Jackson-databind@* Security Vulnerabilities and Issues — Jackson-databind@* CVE List

Lucene search

FasterxmlJackson-databind*

4 matches found

CVE•added 2022/10/02 5:15 a.m.•710 views

CVE-2022-42003

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.

7.5CVSS7.5AI score0.00278EPSS

CVE•added 2022/03/11 7:15 a.m.•573 views

CVE-2020-36518

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

7.5CVSS7.4AI score0.00477EPSS

CVE•added 2022/10/02 5:15 a.m.•492 views

CVE-2022-42004

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.

7.5CVSS7.5AI score0.00219EPSS

CVE•added 2022/12/26 8:15 p.m.•213 views

CVE-2020-10650

A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.J...

8.1CVSS8.1AI score0.05253EPSS