Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:USN-4813-1
HistoryMar 15, 2021 - 9:47 p.m.

jackson-databind vulnerabilities

2021-03-1521:47:52
Google
osv.dev
11

AI Score

7.6

Confidence

Low

EPSS

0.533

Percentile

97.6%

JSON

It was discovered that Jackson Databind incorrectly handled
deserialization. An attacker could possibly use this issue to obtain
sensitive information. (CVE-2018-11307, CVE-2019-12086, CVE-2019-12814)

It was discovered that Jackson Databind incorrectly handled
deserialization. An attacker could possibly use this issue to execute
arbitrary code or other unspecified impact. (CVE-2018-12022,
CVE-2018-12023, CVE-2018-14718, CVE-2018-14719, CVE-2018-19360,
CVE-2018-19361, CVE-2018-19362, CVE-2019-12384, CVE-2019-14379,
CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942,
CVE-2019-16943, CVE-2019-17267, CVE-2019-17531, CVE-2019-20330,
CVE-2020-10672, CVE-2020-10673, CVE-2020-10968, CVE-2020-10969,
CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619,
CVE-2020-11620, CVE-2020-14060, CVE-2020-14061, CVE-2020-14062,
CVE-2020-14195, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548)

It was discovered that Jackson Databind incorrectly handled
deserialization. An attacker could possibly use this issue to execute XML
entity (XXE) attacks. (CVE-2018-14720)

It was discovered that Jackson Databind incorrectly handled
deserialization. An attacker could possibly use this issue to execute
server-side request forgery (SSRF). (CVE-2018-14721)

References

Related

ubuntu 1
nessus 22
openvas 47
ibm 49
mageia 1
rocky 1
debian 7
osv 9
redhat 18
fedora 39
cloudfoundry 1
almalinux 1
freebsd 1
oraclelinux 1
symantec 1
ubuntu
ubuntu
Jackson Databind vulnerabilities
2021-03-15 00:00:00
nessus
nessus
Ubuntu 16.04 ESM : Jackson Databind vulnerabilities (USN-4813-1)
2023-10-20 00:00:00
RHEL 8 : pki-core:10.6 and pki-deps:10.6 (RHSA-2020:1644)
2020-04-28 00:00:00
CentOS 8 : pki-core:10.6 and pki-deps:10.6 (CESA-2020:1644)
2021-02-01 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4813-1)
2023-01-27 00:00:00
Mageia: Security Advisory (MGASA-2021-0153)
2022-01-28 00:00:00
Debian: Security Advisory (DSA-4452-1)
2019-05-26 00:00:00
ibm
ibm
Security Bulletin: Multiple Security Vulnerabilities in Jackson-databind Affect IBM Sterling B2B Integrator
2020-07-24 17:07:55
Security Bulletin: Multiple vulnerabilities in FasterXML jackson-databind affect Apache Solr shipped with IBM Operations Analytics - Log Analysis
2021-04-16 15:32:23
Security Bulletin: IBM Security Guardium Insights is affected by Components with known vulnerabilities
2021-10-06 12:30:35
mageia
mageia
Updated jackson-databind packages fix security vulnerabilities
2021-03-27 17:27:02
rocky
rocky
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-04-28 09:00:20
debian
debian
[SECURITY] [DSA 4452-1] jackson-databind security update
2019-05-24 21:04:55
[SECURITY] [DLA 1703-1] jackson-databind security update
2019-03-04 12:13:19
[SECURITY] [DLA 2179-1] jackson-databind security update
2020-04-17 23:51:40
osv
osv
jackson-databind - security update
2019-05-24 00:00:00
jackson-databind - security update
2019-03-04 00:00:00
Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-04-28 09:00:20
redhat
redhat
(RHSA-2019:0782) Important: rh-maven35-jackson-databind security update
2019-04-17 20:45:27
(RHSA-2020:1644) Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-04-28 09:00:20
(RHSA-2019:3002) Important: Red Hat FIS 2.0 on Fuse 6.3.0 R13 security and bug fix update
2019-10-10 12:48:05
fedora
fedora
[SECURITY] Fedora 29 Update: jackson-databind-2.9.9.3-1.fc29
2019-09-22 03:20:24
[SECURITY] Fedora 29 Update: jackson-datatype-joda-2.9.8-1.fc29
2019-02-19 14:03:53
[SECURITY] Fedora 29 Update: jackson-dataformat-xml-2.9.8-1.fc29
2019-02-19 14:03:53
cloudfoundry
cloudfoundry
Various CVEs: UAA consumes vulnerable versions of FasterXML jackson-databind | Cloud Foundry
2019-11-13 00:00:00
almalinux
almalinux
Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-04-28 09:00:20
freebsd
freebsd
puppetdb -- Multiple vulnerabilities
2020-07-23 00:00:00
oraclelinux
oraclelinux
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
2020-05-05 00:00:00
symantec
symantec
FasterXML Jackson-databind CVE-2019-14540 Information Disclosure Vulnerability
2020-01-14 00:00:00

AI Score

7.6

Confidence

Low

EPSS

0.533

Percentile

97.6%

JSON
Related for OSV:USN-4813-1
ubuntu1nessus22openvas47ibm49mageia1rocky1debian7osv9redhat18fedora39cloudfoundry1almalinux1freebsd1oraclelinux1symantec1