[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-7489":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":65,"aliases":66,"duplicate_of":9,"upstream":68,"downstream":69,"duplicates":92,"related":93,"reserved_at":9,"published_at":95,"modified_at":96,"state":97,"summary":98,"references_raw":107,"kevs":277,"epss":278,"epss_history":281,"metrics":523,"affected":534},"CVE-2018-7489","FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.",null,[11,55],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-184","Incomplete List of Disallowed Inputs","The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.","weakness","Draft","Base",[19,23,27,31,35,39,43,47,51],{"id":20,"name":21,"techniques":22},"CAPEC-120","Double Encoding",[],{"id":24,"name":25,"techniques":26},"CAPEC-15","Command Delimiters",[],{"id":28,"name":29,"techniques":30},"CAPEC-182","Flash Injection",[],{"id":32,"name":33,"techniques":34},"CAPEC-3","Using Leading 'Ghost' Character Sequences to Bypass Input Filters",[],{"id":36,"name":37,"techniques":38},"CAPEC-43","Exploiting Multiple Input Interpretation Layers",[],{"id":40,"name":41,"techniques":42},"CAPEC-6","Argument Injection",[],{"id":44,"name":45,"techniques":46},"CAPEC-71","Using Unicode Encoding to Bypass Validation Logic",[],{"id":48,"name":49,"techniques":50},"CAPEC-73","User-Controlled Filename",[],{"id":52,"name":53,"techniques":54},"CAPEC-85","AJAX Footprinting",[],{"_key":56,"id":56,"name":57,"description":58,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":59,"capec":60},"CWE-502","Deserialization of Untrusted Data","The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.","Medium",[61],{"id":62,"name":63,"techniques":64},"CAPEC-586","Object Injection",[],[],[67],"GHSA-cggj-fvv3-cqwv",[],[70,72,74,76,78,80,82,84,86,88,90],{"_key":71},"UBUNTU-CVE-2018-7489",{"_key":73},"OPENSUSE-SU-2024:10886-1",{"_key":75},"DSA-4190-1",{"_key":77},"DEBIAN-CVE-2018-7489",{"_key":79},"RHEA-2018:2082",{"_key":81},"RHSA-2018:1448",{"_key":83},"RHSA-2018:1449",{"_key":85},"RHSA-2018:1450",{"_key":87},"RHSA-2018:1451",{"_key":89},"RHSA-2018:2089",{"_key":91},"RHSA-2018:2090",[],[94],{"_key":73},"2018-02-26T15:00:00.000Z","2024-08-05T06:31:03.738Z","Modified",{"cisa_kev":99,"cisa_ransomware":99,"cisa_vendor":9,"epss_severity":100,"epss_score":101,"severity":102,"severity_score":103,"severity_version":104,"severity_source":105,"severity_vector":106,"severity_status":97},false,"high",0.36207,"critical",9.8,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[108,116,124,128,132,136,140,144,149,153,157,161,166,170,174,178,182,186,192,196,200,204,209,213,217,221,225,229,235,240,244,248,252,256,260,264,268,272],{"url":109,"sources":110,"tags":112},"http://www.securityfocus.com/bid/103203",[111,105],"cve.org",[113,114,115],"VDB Entry","X Refsource BID","Third Party Advisory",{"url":117,"sources":118,"tags":120},"https://access.redhat.com/errata/RHSA-2018:1448",[111,105,119],"osv_maven",[121,122,115,123],"Vendor Advisory","X Refsource REDHAT","WEB",{"url":125,"sources":126,"tags":127},"https://access.redhat.com/errata/RHSA-2018:1449",[111,105,119],[121,122,115,123],{"url":129,"sources":130,"tags":131},"https://access.redhat.com/errata/RHSA-2018:2938",[111,105,119],[121,122,115,123],{"url":133,"sources":134,"tags":135},"https://access.redhat.com/errata/RHSA-2018:1450",[111,105,119],[121,122,115,123],{"url":137,"sources":138,"tags":139},"https://access.redhat.com/errata/RHSA-2018:2090",[111,105,119],[121,122,115,123],{"url":141,"sources":142,"tags":143},"https://access.redhat.com/errata/RHSA-2018:2939",[111,105,119],[121,122,115,123],{"url":145,"sources":146,"tags":147},"http://www.securitytracker.com/id/1041890",[111,105],[113,148,115],"X Refsource SECTRACK",{"url":150,"sources":151,"tags":152},"http://www.securitytracker.com/id/1040693",[111,105],[113,148,115],{"url":154,"sources":155,"tags":156},"https://access.redhat.com/errata/RHSA-2018:1786",[111,105,119],[121,122,115,123],{"url":158,"sources":159,"tags":160},"https://access.redhat.com/errata/RHSA-2018:1451",[111,105,119],[121,122,115,123],{"url":162,"sources":163,"tags":164},"https://www.debian.org/security/2018/dsa-4190",[111,105,119],[121,165,115,123],"X Refsource DEBIAN",{"url":167,"sources":168,"tags":169},"https://access.redhat.com/errata/RHSA-2018:1447",[111,105,119],[121,122,115,123],{"url":171,"sources":172,"tags":173},"https://access.redhat.com/errata/RHSA-2018:2088",[111,105,119],[121,122,115,123],{"url":175,"sources":176,"tags":177},"https://access.redhat.com/errata/RHSA-2018:2089",[111,105,119],[121,122,115,123],{"url":179,"sources":180,"tags":181},"https://access.redhat.com/errata/RHSA-2019:2858",[111,105,119],[121,122,123],{"url":183,"sources":184,"tags":185},"https://access.redhat.com/errata/RHSA-2019:3149",[111,105,119],[121,122,123],{"url":187,"sources":188,"tags":189},"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",[111,105,119],[190,191,123],"X Refsource CONFIRM","Patch",{"url":193,"sources":194,"tags":195},"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",[111,105,119],[190,191,123],{"url":197,"sources":198,"tags":199},"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",[111,105,119],[190,191,123],{"url":201,"sources":202,"tags":203},"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",[111,105,119],[190,191,115,123],{"url":205,"sources":206,"tags":207},"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",[111,105,119],[208,191,115,123],"X Refsource MISC",{"url":210,"sources":211,"tags":212},"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",[111,105,119],[208,191,123],{"url":214,"sources":215,"tags":216},"https://www.oracle.com/security-alerts/cpuoct2020.html",[111,105,119],[208,123],{"url":218,"sources":219,"tags":220},"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us",[111,105,119],[190,115,123],{"url":222,"sources":223,"tags":224},"https://security.netapp.com/advisory/ntap-20180328-0001/",[111,105],[190,115],{"url":226,"sources":227,"tags":228},"https://github.com/FasterXML/jackson-databind/issues/1931",[111,105,119],[190,115,123],{"url":230,"sources":231,"tags":232},"https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E",[111,105],[233,234],"Mailing List","X Refsource MLIST",{"url":236,"sources":237,"tags":238},"https://nvd.nist.gov/vuln/detail/CVE-2018-7489",[119],[239],"Advisory",{"url":241,"sources":242,"tags":243},"https://github.com/FasterXML/jackson-databind/commit/e66c0a9d3c926ff1b63bf586c824ead1d02f2a3d",[119],[123],{"url":245,"sources":246,"tags":247},"https://github.com/FasterXML/jackson-databind/commit/ca2bfc86af82a1479112004b663ba74c760752e6",[119],[123],{"url":249,"sources":250,"tags":251},"https://github.com/FasterXML/jackson-databind/commit/c921f0935d5e41bf206e702d8077a275ba1a6efc",[119],[123],{"url":253,"sources":254,"tags":255},"https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2",[119],[123],{"url":257,"sources":258,"tags":259},"https://github.com/FasterXML/jackson-databind/commit/bc22f90eb7f896ace9567598a99cb1ff6e0f9d9d",[119],[123],{"url":261,"sources":262,"tags":263},"https://security.netapp.com/advisory/ntap-20180328-0001",[119],[123],{"url":265,"sources":266,"tags":267},"https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E",[119],[123],{"url":269,"sources":270,"tags":271},"https://github.com/advisories/GHSA-cggj-fvv3-cqwv",[119],[239],{"url":273,"sources":274,"tags":275},"https://github.com/FasterXML/jackson-databind",[119],[276],"PACKAGE",[],{"date":279,"score":101,"percentile":280},"2026-06-04",0.97191,[282,285,287,290,293,296,298,301,303,306,309,312,314,316,319,323,326,329,332,334,336,339,342,345,348,350,353,355,359,362,365,367,369,372,374,376,379,382,385,387,390,393,396,399,402,405,408,411,413,415,418,421,424,426,429,432,434,437,440,443,446,449,451,454,456,458,460,463,466,468,470,473,476,479,482,485,488,490,492,494,497,499,502,505,508,510,513,516,518,520],{"date":283,"score":101,"percentile":284},"2025-11-04",0.96908,{"date":286,"score":101,"percentile":284},"2025-11-05",{"date":288,"score":101,"percentile":289},"2025-11-06",0.9691,{"date":291,"score":101,"percentile":292},"2025-11-07",0.96913,{"date":294,"score":101,"percentile":295},"2025-11-08",0.96912,{"date":297,"score":101,"percentile":295},"2025-11-09",{"date":299,"score":101,"percentile":300},"2025-11-10",0.96911,{"date":302,"score":101,"percentile":292},"2025-11-11",{"date":304,"score":101,"percentile":305},"2025-11-12",0.96916,{"date":307,"score":101,"percentile":308},"2025-11-13",0.96917,{"date":310,"score":101,"percentile":311},"2025-11-14",0.96919,{"date":313,"score":101,"percentile":308},"2025-11-15",{"date":315,"score":101,"percentile":308},"2025-11-16",{"date":317,"score":101,"percentile":318},"2025-11-17",0.96918,{"date":320,"score":321,"percentile":322},"2025-11-18",0.64179,0.98424,{"date":324,"score":321,"percentile":325},"2025-11-19",0.98426,{"date":327,"score":321,"percentile":328},"2025-11-20",0.98427,{"date":330,"score":101,"percentile":331},"2025-11-21",0.96921,{"date":333,"score":101,"percentile":311},"2025-11-22",{"date":335,"score":101,"percentile":318},"2025-11-23",{"date":337,"score":101,"percentile":338},"2025-11-24",0.96922,{"date":340,"score":101,"percentile":341},"2025-11-25",0.96923,{"date":343,"score":101,"percentile":344},"2025-11-26",0.96924,{"date":346,"score":101,"percentile":347},"2025-11-27",0.96926,{"date":349,"score":101,"percentile":344},"2025-11-28",{"date":351,"score":101,"percentile":352},"2025-11-29",0.96925,{"date":354,"score":101,"percentile":352},"2025-11-30",{"date":356,"score":357,"percentile":358},"2025-12-01",0.22488,0.95644,{"date":360,"score":357,"percentile":361},"2025-12-02",0.95643,{"date":363,"score":357,"percentile":364},"2025-12-03",0.95645,{"date":366,"score":101,"percentile":352},"2025-12-04",{"date":368,"score":101,"percentile":347},"2025-12-05",{"date":370,"score":101,"percentile":371},"2025-12-06",0.96927,{"date":373,"score":101,"percentile":347},"2025-12-07",{"date":375,"score":101,"percentile":347},"2025-12-08",{"date":377,"score":101,"percentile":378},"2025-12-09",0.96928,{"date":380,"score":101,"percentile":381},"2025-12-10",0.96934,{"date":383,"score":101,"percentile":384},"2025-12-11",0.96936,{"date":386,"score":101,"percentile":384},"2025-12-12",{"date":388,"score":101,"percentile":389},"2025-12-13",0.96939,{"date":391,"score":101,"percentile":392},"2025-12-14",0.96935,{"date":394,"score":101,"percentile":395},"2025-12-15",0.96938,{"date":397,"score":101,"percentile":398},"2025-12-16",0.96941,{"date":400,"score":101,"percentile":401},"2025-12-17",0.96943,{"date":403,"score":101,"percentile":404},"2025-12-18",0.96942,{"date":406,"score":101,"percentile":407},"2025-12-19",0.96944,{"date":409,"score":101,"percentile":410},"2025-12-20",0.96946,{"date":412,"score":101,"percentile":410},"2025-12-21",{"date":414,"score":101,"percentile":410},"2025-12-22",{"date":416,"score":101,"percentile":417},"2025-12-23",0.96947,{"date":419,"score":101,"percentile":420},"2025-12-24",0.9695,{"date":422,"score":101,"percentile":423},"2025-12-25",0.96954,{"date":425,"score":101,"percentile":423},"2025-12-26",{"date":427,"score":101,"percentile":428},"2025-12-27",0.96979,{"date":430,"score":101,"percentile":431},"2025-12-28",0.96953,{"date":433,"score":101,"percentile":423},"2025-12-29",{"date":435,"score":101,"percentile":436},"2025-12-30",0.96955,{"date":438,"score":101,"percentile":439},"2025-12-31",0.96959,{"date":441,"score":357,"percentile":442},"2026-01-01",0.95686,{"date":444,"score":357,"percentile":445},"2026-01-02",0.9568,{"date":447,"score":357,"percentile":448},"2026-01-03",0.95676,{"date":450,"score":101,"percentile":439},"2026-01-04",{"date":452,"score":101,"percentile":453},"2026-01-05",0.9696,{"date":455,"score":101,"percentile":439},"2026-01-06",{"date":457,"score":101,"percentile":453},"2026-01-07",{"date":459,"score":101,"percentile":453},"2026-01-08",{"date":461,"score":101,"percentile":462},"2026-01-09",0.96962,{"date":464,"score":101,"percentile":465},"2026-01-10",0.96964,{"date":467,"score":101,"percentile":465},"2026-01-11",{"date":469,"score":101,"percentile":465},"2026-01-12",{"date":471,"score":101,"percentile":472},"2026-01-13",0.96966,{"date":474,"score":101,"percentile":475},"2026-01-14",0.96967,{"date":477,"score":101,"percentile":478},"2026-01-15",0.96969,{"date":480,"score":101,"percentile":481},"2026-01-16",0.96972,{"date":483,"score":101,"percentile":484},"2026-01-17",0.96974,{"date":486,"score":101,"percentile":487},"2026-01-18",0.96973,{"date":489,"score":101,"percentile":481},"2026-01-19",{"date":491,"score":101,"percentile":484},"2026-01-20",{"date":493,"score":101,"percentile":484},"2026-01-21",{"date":495,"score":101,"percentile":496},"2026-01-22",0.96976,{"date":498,"score":101,"percentile":428},"2026-01-23",{"date":500,"score":101,"percentile":501},"2026-01-24",0.9698,{"date":503,"score":101,"percentile":504},"2026-01-25",0.96981,{"date":506,"score":101,"percentile":507},"2026-01-26",0.96982,{"date":509,"score":101,"percentile":504},"2026-01-27",{"date":511,"score":101,"percentile":512},"2026-01-28",0.96983,{"date":514,"score":101,"percentile":515},"2026-01-29",0.96985,{"date":517,"score":101,"percentile":515},"2026-01-30",{"date":519,"score":101,"percentile":515},"2026-01-31",{"date":521,"score":357,"percentile":522},"2026-02-01",0.9571,[524,532],{"source":105,"cvss_v2_0":525,"cvss_v3_0":530,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":526,"baseSeverity":9,"vectorString":527,"impactScore":528,"exploitabilityScore":529},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":103,"baseSeverity":531,"vectorString":106,"impactScore":103,"exploitabilityScore":529},"CRITICAL",{"source":119,"cvss_v2_0":9,"cvss_v3_0":533,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":103,"baseSeverity":9,"vectorString":106,"impactScore":103,"exploitabilityScore":529},[535,546,565,582,591,597],{"ecosystem":9,"name":536,"vendor":537,"product":538,"cpe_part":539,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":540},"debian linux","debian","debian_linux","o",[541,544],{"version":542,"is_range":99,"range_type":543,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0","cpe",{"version":545,"is_range":99,"range_type":543,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":547,"vendor":548,"product":547,"cpe_part":549,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":550},"jackson-databind","fasterxml","a",[551,556,561],{"version":552,"is_range":553,"range_type":543,"version_start":9,"version_start_type":9,"version_end":554,"version_end_type":555,"fixed_in":9},"lt2.7.9.3",true,"2.7.9.3","excluding",{"version":557,"is_range":553,"range_type":543,"version_start":558,"version_start_type":559,"version_end":560,"version_end_type":555,"fixed_in":9},"gte2.8.0_lt2.8.11.1","2.8.0","including","2.8.11.1",{"version":562,"is_range":553,"range_type":543,"version_start":563,"version_start_type":559,"version_end":564,"version_end_type":555,"fixed_in":9},"gte2.9.0_lt2.9.5","2.9.0","2.9.5",{"ecosystem":566,"name":567,"vendor":568,"product":547,"cpe_part":9,"purl_type":569,"purl_namespace":568,"purl_name":547,"source":9,"versions":570},"Maven","com.fasterxml.jackson.core:jackson-databind","com.fasterxml.jackson.core","maven",[571,574,576,579],{"version":572,"is_range":553,"range_type":573,"version_start":558,"version_start_type":559,"version_end":560,"version_end_type":555,"fixed_in":9},"gte2_8_0_lt2_8_11_1","ecosystem",{"version":575,"is_range":553,"range_type":573,"version_start":563,"version_start_type":559,"version_end":564,"version_end_type":555,"fixed_in":9},"gte2_9_0_lt2_9_5",{"version":577,"is_range":553,"range_type":573,"version_start":578,"version_start_type":559,"version_end":554,"version_end_type":555,"fixed_in":9},"gte2_7_0_lt2_7_9_3","2.7.0",{"version":580,"is_range":553,"range_type":573,"version_start":9,"version_start_type":9,"version_end":581,"version_end_type":555,"fixed_in":9},"lt2_6_7_5","2.6.7.5",{"ecosystem":9,"name":583,"vendor":584,"product":585,"cpe_part":549,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":586},"communications billing and revenue management","oracle","communications_billing_and_revenue_management",[587,589],{"version":588,"is_range":99,"range_type":543,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.5",{"version":590,"is_range":99,"range_type":543,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.0",{"ecosystem":9,"name":592,"vendor":584,"product":593,"cpe_part":549,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":594},"communications instant messaging server","communications_instant_messaging_server",[595],{"version":596,"is_range":99,"range_type":543,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0.1",{"ecosystem":9,"name":598,"vendor":599,"product":600,"cpe_part":549,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":601},"jboss enterprise application platform","redhat","jboss_enterprise_application_platform",[602,604],{"version":603,"is_range":99,"range_type":543,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.4.19",{"version":605,"is_range":99,"range_type":543,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.1.2"]