Jackson-databind@2.9.0 Security Vulnerabilities and Issues — Jackson-databind@2.9.0 CVE List

Lucene search

FasterxmlJackson-databind2.9.0

2 matches found

CVE•added 2019/01/02 6:29 p.m.•368 views

CVE-2018-14721

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.

10CVSS9.4AI score0.09895EPSS

CVE•added 2019/01/02 6:29 p.m.•313 views

CVE-2018-14720

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

9.8CVSS9.4AI score0.0341EPSS