2.9.0

DATE	CVE	VULNERABILITY TITLE	RISK
2021-03-23	CVE-2021-21346	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network low complexity xstream-project debian fedoraproject oracle CWE-434 critical	9.8
2021-03-23	CVE-2021-21345	OS Command Injection vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network low complexity xstream-project debian fedoraproject oracle CWE-78 critical	9.9
2021-03-23	CVE-2021-21344	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network low complexity xstream-project debian fedoraproject oracle CWE-434 critical	9.8
2021-03-23	CVE-2021-21343	External Control of File Name or Path vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network low complexity xstream-project debian fedoraproject oracle CWE-73	7.5
2021-03-23	CVE-2021-21342	Deserialization of Untrusted Data vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network low complexity xstream-project debian fedoraproject oracle CWE-502 critical	9.1
2021-03-23	CVE-2021-21341	Deserialization of Untrusted Data vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network low complexity xstream-project debian fedoraproject oracle CWE-502	7.5
2021-01-06	CVE-2020-36189	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource. network high complexity fasterxml netapp debian oracle CWE-502	8.1
2020-12-17	CVE-2020-35491	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. network fasterxml netapp debian oracle CWE-502	6.8
2020-12-17	CVE-2020-35490	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. network fasterxml netapp debian oracle CWE-502	6.8
2020-12-03	CVE-2020-25649	XXE vulnerability in multiple products A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. network low complexity fasterxml netapp fedoraproject quarkus apache oracle CWE-611	7.5