Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jackson vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2017-4995
An issue exists in Pivotal Spring Security 4.2.0.RELEASE up to and including 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vu...
Vmware Spring Security 4.2.1
Vmware Spring Security 4.2.2
Vmware Spring Security 5.0.0
Vmware Spring Security 4.2.0
7.5
CVSSv3
CVE-2023-3894
Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of serv...
Fasterxml Jackson-dataformats-text
7.5
CVSSv3
CVE-2021-46877
jackson-databind 2.10.x up to and including 2.12.x prior to 2.12.6 and 2.13.x prior to 2.13.1 allows malicious users to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.
Fasterxml Jackson-databind
Fasterxml Jackson-databind 2.13.0
7.5
CVSSv3
CVE-2022-42003
In FasterXML jackson-databind prior to 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
Fasterxml Jackson-databind
Quarkus Quarkus
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Oncommand Workflow Automation -
6 Github repositories
7.5
CVSSv3
CVE-2022-42004
In FasterXML jackson-databind prior to 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
Fasterxml Jackson-databind
Quarkus Quarkus
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Oncommand Workflow Automation -
4 Github repositories
7.5
CVSSv3
CVE-2020-36518
jackson-databind prior to 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
Fasterxml Jackson-databind
Oracle Weblogic Server 12.2.1.3.0
Oracle Commerce Platform 11.3.1
Oracle Utilities Framework 4.3.0.5.0
Oracle Utilities Framework 4.3.0.6.0
Oracle Utilities Framework 4.4.0.0.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Primavera Unifier 19.12
Oracle Sd-wan Edge 9.0
Oracle Weblogic Server 14.1.1.0.0
Oracle Coherence 14.1.1.0.0
Oracle Utilities Framework 4.4.0.2.0
Oracle Global Lifecycle Management Nextgen Oui Framework 13.9.4.2.2
Oracle Primavera Unifier 20.12
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Primavera Gateway
Oracle Utilities Framework 4.4.0.3.0
Oracle Sd-wan Edge 9.1
Oracle Commerce Platform 11.3.0
Oracle Commerce Platform 11.3.2
Oracle Primavera Unifier 21.12
4 Github repositories
7.5
CVSSv3
CVE-2020-28491
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and prior to 2.11.4, from 2.12.0-rc1 and prior to 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.
Fasterxml Jackson-dataformats-binary
Fasterxml Jackson-dataformats-binary 2.12.0
Quarkus Quarkus
Oracle Weblogic Server 12.2.1.3.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
1 Github repository
7.5
CVSSv3
CVE-2020-25649
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
Fasterxml Jackson-databind
Netapp Oncommand Workflow Automation -
Netapp Service Level Manager -
Netapp Oncommand Api Services -
Fedoraproject Fedora 32
Quarkus Quarkus
Apache Iotdb
Oracle Webcenter Portal 12.2.1.3.0
Oracle Banking Platform 2.6.2
Oracle Utilities Framework 4.3.0.5.0
Oracle Utilities Framework 4.3.0.6.0
Oracle Utilities Framework 4.4.0.0.0
Oracle Agile Plm 9.3.6
Oracle Coherence 12.2.1.4.0
Oracle Webcenter Portal 12.2.1.4.0
Oracle Sd-wan Edge 9.0
Oracle Coherence 14.1.1.0.0
Oracle Utilities Framework 4.4.0.2.0
Oracle Communications Billing And Revenue Management 12.0.0.3.0
Oracle Communications Billing And Revenue Management 7.5.0.23.0
Oracle Communications Services Gatekeeper 7.0
Oracle Banking Platform 2.7.0
1 Github repository
1 Article
7.5
CVSSv3
CVE-2019-10172
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.
Fasterxml Jackson-mapper-asl
Redhat Jboss Enterprise Application Platform 7.0
Redhat Jboss Fuse 7.0.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Apache Spark 3.0.1
1 Github repository
7.5
CVSSv3
CVE-2019-14439
A Polymorphic Typing issue exists in FasterXML jackson-databind 2.x prior to 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
Fasterxml Jackson-databind
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Apache Drill 1.16.0
Redhat Jboss Middleware Text-only Advisories 1.0
Oracle Retail Xstore Point Of Service 15.0
Oracle Banking Platform 2.4.0
Oracle Retail Xstore Point Of Service 7.1
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Banking Platform 2.4.1
Oracle Primavera Gateway 16.1
Oracle Primavera Gateway 16.2
Oracle Primavera Gateway 15.2
Oracle Banking Platform 2.5.0
Oracle Retail Xstore Point Of Service 16.0
Oracle Jd Edwards Enterpriseone Orchestrator 9.2
Oracle Banking Platform 2.6.0
Oracle Banking Platform 2.6.1
Oracle Retail Customer Management And Segmentation Foundation 17.0
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »