Vulnerabilities (CVE)

Vendor filter

Fasterxml Subscribe

Product filter

Jackson Subscribe

Filter

5 total CVE
CVE Vendors Products Updated CVSS
CVE-2016-7051 1 Fasterxml 2 Jackson, Jackson-dataformat-xml 2019-10-10 5.0
XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.
CVE-2016-3720 2 Fasterxml, Fedoraproject 3 Jackson, Fedora, Jackson-dataformat-xml 2019-10-10 7.5
XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.
CVE-2017-7525 3 Fasterxml, Debian, Redhat 6 Jackson-databind, Debian Linux, Jackson and 3 more 2019-09-27 7.5
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the...
CVE-2017-17485 3 Fasterxml, Debian, Redhat 7 Jackson-databind, Jackson, Debian Linux and 4 more 2019-09-27 7.5
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input...
CVE-2017-15095 3 Fasterxml, Debian, Redhat 4 Jackson-databind, Debian Linux, Jackson and 1 more 2019-09-27 7.5
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the...