Vulnerabilities > Fasterxml > Jackson Databind > 2.6.7.5

DATE CVE VULNERABILITY TITLE RISK
2023-06-14 CVE-2023-35116 Allocation of Resources Without Limits or Throttling vulnerability in Fasterxml Jackson-Databind
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies.
local
high complexity
fasterxml CWE-770
4.7
4.7
2022-12-26 CVE-2020-10650 Deserialization of Untrusted Data vulnerability in multiple products
A deserialization flaw was discovered in jackson-databind through 2.9.10.4.
network
high complexity
fasterxml oracle CWE-502
8.1
8.1
2022-10-02 CVE-2022-42003 Deserialization of Untrusted Data vulnerability in multiple products
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
network
low complexity
fasterxml quarkus debian netapp CWE-502
7.5
7.5
2022-10-02 CVE-2022-42004 Deserialization of Untrusted Data vulnerability in multiple products
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays.
network
low complexity
fasterxml quarkus debian netapp CWE-502
7.5
7.5
2022-03-11 CVE-2020-36518 Out-of-bounds Write vulnerability in multiple products
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
network
low complexity
fasterxml oracle debian netapp CWE-787
7.5
7.5
2020-12-17 CVE-2020-35491 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
8.1
2020-12-17 CVE-2020-35490 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
8.1
2020-08-25 CVE-2020-24616 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
network
high complexity
fasterxml netapp oracle debian CWE-502
8.1
8.1
2020-03-02 CVE-2020-9548 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
network
low complexity
fasterxml netapp debian oracle CWE-502
critical
 9.8
9.8
2020-03-02 CVE-2020-9547 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
network
low complexity
fasterxml netapp debian oracle CWE-502
critical
 9.8
9.8