CPE-29D48F0C-1717-42EC-AD50-66E972F412B6 Detail

CPE Details

FasterXML Jackson-databind 2.8.11.5

Vendor

fasterxml

Product

jackson-databind

Version

2.8.11.5

Created

2020-03-03
16h30 +00:00

Modified

2023-09-12
18h28 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:fasterxml:jackson-databind:2.8.11.5:::::::*

Informations

Vendor

fasterxml

Product

jackson-databind

Version

2.8.11.5

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2023-35116	2023-06-13 22h00 +00:00	jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.	4.7	Medium
CVE-2020-10650	2022-12-26 00h00 +00:00	A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider.	8.1	High
CVE-2022-42003	2022-10-01 22h00 +00:00	In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.	7.5	High
CVE-2022-42004	2022-10-01 22h00 +00:00	In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.	7.5	High
CVE-2020-36518	2022-03-10 23h00 +00:00	jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.	7.5	High
CVE-2021-20190	2021-01-19 15h27 +00:00	A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.	8.1	High
CVE-2020-36179	2021-01-06 21h30 +00:00	FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.	8.8	High
CVE-2020-36180	2021-01-06 21h30 +00:00	FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.	8.8	High
CVE-2020-36182	2021-01-06 21h30 +00:00	FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.	8.8	High
CVE-2020-36183	2021-01-06 21h30 +00:00	FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.	8.1	High
CVE-2020-36184	2021-01-06 21h30 +00:00	FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.	8.8	High
CVE-2020-36185	2021-01-06 21h29 +00:00	FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.	8.1	High
CVE-2020-36186	2021-01-06 21h29 +00:00	FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.	8.1	High
CVE-2020-36187	2021-01-06 21h29 +00:00	FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.	8.1	High
CVE-2020-36188	2021-01-06 21h29 +00:00	FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.	8.1	High
CVE-2020-36189	2021-01-06 21h29 +00:00	FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.	8.1	High
CVE-2020-36181	2021-01-06 21h29 +00:00	FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.	8.8	High
CVE-2020-35490	2020-12-17 17h43 +00:00	FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.	8.1	High
CVE-2020-35491	2020-12-17 17h43 +00:00	FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.	8.1	High
CVE-2020-24750	2020-09-17 16h39 +00:00	FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.	8.1	High
CVE-2020-24616	2020-08-25 15h04 +00:00	FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).	8.1	High
CVE-2020-10969	2020-03-26 11h43 +00:00	FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.	8.8	High
CVE-2020-9546	2020-03-02 02h59 +00:00	FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).	9.8	Critical
CVE-2020-9547	2020-03-02 02h59 +00:00	FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).	9.8	Critical
CVE-2020-9548	2020-03-02 02h58 +00:00	FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).	9.8	Critical

FasterXML Jackson-databind 2.8.11.5

CPE Details

CPE Name: cpe:2.3:a:fasterxml:jackson-databind:2.8.11.5:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:fasterxml:jackson-databind:2.8.11.5:::::::*