Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jackson-databind vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-12814
A Polymorphic Typing issue exists in FasterXML jackson-databind 2.x up to and including 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker...
Fasterxml Jackson-databind
Debian Debian Linux 8.0
3 Github repositories
3.5
CVSSv2
CVE-2019-2956
Vulnerability in the Core RDBMS (jackson-databind) component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access vi...
Oracle Database Server 12.2.0.1
Oracle Database Server 18c
Oracle Database Server 19c
Oracle Database Server 12.1.0.2
NA
CVE-2023-35116
jackson-databind up to and including 2.15.2 allows malicious users to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps ...
Fasterxml Jackson-databind
NA
CVE-2021-46877
jackson-databind 2.10.x up to and including 2.12.x prior to 2.12.6 and 2.13.x prior to 2.13.1 allows malicious users to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.
Fasterxml Jackson-databind
Fasterxml Jackson-databind 2.13.0
NA
CVE-2020-10650
A deserialization flaw exists in jackson-databind up to and including 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory,...
Fasterxml Jackson-databind
Oracle Retail Merchandising System 15.0
Oracle Retail Sales Audit 14.1
NA
CVE-2022-42003
In FasterXML jackson-databind prior to 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
Fasterxml Jackson-databind
Quarkus Quarkus
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Oncommand Workflow Automation -
6 Github repositories
NA
CVE-2022-42004
In FasterXML jackson-databind prior to 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
Fasterxml Jackson-databind
Quarkus Quarkus
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Oncommand Workflow Automation -
4 Github repositories
NA
CVE-2019-14361
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-14439. Reason: This candidate is a reservation duplicate of CVE-2019-14439. Notes: All CVE users should reference CVE-2019-14439 instead of this candidate. All references and descriptions in this candidate ha...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7