FasterXML 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk ssrf、パス処理の欠陥、vendor risk input validation, and バッファオーバーフロー があり、vendor surface production workloads and vendor surface software deployment の利用場面で アプリケーションクラッシュ、vendor impact unexpected behavior, and ファイル上書き などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2020-36184 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. | [email protected] | 8.1 | 10.38% | 2021-01-06 | 2026-06-16 |
| CVE-2020-36181 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS. | [email protected] | 8.1 | 5.02% | 2021-01-06 | 2026-06-16 |
| CVE-2020-35728 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). | [email protected] | 8.1 | 12.50% | 2020-12-27 | 2026-06-16 |
| CVE-2020-35491 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. | [email protected] | 8.1 | 9.48% | 2020-12-17 | 2026-06-16 |
| CVE-2020-35490 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. | [email protected] | 8.1 | 7.69% | 2020-12-17 | 2026-06-16 |
| CVE-2020-25649 | A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. | [email protected] | 7.5 | 17.61% | 2020-12-03 | 2026-06-16 |
| CVE-2020-24750 | FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. | [email protected] | 8.1 | 7.27% | 2020-09-17 | 2026-06-16 |
| CVE-2020-24616 | FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). | [email protected] | 8.1 | 9.35% | 2020-08-25 | 2026-06-16 |
| CVE-2020-14195 | FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). | [email protected] | 8.1 | 4.51% | 2020-06-16 | 2026-06-16 |
| CVE-2020-14060 | FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). | [email protected] | 8.1 | 8.61% | 2020-06-14 | 2026-06-16 |
| CVE-2020-14062 | FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). | [email protected] | 8.1 | 8.07% | 2020-06-14 | 2026-06-16 |
| CVE-2020-14061 | FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms). | [email protected] | 8.1 | 4.42% | 2020-06-14 | 2026-06-16 |
| CVE-2020-11620 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). | [email protected] | 8.1 | 5.59% | 2020-04-07 | 2026-06-16 |
| CVE-2020-11619 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). | [email protected] | 8.1 | 3.58% | 2020-04-07 | 2026-06-16 |
| CVE-2020-11113 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). | [email protected] | 8.8 | 6.28% | 2020-03-31 | 2026-06-16 |
| CVE-2020-11112 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). | [email protected] | 8.8 | 3.55% | 2020-03-31 | 2026-06-16 |
| CVE-2020-11111 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). | [email protected] | 8.8 | 3.49% | 2020-03-31 | 2026-06-16 |
| CVE-2020-10969 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. | [email protected] | 8.8 | 3.47% | 2020-03-26 | 2026-06-16 |
| CVE-2020-10968 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). | [email protected] | 8.8 | 3.54% | 2020-03-26 | 2026-06-16 |
| CVE-2020-10673 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). | [email protected] | 8.8 | 7.96% | 2020-03-18 | 2026-06-16 |