Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

Patch

com.fasterxml.jackson.core:jackson-databind 2.8.0.rc2

Back to all
Package Version

com.fasterxml.jackson.core:jackson-databind 2.8.0.rc2

Github Repository

Package Version Scores

Overall
0
/10
Security
4
Activity
6
Popularity
8
Quality
4
All Factors
Security
Activity
Popularity
Code Quality
Quality
Pull Requests from Bots
Pull requests from bot accounts indicate that the project is using automation for development tasks.
Quality
Pull Requests from Bots
Pull requests from bot accounts indicate that the project is using automation for development tasks.

Endor Patches

Patch Name
CVEs fixed
Lines of Code Changed
6760e51ddf694caadaf4e1a8
CVEs Fixed
C
26
H
40
+1348
-90

Vulnerabilities Fixed

Cve Name
CVE ID
Severity
XML External Entity Reference (XXE) in jackson-databind
CVE-2018-14720
Critical
jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass
CVE-2017-17485
Critical
Deserialization of Untrusted Data in jackson-databind
CVE-2018-11307
Critical
Polymorphic Typing in FasterXML jackson-databind
CVE-2019-16942
Critical
Polymorphic Typing issue in FasterXML jackson-databind
CVE-2019-14540
Critical
jackson-databind polymorphic typing issue
CVE-2019-17531
Critical
Deserialization of Untrusted Data in jackson-databind
CVE-2018-19361
Critical
Improper Input Validation in jackson-databind
CVE-2019-17267
Critical
com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data
CVE-2018-19362
Critical
jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-9546
Critical
jackson-databind polymorphic typing issue
CVE-2019-16943
Critical
Arbitrary Code Execution in jackson-databind
CVE-2018-14718
Critical
jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-9547
Critical
FasterXML jackson-databind allows unauthenticated remote code execution
CVE-2018-7489
Critical
Server-Side Request Forgery (SSRF) in jackson-databind
CVE-2018-14721
Critical
Deserialization of Untrusted Data in jackson-databind
CVE-2020-8840
Critical
jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-9548
Critical
Deserialization of Untrusted Data in jackson-databind
CVE-2019-20330
Critical
Deserialization of Untrusted Data in jackson-databind due to polymorphic deserialization
CVE-2018-19360
Critical
Polymorphic deserialization of malicious object in jackson-databind
CVE-2019-14892
Critical
Polymorphic Typing issue in FasterXML jackson-databind
CVE-2019-16335
Critical
Arbitrary Code Execution in jackson-databind
CVE-2018-14719
Critical
Polymorphic deserialization of malicious object in jackson-databind
CVE-2019-14893
Critical
Deserialization of untrusted data in FasterXML jackson-databind
CVE-2019-14379
Critical
jackson-databind vulnerable to deserialization flaw leading to unauthenticated remote code execution
CVE-2017-15095
Critical
jackson-databind is vulnerable to a deserialization flaw
CVE-2017-7525
Critical
jackson-databind vulnerable to unsafe deserialization
CVE-2020-10650
High
jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-11111
High
Deserialization of Untrusted Data in jackson-databind
CVE-2018-5968
High
Unsafe Deserialization in jackson-databind
CVE-2020-36189
High
Unsafe Deserialization in jackson-databind
CVE-2020-36186
High
Serialization gadgets exploit in jackson-databind
CVE-2020-35490
High
Uncontrolled Resource Consumption in FasterXML jackson-databind
CVE-2022-42004
High
Unsafe Deserialization in jackson-databind
CVE-2020-36181
High
Deserialization of untrusted data in Jackson Databind
CVE-2020-14061
High
jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-10672
High
Deserialization of Untrusted Data
CVE-2018-12023
High
Deserialization of untrusted data in jackson-databind
CVE-2021-20190
High
jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-11619
High
Serialization gadgets exploit in jackson-databind
CVE-2020-35491
High
Deserialization of untrusted data in Jackson Databind
CVE-2020-14060
High
Deserialization of untrusted data in FasterXML jackson-databind
CVE-2019-14439
High
Unsafe Deserialization in jackson-databind
CVE-2020-36179
High
jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-10969
High
XML External Entity (XXE) Injection in Jackson Databind
CVE-2020-25649
High
Unsafe Deserialization in jackson-databind
CVE-2020-24750
High
Deserialization of untrusted data in Jackson Databind
CVE-2020-14195
High
jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-11620
High
jackson-databind Deserialization of Untrusted Data vulnerability
CVE-2018-12022
High
jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-11113
High
Unsafe Deserialization in jackson-databind
CVE-2020-36180
High
Deeply nested json in jackson-databind
CVE-2020-36518
High
jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-10968
High
Unsafe Deserialization in jackson-databind
CVE-2020-36184
High
Code Injection in jackson-databind
CVE-2020-24616
High
Unsafe Deserialization in jackson-databind
CVE-2020-36188
High
Unsafe Deserialization in jackson-databind
CVE-2020-36182
High
Information exposure in FasterXML jackson-databind
CVE-2019-12086
High
Unsafe Deserialization in jackson-databind
CVE-2020-36187
High
Uncontrolled Resource Consumption in Jackson-databind
CVE-2022-42003
High
Unsafe Deserialization in jackson-databind
CVE-2020-36183
High
Serialization gadget exploit in jackson-databind
CVE-2020-35728
High
jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-10673
High
Deserialization of untrusted data in Jackson Databind
CVE-2020-14062
High
Unsafe Deserialization in jackson-databind
CVE-2020-36185
High
jackson-databind mishandles the interaction between serialization gadgets and typing
CVE-2020-11112
High

Get the Patch Instantly Without Upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

References

Basic Information

Ecosystem
Release Date
January 23, 2025
LINES OF CODE CHANGED
+1348
-90
-
on latest patch
License
Patch Available

Get the Patch Instantly

Secure your app without upgrading.
Fix Without Upgrading
{
"items": [
{
"title": "First Major Version Milestone Achieved",
"description": "The package has reached version 1.0.0, this is a sign of maturity",
"category": "code quality",
"type": "upscore"
},
{
"title": "Older Versions are Maintained",
"description": "The package keeps creating updates to earlier version trains, this is a sign of a commitment to maintaining and supporting the users of the project",
"category": "activity",
"type": "upscore"
},
{
"title": "Frequent Versions",
"description": "The package has frequent version creation, this is a sign of a commitment to maintaining and supporting the codebase",
"category": "activity",
"type": "upscore"
},
{
"title": "Organization Repository",
"description": "When a repository belongs to an organization there is a lower risk of it getting abandoned in the future",
"category": "activity",
"type": "upscore"
},
{
"title": "Unfixed Medium Severity Vulnerabilities",
"description": "Unfixed medium severity vulnerabilities discovered in a repository indicate a somewhat elevated security risk. Analysis only considers vulnerabilities associated with this repository and not its dependencies. Vulnerability information is based on OSV.dev data and Endor's vulnerability database",
"category": "security",
"type": "downscore"
},
{
"title": "High Ratio of High Fix Priority Vulnerabilities",
"description": "A high fraction of high fix priority vulnerabilities among the discovered vulnerabilities indicates an elevated security risk and that the repository needs immediate maintenance. A vulnerability is considered high priority based on our analysis. Analysis only considers vulnerabilities associated with this repository and not its dependencies. Vulnerability information is based on OSV.dev data and Endor's vulnerability database",
"category": "security",
"type": "downscore"
},
{
"title": "Has Stars",
"description": "Having some stars indicates interest in the project. ",
"category": "popularity",
"type": "upscore"
},
{
"title": "Many Forks",
"description": "Many forks show an active interest in the project",
"category": "popularity",
"type": "upscore"
},
{
"title": "Many Subscribers",
"description": "A very large number of subscribers indicates an active interest in the project",
"category": "popularity",
"type": "upscore"
},
{
"title": "Repository has Topics",
"description": "Configuring topics is an indication that the repository is well maintained",
"category": "activity",
"type": "upscore"
},
{
"title": "No Source Code License",
"description": "Having license information in the source code makes it easier to validate the license status of the package",
"category": "code quality",
"type": "downscore"
},
{
"title": "No Package License",
"description": "Packages without license information can create operational risk",
"category": "code quality",
"type": "downscore"
}
]
}