Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jackson-databind vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-12086
A Polymorphic Typing issue exists in FasterXML jackson-databind 2.x prior to 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpa...
Fasterxml Jackson-databind
Debian Debian Linux 8.0
Debian Debian Linux 9.0
4 Github repositories
7.5
CVSSv3
CVE-2018-12022
An issue exists in FasterXML jackson-databind before 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provi...
Fasterxml Jackson-databind
Debian Debian Linux 9.0
Fedoraproject Fedora 29
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Retail Merchandising System 15.0
Redhat Openshift Container Platform 3.11
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Single Sign-on 7.3
Redhat Jboss Brms 6.4.10
Redhat Automation Manager 7.3.1
Redhat Decision Manager 7.3.1
7.5
CVSSv3
CVE-2018-12023
An issue exists in FasterXML jackson-databind before 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possi...
Fasterxml Jackson-databind
Debian Debian Linux 9.0
Fedoraproject Fedora 29
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Retail Merchandising System 15.0
Redhat Openshift Container Platform 3.11
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Single Sign-on 7.3
Redhat Jboss Brms 6.4.10
Redhat Automation Manager 7.3.1
Redhat Decision Manager 7.3.1
5.9
CVSSv3
CVE-2019-12384
FasterXML jackson-databind 2.x prior to 2.9.9.1 might allow malicious users to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.
Fasterxml Jackson-databind
Debian Debian Linux 8.0
Redhat Enterprise Linux 7.4
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 7.5
Redhat Enterprise Linux 7.6
Redhat Enterprise Linux 7.7
5 Github repositories
5.9
CVSSv3
CVE-2019-12814
A Polymorphic Typing issue exists in FasterXML jackson-databind 2.x up to and including 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker...
Fasterxml Jackson-databind
Debian Debian Linux 8.0
3 Github repositories
5.7
CVSSv3
CVE-2019-2956
Vulnerability in the Core RDBMS (jackson-databind) component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access vi...
Oracle Database Server 12.2.0.1
Oracle Database Server 18c
Oracle Database Server 19c
Oracle Database Server 12.1.0.2
4.7
CVSSv3
CVE-2023-35116
jackson-databind up to and including 2.15.2 allows malicious users to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps ...
Fasterxml Jackson-databind
NA
CVE-2019-14361
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-14439. Reason: This candidate is a reservation duplicate of CVE-2019-14439. Notes: All CVE users should reference CVE-2019-14439 instead of this candidate. All references and descriptions in this candidate ha...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7