Known Vulnerabilities for Jackson-databind by Fasterxml
Listed below are 10 of the newest known vulnerabilities associated with "Jackson-databind" by "Fasterxml".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-35116 json | ** DISPUTED ** jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via ... | 4.7 - MEDIUM | 2023-06-14 | 2023-12-07 |
| CVE-2022-42004 json | In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._... | 7.5 - HIGH | 2022-10-02 | 2022-12-02 |
| CVE-2022-42003 json | In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive valu... | 7.5 - HIGH | 2022-10-02 | 2023-12-20 |
| CVE-2021-46877 json | jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (... | 7.5 - HIGH | 2023-03-18 | 2023-08-08 |
| CVE-2021-20190 json | A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and ... | 8.1 - HIGH | 2021-01-19 | 2023-11-07 |
| CVE-2020-36518 json | jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested object... | 7.5 - HIGH | 2022-03-11 | 2022-11-29 |
| CVE-2020-36189 json | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related t... | 8.1 - HIGH | 2021-01-06 | 2023-09-13 |
| CVE-2020-36188 json | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related t... | 8.1 - HIGH | 2021-01-06 | 2023-09-13 |
| CVE-2020-36187 json | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related t... | 8.1 - HIGH | 2021-01-06 | 2023-09-13 |
| CVE-2020-36186 json | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related t... | 8.1 - HIGH | 2021-01-06 | 2023-09-13 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Fasterxml | Jackson-databind | 2.9.9.4 | |||
| Application | Fasterxml | Jackson-databind | 2.9.9.3 | |||
| Application | Fasterxml | Jackson-databind | 2.9.9.2 | |||
| Application | Fasterxml | Jackson-databind | 2.9.9.1 | |||
| Application | Fasterxml | Jackson-databind | 2.9.9 | |||
| Application | Fasterxml | Jackson-databind | 2.9.8 | |||
| Application | Fasterxml | Jackson-databind | 2.9.7 | |||
| Application | Fasterxml | Jackson-databind | 2.9.6 | |||
| Application | Fasterxml | Jackson-databind | 2.9.5 | |||
| Application | Fasterxml | Jackson-databind | 2.9.4 | |||
| Application | Fasterxml | Jackson-databind | 2.9.3 | |||
| Application | Fasterxml | Jackson-databind | 2.9.2 | |||
| Application | Fasterxml | Jackson-databind | 2.9.10.8 | |||
| Application | Fasterxml | Jackson-databind | 2.9.10.7 | |||
| Application | Fasterxml | Jackson-databind | 2.9.10.6 | |||
| Application | Fasterxml | Jackson-databind | 2.9.10.5 | |||
| Application | Fasterxml | Jackson-databind | 2.9.10.4 | |||
| Application | Fasterxml | Jackson-databind | 2.9.10.3 | |||
| Application | Fasterxml | Jackson-databind | 2.9.10.2 | |||
| Application | Fasterxml | Jackson-databind | 2.9.10.1 |