Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2020-36518

Published: 11/03/2022 Updated: 29/11/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Jackson-databind

Vulnerability Summary

jackson-databind prior to 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fasterxml jackson-databind

oracle weblogic server 12.2.1.3.0

oracle commerce platform 11.3.1

oracle utilities framework 4.3.0.5.0

oracle utilities framework 4.3.0.6.0

oracle utilities framework 4.4.0.0.0

oracle weblogic server 12.2.1.4.0

oracle peoplesoft enterprise peopletools 8.58

oracle primavera unifier 19.12

oracle sd-wan edge 9.0

oracle weblogic server 14.1.1.0.0

oracle coherence 14.1.1.0.0

oracle utilities framework 4.4.0.2.0

oracle global lifecycle management nextgen oui framework 13.9.4.2.2

oracle primavera unifier 20.12

oracle peoplesoft enterprise peopletools 8.59

oracle primavera gateway

oracle utilities framework 4.4.0.3.0

oracle sd-wan edge 9.1

oracle commerce platform 11.3.0

oracle commerce platform 11.3.2

oracle primavera unifier 21.12

oracle financial services trade-based anti money laundering 8.0.7

oracle financial services trade-based anti money laundering 8.0.8

oracle financial services behavior detection platform 8.0.8

oracle big data spatial and graph

oracle financial services enterprise case management 8.0.8.1

oracle financial services enterprise case management 8.0.7.1

oracle financial services enterprise case management 8.0.8.0

oracle communications cloud native core console 1.9.0

oracle communications cloud native core network slice selection function 22.1.0

oracle financial services analytical applications infrastructure 8.1.2.0

oracle financial services analytical applications infrastructure 8.1.1.0

oracle financial services enterprise case management 8.0.7.2

oracle communications billing and revenue management

oracle communications cloud native core binding support function 22.1.3

oracle financial services crime and compliance management studio 8.0.8.2.0

oracle financial services crime and compliance management studio 8.0.8.3.0

oracle communications cloud native core network repository function 22.2.0

oracle communications cloud native core security edge protection proxy 22.1.1

oracle communications cloud native core network repository function 22.1.2

oracle communications cloud native core unified data repository 22.2.0

oracle utilities framework 4.4.0.5.0

oracle global lifecycle management nextgen oui framework

oracle financial services analytical applications infrastructure 8.1.2.1

oracle financial services enterprise case management

oracle retail sales audit 15.0.3.1

oracle health sciences empirica signal 9.1.0.5.2

oracle spatial studio

oracle primavera unifier 18.0

oracle financial services behavior detection platform 8.0.7.0.0

oracle financial services behavior detection platform

oracle primavera p6 enterprise project portfolio management

oracle primavera unifier

oracle financial services analytical applications infrastructure

oracle communications cloud native core service communication proxy 22.2.0

oracle communications cloud native core network slice selection function 22.1.1

oracle global lifecycle management opatch

oracle graph server and client

debian debian linux 9.0

debian debian linux 10.0

debian debian linux 11.0

netapp snap creator framework -

netapp oncommand workflow automation -

netapp oncommand insight -

netapp active iq unified manager -

netapp cloud insights acquisition unit -

Vendor Advisories

Debian CVElist Bug Report Logs: jackson-databind: CVE-2020-36518 - denial of service via a large depth of nested objects
Debian Bug report logs - #1007109 jackson-databind: CVE-2020-36518 - denial of service via a large depth of nested objects Package: src:jackson-databind; Maintainer for src:jackson-databind is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Neil Williams <codehelp@debianorg> Date: ...
Debian Security Advisories: DSA-5283-1 jackson-databind -- security update
Several flaws were discovered in jackson-databind, a fast and powerful JSON library for Java CVE-2020-36518 Java StackOverflow exception and denial of service via a large depth of nested objects CVE-2022-42003 In FasterXML jackson-databind resource exhaustion can occur because of a lack of a check in primitive value deserializers ...
Red Hat: Moderate: Red Hat Single Sign-On 7.5.3 security update on RHEL 7
Synopsis Moderate: Red Hat Single Sign-On 753 security update on RHEL 7 Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 753 packages are now available for Red Hat Enterprise Linux 7Red Hat P ...
Red Hat: Moderate: Red Hat Integration Camel-K 1.8 security update
Synopsis Moderate: Red Hat Integration Camel-K 18 security update Type/Severity Security Advisory: Moderate Topic A minor version update is now available for Red Hat Integration Camel K The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update as havi ...
Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 7.4.5 security update
Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 745 security update Type/Severity Security Advisory: Moderate Topic A security update is now available for Red Hat JBoss Enterprise Application Platform 74Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring S ...
Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 8
Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 745 security update on RHEL 8 Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Application P ...
Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7
Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 745 security update on RHEL 7 Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic A security update is now available for Red Hat JBoss Enterprise Application P ...
Red Hat: Moderate: Red Hat build of Eclipse Vert.x 4.2.7 security update
Synopsis Moderate: Red Hat build of Eclipse Vertx 427 security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat build of Eclipse VertxRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a d ...
Red Hat: Moderate: Red Hat Single Sign-On 7.6.1 security update
Synopsis Moderate: Red Hat Single Sign-On 761 security update Type/Severity Security Advisory: Moderate Topic A security update is now available for Red Hat Single Sign-On 76 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base sco ...
Red Hat: Moderate: Red Hat Single Sign-On 7.5.3 security update
Synopsis Moderate: Red Hat Single Sign-On 753 security update Type/Severity Security Advisory: Moderate Topic A security update is now available for Red Hat Single Sign-On 75 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base sco ...
Red Hat: Moderate: Red Hat Single Sign-On 7.6.1 security update on RHEL 9
Synopsis Moderate: Red Hat Single Sign-On 761 security update on RHEL 9 Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 761 packages are now available for Red Hat Enterprise Linux 9Red Hat P ...
Red Hat: Moderate: Red Hat Single Sign-On 7.6.1 security update on RHEL 8
Synopsis Moderate: Red Hat Single Sign-On 761 security update on RHEL 8 Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 761 packages are now available for Red Hat Enterprise Linux 8Red Hat P ...
Red Hat: Moderate: Red Hat Single Sign-On 7.6.1 security update on RHEL 7
Synopsis Moderate: Red Hat Single Sign-On 761 security update on RHEL 7 Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 761 packages are now available for Red Hat Enterprise Linux 7Red Hat P ...
Red Hat: Important: Red Hat AMQ Broker 7.10.0 release and security update
Synopsis Important: Red Hat AMQ Broker 7100 release and security update Type/Severity Security Advisory: Important Topic Red Hat AMQ Broker 7100 is now available from the Red Hat Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Red Hat: Important: Red Hat AMQ Streams 2.2.0 release and security update
Synopsis Important: Red Hat AMQ Streams 220 release and security update Type/Severity Security Advisory: Important Topic Red Hat AMQ Streams 220 is now available from the Red Hat Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Red Hat: Moderate: jackson security update
Synopsis Moderate: jackson security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base is now availab ...
Red Hat: Moderate: Red Hat OpenShift (Logging Subsystem) security update
Synopsis Moderate: Red Hat OpenShift (Logging Subsystem) security update Type/Severity Security Advisory: Moderate Topic An update for Logging Subsystem (560) is now available for Red Hat OpenShift Container PlatformRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System ...
Red Hat: Moderate: Logging Subsystem 5.5.5 - Red Hat OpenShift security update
Synopsis Moderate: Logging Subsystem 555 - Red Hat OpenShift security update Type/Severity Security Advisory: Moderate Topic Logging Subsystem 555 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severi ...
Red Hat: Moderate: Red Hat Single Sign-On 7.5.3 security update on RHEL 8
Synopsis Moderate: Red Hat Single Sign-On 753 security update on RHEL 8 Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 753 packages are now available for Red Hat Enterprise Linux 8Red Hat P ...
Red Hat: Important: Red Hat Process Automation Manager 7.13.1 security update
Synopsis Important: Red Hat Process Automation Manager 7131 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Process Automation ManagerRed Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which gives ...
Red Hat: Important: Red Hat AMQ Streams 2.4.0 release and security update
概述 Important: Red Hat AMQ Streams 240 release and security update 类型/严重性 Security Advisory: Important 标题 Red Hat AMQ Streams 240 is now available from the Red Hat Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...
Red Hat: Moderate: Red Hat Data Grid 8.3.1 security update
Synopsis Moderate: Red Hat Data Grid 831 security update Type/Severity Security Advisory: Moderate Topic An update for Red Hat Data Grid is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is ...
Red Hat: Moderate: Logging Subsystem 5.4.8 - Red Hat OpenShift security update
Synopsis Moderate: Logging Subsystem 548 - Red Hat OpenShift security update Type/Severity Security Advisory: Moderate Topic An update is now available for Logging subsystem for Red Hat OpenShift 54Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base scor ...
Red Hat: Moderate: Red Hat build of Quarkus 2.7.6 release and security update
Synopsis Moderate: Red Hat build of Quarkus 276 release and security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat build of Quarkus Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a de ...
Red Hat: Moderate: Openshift Logging 5.3.14 bug fix release and security update
Synopsis Moderate: Openshift Logging 5314 bug fix release and security update Type/Severity Security Advisory: Moderate Topic Openshift Logging Bug Fix Release (5314)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severi ...
Red Hat: Important: Red Hat Fuse 7.11.0 release and security update
Synopsis Important: Red Hat Fuse 7110 release and security update Type/Severity Security Advisory: Important Topic A minor version update (from 710 to 711) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update ...
Red Hat:
jackson-databind before 2130 allows a Java StackOverflow exception and denial of service via a large depth of nested objects ...
Hitachi Security Advisories: Vulnerability in Cosminexus
A vulnerability (CVE-2020-36518) exists in Cosminexus Component Container Affected products and versions are listed below Please upgrade your version to the appropriate version These vulnerabilities exist in Cosminexus Component Container which is a component product of other Hitachi products For details about the fixed version about Cosminex ...
Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services
Multiple vulnerabilities have been found in Hitachi Ops Center Common Services CVE-2020-36518, CVE-2021-43797, CVE-2022-0839, CVE-2022-22968 Affected products and versions are listed below Please upgrade your version to the appropriate version ...
Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services
Multiple vulnerabilities have been found in Hitachi Ops Center Common Services CVE-2020-8908, CVE-2020-14326, CVE-2020-25633, CVE-2020-36518, CVE-2021-20289, CVE-2021-21290, CVE-2021-46877, CVE-2022-3782, CVE-2022-4147, CVE-2022-40151, CVE-2022-40152, CVE-2022-41915, CVE-2022-41946, CVE-2022-41966, CVE-2023-0091, CVE-2023-1370, CVE-2023-28708 ...
Hitachi Security Advisories: DoS Vulnerability in Hitachi Automation Director and Hitachi Ops Center Automator
DoS Vulnerability (CVE-2020-36518) have been found in Hitachi Automation Director and Hitachi Ops Center Automator Affected products and versions are listed below Please upgrade your version to the appropriate version To find fixed products, need to find same number following product name in [Affected products] and [Fixed products] ...
Hitachi Security Advisories: Vulnerability in Hitachi Command Suite, Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center
A vulnerability (CVE-2020-36518) exists in Hitachi Command Suite, Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Affected products and versions are listed below Please upgrade your version to the appropriate version The product name in Hitachi Command Suite is changed in Hitachi Ops Center series o ...

Github Repositories

https://github.com/ghillert/boot-jackson-cve

Reproduction of CVE-2020-36518 in Spring Boot 2.5.10

Reproduction of CVE-2020-36518 in Spring Boot 2510 Execute: /mvnw clean verify It will fail with: [ERROR] Failed to execute goal orgowasp:dependency-check-maven:700:check (default) on project jackson-demo: [ERROR] [ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to �

https://github.com/Azure/kafka-sink-azure-kusto

Kafka sink for Kusto

Azure Data Explorer Kafka Connect Kusto Sink Connector This repository contains the source code of the Kafka Connect Kusto sink connector "Kusto" is the Microsoft internal project code name for Azure Data Explorer, Microsoft Azure's big data analytical database PaaS offering Topics covered Azure Data Explorer Kafka Connect Kusto Sink Connector Topics covered

https://github.com/viesti/timbre-json-appender

JSON appender for Timbre

timbre-json-appender A structured log appender for Timbre using jsonista Makes extracting data from logs easier in for example AWS CloudWatch Logs and GCP Stackdriver Logging A Timbre log invocation maps to JSON messages the following way: (timbre/error (IllegalStateException "Not logged in") "Action failure" :user-id 1) => {"timestamp"

https://github.com/jeremybrooks/jinx

Flickr API wrapper written in Java.

Jinx - Flickr API for Java Jinx is a Java interface to the Flickr API The project goals are: Simple and straightforward to use Complete coverage of the Flickr API Minimal library requirements Using Jinx First, go to developerflickrcom and familiarize yourself with the Flickr API The package netjeremybrooksjinxapi contains a class for each section of the Flickr API Eac

References

CWE-787https://github.com/FasterXML/jackson-databind/issues/2816https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://lists.debian.org/debian-lts-announce/2022/05/msg00001.htmlhttps://security.netapp.com/advisory/ntap-20220506-0004/https://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.debian.org/security/2022/dsa-5283https://lists.debian.org/debian-lts-announce/2022/11/msg00035.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007109https://nvd.nist.govhttps://github.com/ghillert/boot-jackson-cvehttps://www.debian.org/security/2022/dsa-5283
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook