fasterxml jackson-databind CVE Vulnerabilities (78)

CVEs: 78 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting fasterxml jackson-databind (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 2140 of 78 CVEs
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2020-36188 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource. [email protected] 8.1 10.91% 2021-01-06 2026-06-16
CVE-2020-36187 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. [email protected] 8.1 5.20% 2021-01-06 2026-06-16
CVE-2020-36186 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource. [email protected] 8.1 5.22% 2021-01-06 2026-06-16
CVE-2020-36185 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource. [email protected] 8.1 5.22% 2021-01-06 2026-06-16
CVE-2020-36184 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. [email protected] 8.1 10.38% 2021-01-06 2026-06-16
CVE-2020-36181 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS. [email protected] 8.1 5.02% 2021-01-06 2026-06-16
CVE-2020-35728 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). [email protected] 8.1 12.50% 2020-12-27 2026-06-16
CVE-2020-35491 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. [email protected] 8.1 9.48% 2020-12-17 2026-06-16
CVE-2020-35490 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. [email protected] 8.1 7.69% 2020-12-17 2026-06-16
CVE-2020-25649 A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. [email protected] 7.5 17.61% 2020-12-03 2026-06-16
CVE-2020-24750 FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. [email protected] 8.1 7.27% 2020-09-17 2026-06-16
CVE-2020-24616 FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). [email protected] 8.1 9.35% 2020-08-25 2026-06-16
CVE-2020-14195 FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). [email protected] 8.1 4.51% 2020-06-16 2026-06-16
CVE-2020-14060 FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). [email protected] 8.1 8.61% 2020-06-14 2026-06-16
CVE-2020-14062 FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). [email protected] 8.1 8.07% 2020-06-14 2026-06-16
CVE-2020-14061 FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms). [email protected] 8.1 4.42% 2020-06-14 2026-06-16
CVE-2020-11620 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). [email protected] 8.1 5.59% 2020-04-07 2026-06-16
CVE-2020-11619 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). [email protected] 8.1 3.58% 2020-04-07 2026-06-16
CVE-2020-11113 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). [email protected] 8.8 6.28% 2020-03-31 2026-06-16
CVE-2020-11112 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). [email protected] 8.8 3.55% 2020-03-31 2026-06-16
cvelogic Threat Intelligence