Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:fasterxml:jackson-databind:2.7.0:rc1:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-14721 |
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. Published: January 02, 2019; 1:29:00 PM -0500 |
V3.0: 10.0 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-14720 |
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. Published: January 02, 2019; 1:29:00 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |