Fasterxml

Jackson-databind

71 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2020-9548

  • EPSS 70.37%
  • Published 02.03.2020 04:15:11
  • Last modified 21.11.2024 05:40:50

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).

9.8

CVE-2020-9547

  • EPSS 53.63%
  • Published 02.03.2020 04:15:11
  • Last modified 21.11.2024 05:40:50

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).

9.8

CVE-2020-9546

  • EPSS 2.33%
  • Published 02.03.2020 04:15:10
  • Last modified 21.11.2024 05:40:50

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).

9.8

CVE-2020-8840

  • EPSS 8.16%
  • Published 10.02.2020 21:56:10
  • Last modified 21.11.2024 05:39:32

FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.

9.8

CVE-2019-20330

  • EPSS 2%
  • Published 03.01.2020 04:15:12
  • Last modified 21.11.2024 04:38:16

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.

9.8

CVE-2019-17531

  • EPSS 1.19%
  • Published 12.10.2019 21:15:08
  • Last modified 21.11.2024 04:32:27

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-ext...

9.8

CVE-2019-17267

  • EPSS 1.36%
  • Published 07.10.2019 00:15:10
  • Last modified 21.11.2024 04:31:59

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.

9.8

CVE-2019-16943

  • EPSS 1.84%
  • Published 01.10.2019 17:15:10
  • Last modified 21.11.2024 04:31:23

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) ja...

9.8

CVE-2019-16942

  • EPSS 0.44%
  • Published 01.10.2019 17:15:10
  • Last modified 21.11.2024 04:31:23

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1....

9.8

CVE-2019-16335

  • EPSS 0.74%
  • Published 15.09.2019 22:15:10
  • Last modified 21.11.2024 04:30:32

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.