High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-08-08	CVE-2023-3894	Out-of-bounds Write vulnerability in Fasterxml Jackson-Dataformats-Text Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). network low complexity fasterxml CWE-787	7.5
2023-03-18	CVE-2021-46877	Allocation of Resources Without Limits or Throttling vulnerability in Fasterxml Jackson-Databind jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. network low complexity fasterxml CWE-770	7.5
2022-12-26	CVE-2020-10650	Deserialization of Untrusted Data vulnerability in multiple products A deserialization flaw was discovered in jackson-databind through 2.9.10.4. network high complexity fasterxml oracle CWE-502	8.1
2022-10-02	CVE-2022-42003	Deserialization of Untrusted Data vulnerability in multiple products In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. network low complexity fasterxml quarkus debian netapp CWE-502	7.5
2022-10-02	CVE-2022-42004	Deserialization of Untrusted Data vulnerability in multiple products In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. network low complexity fasterxml quarkus debian netapp CWE-502	7.5
2022-09-16	CVE-2022-40152	Out-of-bounds Write vulnerability in multiple products Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. network low complexity xstream-project fasterxml CWE-787	7.5
2022-03-11	CVE-2020-36518	Out-of-bounds Write vulnerability in multiple products jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. network low complexity fasterxml oracle debian netapp CWE-787	7.5
2021-02-18	CVE-2020-28491	Allocation of Resources Without Limits or Throttling vulnerability in multiple products This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. network low complexity fasterxml quarkus oracle CWE-770	7.5
2021-01-19	CVE-2021-20190	Deserialization of Untrusted Data vulnerability in multiple products A flaw was found in jackson-databind before 2.9.10.7. network high complexity fasterxml netapp apache debian oracle CWE-502	8.1
2021-01-07	CVE-2020-36183	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. network high complexity fasterxml netapp debian oracle CWE-502	8.1