VYPR

Maven package

com.fasterxml.jackson.core/jackson-databind

pkg:maven/com.fasterxml.jackson.core/jackson-databind

Vulnerabilities (76)

  • CVE-2020-36186HigJan 6, 2021
    affected >= 2.0.0, < 2.9.10.8fixed 2.9.10.8

    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.

  • CVE-2020-36185HigJan 6, 2021
    affected >= 2.0.0, < 2.9.10.8fixed 2.9.10.8

    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.

  • CVE-2020-36184HigJan 6, 2021
    affected >= 2.0.0, < 2.9.10.8fixed 2.9.10.8

    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.

  • CVE-2020-36181HigJan 6, 2021
    affected >= 2.7.0, < 2.9.10.8fixed 2.9.10.8

    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.

  • CVE-2020-35728HigDec 27, 2020
    affected >= 2.0.0, < 2.9.10.8fixed 2.9.10.8

    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).

  • CVE-2020-35491HigDec 17, 2020
    affected >= 2.0.0, < 2.9.10.8fixed 2.9.10.8

    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.

  • CVE-2020-35490HigDec 17, 2020
    affected >= 2.0.0, < 2.9.10.8fixed 2.9.10.8

    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.

  • CVE-2020-25649HigDec 3, 2020
    affected >= 2.6.0, < 2.6.7.4fixed 2.6.7.4

    A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

  • CVE-2020-24750HigSep 17, 2020
    affected >= 2.0, < 2.6.7.5fixed 2.6.7.5

    FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.

  • CVE-2020-24616HigAug 25, 2020
    affected >= 2.0.0, < 2.9.10.6fixed 2.9.10.6

    FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).

  • CVE-2020-14195HigJun 16, 2020
    affected >= 2.9.0, < 2.9.10.5fixed 2.9.10.5

    FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).

  • CVE-2020-14060HigJun 14, 2020
    affected >= 2.9.0, < 2.9.10.5fixed 2.9.10.5

    FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).

  • CVE-2020-14062HigJun 14, 2020
    affected >= 2.9.0, < 2.9.10.5fixed 2.9.10.5

    FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).

  • CVE-2020-14061HigJun 14, 2020
    affected >= 2.9.0, < 2.9.10.5fixed 2.9.10.5

    FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnecti

  • CVE-2020-11620HigApr 7, 2020
    affected >= 2.9.0, < 2.9.10.4fixed 2.9.10.4

    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).

  • CVE-2020-11619HigApr 7, 2020
    affected >= 2.9.0, < 2.9.10.4fixed 2.9.10.4

    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).

  • CVE-2020-11113HigMar 31, 2020
    affected >= 2.9.0, < 2.9.10.4fixed 2.9.10.4

    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).

  • CVE-2020-11112HigMar 31, 2020
    affected >= 2.9.0, < 2.9.10.4fixed 2.9.10.4

    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).

  • CVE-2020-11111HigMar 31, 2020
    affected >= 2.9.0, < 2.9.10.4fixed 2.9.10.4

    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).

  • CVE-2020-10969HigMar 26, 2020
    affected >= 2.9.0, < 2.9.10.4fixed 2.9.10.4

    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.