Search Results (Refine Search)
- Results Type: Overview
- Search Type: Search All
- CPE Vendor: cpe:/:fasterxml
- CPE Product: cpe:/:fasterxml:jackson-databind
- CPE Product Version: cpe:/:fasterxml:jackson-databind:2.10.0.pr3
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-35116 |
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker. Published: June 14, 2023; 10:15:10 AM -0400 |
V3.1: 4.7 MEDIUM V2.0:(not available) |
CVE-2021-46877 |
jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. Published: March 18, 2023; 6:15:11 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-42004 |
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. Published: October 02, 2022; 1:15:09 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-42003 |
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Published: October 02, 2022; 1:15:09 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2020-36518 |
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. Published: March 11, 2022; 2:15:07 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-25649 |
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. Published: December 03, 2020; 12:15:12 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |