CVE-2018-12022jackson-databind Deserialization of Untrusted Data vulnerability
    from 0, < 2.7.9.4
  • MEDIUM5.9CVE-2019-12814Deserialization of untrusted data in FasterXML jackson-databind
    >= 2.9.0, < 2.9.9.1
  • MEDIUM5.9CVE-2019-12384jackson-databind - security update
    >= 2.9.0, < 2.9.9.1