Jackson Databind
by Fasterxml
Source repositories
CVEs (26)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-14719 | 0.00 | — | 0.10 | Jan 2, 2019 | FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. | |||
| CVE-2018-19360 | 0.00 | — | 0.11 | Jan 2, 2019 | FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. | |||
| CVE-2018-19361 | 0.00 | — | 0.11 | Jan 2, 2019 | FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. | |||
| CVE-2018-14718 | 0.00 | — | 0.13 | Jan 2, 2019 | FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. | |||
| CVE-2018-14720 | 0.00 | — | 0.08 | Jan 2, 2019 | FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. | |||
| CVE-2018-14721 | 0.00 | — | 0.10 | Jan 2, 2019 | FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. |
- CVE-2018-14719Jan 2, 2019risk 0.00cvss —epss 0.10
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
- CVE-2018-19360Jan 2, 2019risk 0.00cvss —epss 0.11
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
- CVE-2018-19361Jan 2, 2019risk 0.00cvss —epss 0.11
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
- CVE-2018-14718Jan 2, 2019risk 0.00cvss —epss 0.13
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
- CVE-2018-14720Jan 2, 2019risk 0.00cvss —epss 0.08
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
- CVE-2018-14721Jan 2, 2019risk 0.00cvss —epss 0.10
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
Page 2 of 2