← Back

Jackson Databind

jackson-databind

Vendor: Fasterxml • 70 CVEs

CVEs (70)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-35490
4Debian
FasterxmlNetapp+1 more
25Agile Plm
Application Testing SuiteAutovue For Agile Product Lifecycle Management+22 more
Nov 21, 2024
Dec 17, 2020
N/A· v4
8.1 HIGH· v3
6.8 MEDIUM· v2
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
CVE-2020-25649
6Apache
FasterxmlFedoraproject+3 more
39Agile Plm
Agile Product Lifecycle Management Integration PackBanking Apis+36 more
Nov 21, 2024
Dec 3, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is...Show more
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.Show less
CVE-2020-24750
3Debian
FasterxmlOracle
26Agile Plm
Application Testing SuiteAutovue For Agile Product Lifecycle Management+23 more
Nov 21, 2024
Sep 17, 2020
N/A· v4
8.1 HIGH· v3
6.8 MEDIUM· v2
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
CVE-2020-24616
4Debian
FasterxmlNetapp+1 more
25Active Iq Unified Manager
Agile PlmApplication Testing Suite+22 more
Nov 21, 2024
Aug 25, 2020
N/A· v4
8.1 HIGH· v3
6.8 MEDIUM· v2
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
CVE-2020-14195
4Debian
FasterxmlNetapp+1 more
14Active Iq Unified Manager
Agile PlmBanking Digital Experience+11 more
Nov 21, 2024
Jun 16, 2020
N/A· v4
8.1 HIGH· v3
6.8 MEDIUM· v2
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
CVE-2020-14060
3Fasterxml
NetappOracle
12Active Iq Unified Manager
Agile PlmBanking Digital Experience+9 more
Apr 29, 2026
Jun 14, 2020
N/A· v4
8.1 HIGH· v3
6.8 MEDIUM· v2
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).
CVE-2020-14062
4Debian
FasterxmlNetapp+1 more
13Active Iq Unified Manager
Agile PlmBanking Digital Experience+10 more
Apr 29, 2026
Jun 14, 2020
N/A· v4
8.1 HIGH· v3
6.8 MEDIUM· v2
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).
CVE-2020-14061
4Debian
FasterxmlNetapp+1 more
15Active Iq Unified Manager
Agile PlmAutovue For Agile Product Lifecycle Management+12 more
Aug 27, 2025
Jun 14, 2020
N/A· v4
8.1 HIGH· v3
6.8 MEDIUM· v2
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms....Show more
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).Show less
CVE-2020-11620
4Debian
FasterxmlNetapp+1 more
18Active Iq Unified Manager
Banking PlatformCommunications Contacts Server+15 more
Nov 21, 2024
Apr 7, 2020
N/A· v4
8.1 HIGH· v3
6.8 MEDIUM· v2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).
CVE-2020-11619
4Debian
FasterxmlNetapp+1 more
21Active Iq Unified Manager
Agile PlmBanking Platform+18 more
Apr 29, 2026
Apr 7, 2020
N/A· v4
8.1 HIGH· v3
6.8 MEDIUM· v2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
CVE-2020-11113
4Debian
FasterxmlNetapp+1 more
32Agile Plm
Autovue For Agile Product Lifecycle ManagementBanking Digital Experience+29 more
Apr 29, 2026
Mar 31, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
CVE-2020-11112
4Debian
FasterxmlNetapp+1 more
31Agile Plm
Autovue For Agile Product Lifecycle ManagementBanking Digital Experience+28 more
Apr 29, 2026
Mar 31, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
CVE-2020-11111
4Debian
FasterxmlNetapp+1 more
25Agile Plm
Autovue For Agile Product Lifecycle ManagementBanking Digital Experience+22 more
Nov 21, 2024
Mar 31, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms)...Show more
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).Show less
CVE-2020-10969
4Debian
FasterxmlNetapp+1 more
31Agile Plm
Autovue For Agile Product Lifecycle ManagementBanking Digital Experience+28 more
Nov 21, 2024
Mar 26, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
CVE-2020-10968
4Debian
FasterxmlNetapp+1 more
31Agile Plm
Autovue For Agile Product Lifecycle ManagementBanking Digital Experience+28 more
Nov 21, 2024
Mar 26, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
CVE-2020-10673
4Debian
FasterxmlNetapp+1 more
31Agile Plm
Autovue For Agile Product Lifecycle ManagementBanking Digital Experience+28 more
Nov 21, 2024
Mar 18, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
CVE-2020-10672
4Debian
FasterxmlNetapp+1 more
31Agile Plm
Autovue For Agile Product Lifecycle ManagementBanking Digital Experience+28 more
Nov 21, 2024
Mar 18, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jm...Show more
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).Show less
CVE-2019-14893
3Fasterxml
NetappOracle
4Goldengate Stream Analytics
Jackson DatabindOncommand Api Services+1 more
Nov 21, 2024
Mar 2, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction wi...Show more
A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.Show less
CVE-2019-14892
3Apache
FasterxmlRedhat
8Decision Manager
GeodeJackson Databind+5 more
Nov 21, 2024
Mar 2, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An atta...Show more
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.Show less
CVE-2020-9548
4Debian
FasterxmlNetapp+1 more
25Active Iq Unified Manager
Agile PlmAutovue For Agile Product Lifecycle Management+22 more
Nov 21, 2024
Mar 2, 2020
N/A· v4
9.8 CRITICAL· v3
6.8 MEDIUM· v2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).