Debian Libjackson-Json-Java vulnerabilities
3 known vulnerabilities affecting debian/libjackson-json-java.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3
Vulnerabilities
Page 1 of 1
CVE-2017-7525P2CRITICALCVSS 9.8fixed in jackson-databind 2.9.1-1 (bookworm)2017
CVE-2017-7525 [CRITICAL] CVE-2017-7525: jackson-databind - A deserialization flaw was discovered in the jackson-databind, versions before 2...
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
Scope: local
bookworm: resolved (fixed in 2.9.1-1)
bullseye: resolved (fixed in 2.9.1-1)
forky:
debian
CVE-2017-15095P2CRITICALCVSS 9.8fixed in jackson-databind 2.9.1-1 (bookworm)2017
CVE-2017-15095 [CRITICAL] CVE-2017-15095: jackson-databind - A deserialization flaw was discovered in the jackson-databind in versions before...
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used mal
debian
CVE-2019-10172P3CRITICALCVSS 9.8fixed in libjackson-json-java 1.9.13-2 (bookworm)2019
CVE-2019-10172 [CRITICAL] CVE-2019-10172: libjackson-json-java - A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML...
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.
Scope: local
bookworm: resolved (fixed in 1.9.13-2)
bullseye: resolved (fixed in 1.9.13-2)
forky: resolved (fixed in 1.9.13-2)
sid: resolve
debian