threat
engine
.sh
Back
·
··:··
Home
/
Product
/
fasterxml jackson databind
Product
fasterxml jackson databind
70 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-35116
< 2.16.0
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object tha
4.7
MEDIUM
CVE-2021-46877
>= 2.10.0 and < 2.12.6
jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB
7.5
HIGH
CVE-2020-10650
< 2.9.10.4
A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code
8.1
HIGH
CVE-2022-42004
< 2.12.7.1
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deser
7.5
HIGH
CVE-2022-42003
< 2.12.7.1
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check i
7.5
HIGH
CVE-2020-36518
< 2.12.6.1
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
7.5
HIGH
CVE-2021-20190
< 2.6.7.5
A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typin
8.1
HIGH
CVE-2020-36183
>= 2.0.0 and < 2.6.7.5
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-36182
>= 2.0.0 and < 2.6.7.5
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-36180
>= 2.0.0 and < 2.6.7.5
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-36179
>= 2.0.0 and < 2.6.7.5
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oad
8.1
HIGH
CVE-2020-36189
>= 2.0.0 and < 2.6.7.5
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com
8.1
HIGH
CVE-2020-36188
>= 2.0.0 and < 2.6.7.5
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com
8.1
HIGH
CVE-2020-36187
>= 2.0.0 and < 2.6.7.5
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-36186
>= 2.0.0 and < 2.6.7.5
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-36185
>= 2.0.0 and < 2.6.7.5
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-36184
>= 2.0.0 and < 2.6.7.5
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-36181
>= 2.0.0 and < 2.6.7.5
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-35728
>= 2.0.0 and < 2.6.7.5
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com
8.1
HIGH
CVE-2020-35491
>= 2.0.0 and < 2.9.10.8
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-35490
>= 2.0.0 and < 2.9.10.8
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-25649
>= 2.6.0 and < 2.6.7.4
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerab
7.5
HIGH
CVE-2020-24750
>= 2.0.0 and < 2.6.7.5
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com
8.1
HIGH
CVE-2020-24616
>= 2.0.0 and < 2.9.10.6
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.
8.1
HIGH
CVE-2020-14195
>= 2.9.0 and < 2.9.10.5
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-14060
>= 2.0.0 and < 2.9.10.5
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oad
8.1
HIGH
CVE-2020-14062
>= 2.0.0 and < 2.9.10.5
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com
8.1
HIGH
CVE-2020-14061
>= 2.9.0 and < 2.9.10.5
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to ora
8.1
HIGH
CVE-2020-11620
>= 2.9.0 and < 2.9.10.4
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-11619
>= 2.0.0 and < 2.9.10.4
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.1
HIGH
CVE-2020-11113
>= 2.0.0 and < 2.9.10.4
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8
HIGH
CVE-2020-11112
>= 2.0.0 and < 2.9.10.4
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8
HIGH
CVE-2020-11111
>= 2.9.0 and < 2.9.10.4
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8
HIGH
CVE-2020-10969
>= 2.7.0 and < 2.7.9.7
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to jav
8.8
HIGH
CVE-2020-10968
>= 2.9.0 and < 2.9.10.4
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8
HIGH
CVE-2020-10673
>= 2.0.0 and < 2.6.7.4
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com
8.8
HIGH
CVE-2020-10672
>= 2.9.0 and < 2.9.10.4
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8
HIGH
CVE-2019-14893
>= 2.8.0 and < 2.8.11.5
A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic de
9.8
CRITICAL
CVE-2019-14892
>= 2.0.0 and < 2.6.7.3
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deser
9.8
CRITICAL
CVE-2020-9548
>= 2.0.0 and < 2.7.9.7
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.
9.8
CRITICAL
CVE-2020-9547
>= 2.0.0 and < 2.7.9.7
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com
9.8
CRITICAL
CVE-2020-9546
>= 2.0.0 and < 2.7.9.7
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
9.8
CRITICAL
CVE-2020-8840
>= 2.0.0 and < 2.7.9.7
FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.p
9.8
CRITICAL
CVE-2019-20330
>= 2.0.0 and < 2.7.9.7
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
9.8
CRITICAL
CVE-2019-17531
>= 2.0.0 and < 2.6.7.3
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (eith
9.8
CRITICAL
CVE-2019-17267
>= 2.0.0 and < 2.8.11.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.E
9.8
CRITICAL
CVE-2019-16943
>= 2.0.0 and < 2.6.7.3
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (eith
9.8
CRITICAL
CVE-2019-16942
>= 2.0.0 and < 2.6.7.3
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (eith
9.8
CRITICAL
CVE-2019-16335
>= 2.0.0 and < 2.6.7.3
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDa
9.8
CRITICAL
CVE-2019-14540
>= 2.0.0 and < 2.6.7.3
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariCo
9.8
CRITICAL
CVE-2019-14439
>= 2.0.0 and < 2.6.7.3
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is ena
7.5
HIGH
CVE-2019-14379
>= 2.0.0 and < 2.6.7.3
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.
9.8
CRITICAL
CVE-2018-11307
>= 2.0.0 and < 2.6.7.3
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class
9.8
CRITICAL
CVE-2019-12384
>= 2.0.0 and < 2.6.7.3
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block th
5.9
MEDIUM
CVE-2019-12814
>= 2.0.0 and < 2.6.7.3
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either
5.9
MEDIUM
CVE-2019-12086
>= 2.0.0 and < 2.6.7.3
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either g
7.5
HIGH
CVE-2018-12023
>= 2.7.0 and < 2.7.9.4
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (eithe
7.5
HIGH
CVE-2018-12022
>= 2.0.0 and < 2.6.7.3
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (eithe
7.5
HIGH
CVE-2018-19362
>= 2.6.0 and <= 2.6.7.2
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jb
9.8
CRITICAL
CVE-2018-19361
>= 2.6.0 and <= 2.6.7.2
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the op
9.8
CRITICAL
CVE-2018-19360
>= 2.6.0 and <= 2.6.7.2
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the ax
9.8
CRITICAL
CVE-2018-14721
>= 2.6.0 and < 2.6.7.2
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by
10.0
CRITICAL
CVE-2018-14720
>= 2.6.0 and < 2.6.7.2
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failu
9.8
CRITICAL
CVE-2018-14719
>= 2.0.0 and < 2.6.7.3
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block
9.8
CRITICAL
CVE-2018-14718
>= 2.0.0 and < 2.6.7.3
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block
9.8
CRITICAL
CVE-2018-7489
< 2.7.9.3
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code executi
9.8
CRITICAL
CVE-2017-7525
< 2.6.7.1
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an un
9.8
CRITICAL
CVE-2017-15095
>= 2.0.0 and < 2.6.7.2
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenti
9.8
CRITICAL
CVE-2018-5968
>= 2.0.0 and < 2.6.7.3
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incom
8.1
HIGH
CVE-2017-17485
< 2.6.7.3
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incom
9.8
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin