Vulnerabilities > Fasterxml > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-21 | CVE-2018-12022 | Deserialization of Untrusted Data vulnerability in multiple products An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. | 7.5 |
| 2018-01-22 | CVE-2018-5968 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. | 8.1 |
| 2016-06-10 | CVE-2016-3720 | XML External Entity Injection vulnerability in FasterXML Jackson XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors. | 7.5 |