Max CVSS 7.5 Min CVSS 6.8 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2020-10673 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
13-09-2023 - 14:56 18-03-2020 - 22:15
CVE-2019-16943 6.8
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) ja
13-09-2023 - 14:55 01-10-2019 - 17:15
CVE-2019-16335 7.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
13-09-2023 - 14:55 15-09-2019 - 22:15
CVE-2019-14540 7.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
13-09-2023 - 14:54 15-09-2019 - 22:15
CVE-2019-17531 6.8
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-ext
13-09-2023 - 14:53 12-10-2019 - 21:15
CVE-2019-16942 7.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.
08-06-2023 - 18:00 01-10-2019 - 17:15
CVE-2020-10672 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
07-12-2021 - 19:44 18-03-2020 - 22:15
Back to Top Mark selected
Back to Top