VYPR

Jackson Databind

by Fasterxml

Source repositories

CVEs (26)

  • CVE-2018-14719Jan 2, 2019
    risk 0.00cvss epss 0.10

    FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.

  • CVE-2018-19360Jan 2, 2019
    risk 0.00cvss epss 0.11

    FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.

  • CVE-2018-19361Jan 2, 2019
    risk 0.00cvss epss 0.11

    FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.

  • CVE-2018-14718Jan 2, 2019
    risk 0.00cvss epss 0.13

    FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.

  • CVE-2018-14720Jan 2, 2019
    risk 0.00cvss epss 0.08

    FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

  • CVE-2018-14721Jan 2, 2019
    risk 0.00cvss epss 0.10

    FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.

Page 2 of 2