Lucene search
Veracode Vulnerability DatabaseVERACODE:34668HistoryMar 14, 2022 - 9:02 a.m.
Denial Of Service (DoS)
2022-03-1409:02:56
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
57
0.002 Low
EPSS
Percentile
60.1%
com.fasterxml.jackson.core:jackson-databind is vulnerable to denial of service. A malicious user is able to cause a StackOverflow exception using a large depth of nested objects resulting in a denial of service conditions.
References
github.com/advisories/GHSA-57j2-w4cx-62h2
github.com/FasterXML/jackson-databind/issues/2816
github.com/FasterXML/jackson/wiki/Jackson-Release-2.12
github.com/FasterXML/jackson/wiki/Jackson-Release-2.13
lists.debian.org/debian-lts-announce/2022/05/msg00001.html
lists.debian.org/debian-lts-announce/2022/11/msg00035.html
security.netapp.com/advisory/ntap-20220506-0004/
www.debian.org/security/2022/dsa-5283
www.oracle.com/security-alerts/cpuapr2022.html
www.oracle.com/security-alerts/cpujul2022.html
Related
ibm
ibm
wolfi
wolfi
CVE-2020-36518 vulnerabilities
2024-05-29 03:07:31
osv
osv
Moderate: pki-core:10.6 and pki-deps:10.6 security update
2024-06-14 13:59:30
jackson-databind - security update
2022-05-02 00:00:00
Moderate: pki-core:10.6 and pki-deps:10.6 security update
2024-05-22 00:00:00
cve
cve
CVE-2020-36518
2022-03-11 07:15:07
debian
debian
[SECURITY] [DLA 2990-1] jackson-databind security update
2022-05-02 18:33:27
[SECURITY] [DLA 3207-1] jackson-databind security update
2022-11-27 18:53:52
[SECURITY] [DSA 5283-1] jackson-databind security update
2022-11-17 11:17:07
redhat
redhat
(RHSA-2022:5596) Moderate: Red Hat build of Quarkus 2.7.6 release and security update
2022-07-19 11:26:48
(RHSA-2024:3061) Moderate: pki-core:10.6 and pki-deps:10.6 security update
2024-05-22 06:35:29
(RHSA-2023:2312) Moderate: jackson security update
2023-05-09 05:07:11
ubuntucve
ubuntucve
CVE-2020-36518
2022-03-11 00:00:00
nessus
nessus
Oracle Primavera P6 Enterprise Project Portfolio Management (Jul 2022 CPU)
2022-10-05 00:00:00
FreeBSD : kafka -- Denial Of Service vulnerability (01823528-a4c1-11ed-b6af-b42e991fc52e)
2023-02-04 00:00:00
Oracle Linux 9 : jackson (ELSA-2023-2312)
2023-05-15 00:00:00
atlassian
atlassian
Bump jackson-databind dependency to 2.13.4.2
2023-01-12 09:57:47
jackson-databind Vulnerability in Bamboo Data Center and Server
2023-10-06 17:44:47
openvas
openvas
Debian: Security Advisory (DLA-2990-1)
2022-05-03 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:1678-1)
2022-05-17 00:00:00
Debian: Security Advisory (DLA-3207-1)
2022-11-28 00:00:00
redhatcve
redhatcve
CVE-2020-36518
2022-03-16 11:47:03
freebsd
freebsd
kafka -- Denial Of Service vulnerability
2022-03-11 00:00:00
prion
prion
Design/Logic Flaw
2022-03-11 07:15:00
oraclelinux
oraclelinux
pki-core:10.6 and pki-deps:10.6 security update
2024-05-24 00:00:00
jackson security update
2023-05-15 00:00:00
rocky
rocky
pki-core:10.6 and pki-deps:10.6 security update
2024-06-14 13:59:30
github
github
Deeply nested json in jackson-databind
2022-03-12 00:00:36
Apiman Manager API affected by Jackson denial of service vulnerability
2023-01-09 20:05:31
almalinux
almalinux
Moderate: jackson security update
2023-05-09 00:00:00
Moderate: pki-core:10.6 and pki-deps:10.6 security update
2024-05-22 00:00:00
cvelist
cvelist
CVE-2020-36518
2022-03-11 00:00:00
debiancve
debiancve
CVE-2020-36518
2022-03-11 07:15:07
cgr
cgr
CVE-2020-36518 vulnerabilities
2024-05-19 03:07:16
nvd
nvd
CVE-2020-36518
2022-03-11 07:15:07
mageia
mageia
Updated jackson-databind packages fix security vulnerabilities
2024-03-16 19:28:17
suse
suse
hp
hp
HP Device Manager Security Updates
2023-10-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00