Known Vulnerabilities for Jackson-databind by Fasterxml

Listed below are 10 of the newest known vulnerabilities associated with "Jackson-databind" by "Fasterxml".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2021-20190	A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and ...	8.1 - HIGH	2021-01-19	2023-11-07
CVE-2020-10969	FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related t...	8.8 - HIGH	2020-03-26	2023-11-07
CVE-2020-10968	FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related t...	8.8 - HIGH	2020-03-26	2023-11-07
CVE-2020-10673	FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related t...	8.8 - HIGH	2020-03-18	2023-11-07
CVE-2020-10672	FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related t...	8.8 - HIGH	2020-03-18	2023-11-07
CVE-2020-10650	A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform...	8.1 - HIGH	2022-12-26	2023-08-18
CVE-2020-9548	FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related t...	9.8 - CRITICAL	2020-03-02	2023-11-07
CVE-2020-9547	FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related t...	9.8 - CRITICAL	2020-03-02	2023-11-07
CVE-2020-9546	FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related t...	9.8 - CRITICAL	2020-03-02	2023-11-07
CVE-2020-8840	FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xb...	9.8 - CRITICAL	2020-02-10	2023-11-07

Results limited to 10 most recent vulnerabilities

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Fasterxml	Jackson-databind	2.9.9.4	All	All	All
Application	Fasterxml	Jackson-databind	2.9.9.3	All	All	All
Application	Fasterxml	Jackson-databind	2.9.9.2	All	All	All
Application	Fasterxml	Jackson-databind	2.9.9.1	All	All	All
Application	Fasterxml	Jackson-databind	2.9.9	All	All	All
Application	Fasterxml	Jackson-databind	2.9.8	All	All	All
Application	Fasterxml	Jackson-databind	2.9.7	All	All	All
Application	Fasterxml	Jackson-databind	2.9.6	All	All	All
Application	Fasterxml	Jackson-databind	2.9.5	All	All	All
Application	Fasterxml	Jackson-databind	2.9.4	All	All	All
Application	Fasterxml	Jackson-databind	2.9.3	All	All	All
Application	Fasterxml	Jackson-databind	2.9.2	All	All	All
Application	Fasterxml	Jackson-databind	2.9.10.8	All	All	All
Application	Fasterxml	Jackson-databind	2.9.10.7	All	All	All
Application	Fasterxml	Jackson-databind	2.9.10.6	All	All	All
Application	Fasterxml	Jackson-databind	2.9.10.5	All	All	All
Application	Fasterxml	Jackson-databind	2.9.10.4	All	All	All
Application	Fasterxml	Jackson-databind	2.9.10.3	All	All	All
Application	Fasterxml	Jackson-databind	2.9.10.2	All	All	All
Application	Fasterxml	Jackson-databind	2.9.10.1	All	All	All

Results limited to 20 most recent known configurations