[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-42003":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":24,"aliases":42,"duplicate_of":9,"upstream":44,"downstream":45,"duplicates":86,"related":87,"reserved_at":9,"published_at":101,"modified_at":102,"state":103,"summary":104,"references_raw":112,"kevs":199,"epss":200,"epss_history":203,"metrics":471,"affected":479},"CVE-2022-42003","In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-502","Deserialization of Untrusted Data","The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.","weakness","Draft","Base","Medium",[20],{"id":21,"name":22,"techniques":23},"CAPEC-586","Object Injection",[],[25,34],{"_key":26,"name":27,"source":28,"url":29,"maturity":30,"reliability_score":31,"verified":32,"type":9,"platforms":33,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_FASTERXML_JACKSON-DATABIND","Jackson Databind","github","https://github.com/FasterXML/jackson-databind/issues/3328","poc",0.3,false,[],{"_key":35,"name":36,"source":37,"url":38,"maturity":39,"reliability_score":40,"verified":32,"type":9,"platforms":41,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_28E22AA2F8CC3BD7","Exploit Reference (bugs.chromium.org)","reference","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020","unknown",0.2,[],[43],"GHSA-jjjh-jjxp-wpff",[],[46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84],{"_key":47},"SUSE-SU-2022:3995-1",{"_key":49},"OPENSUSE-SU-2024:14395-1",{"_key":51},"DLA-3207-1",{"_key":53},"DSA-5283-1",{"_key":55},"RHSA-2023:1151",{"_key":57},"MGASA-2024-0069",{"_key":59},"DEBIAN-CVE-2022-42003",{"_key":61},"RHSA-2023:1064",{"_key":63},"RHSA-2023:0261",{"_key":65},"RHSA-2023:2097",{"_key":67},"RHSA-2023:3663",{"_key":69},"UBUNTU-CVE-2022-42003",{"_key":71},"RHSA-2025:1746",{"_key":73},"RHSA-2023:0552",{"_key":75},"RHSA-2023:0553",{"_key":77},"RHSA-2023:0554",{"_key":79},"RHSA-2023:1043",{"_key":81},"RHSA-2023:1044",{"_key":83},"RHSA-2023:1045",{"_key":85},"RHSA-2025:1747",[],[88,89,90,91,93,95,97,99],{"_key":47},{"_key":49},{"_key":57},{"_key":92},"CGA-9GMQ-C996-778J",{"_key":94},"CGA-FQMV-H753-PWR7",{"_key":96},"CGA-JV4G-M8PH-WXX4",{"_key":98},"CGA-QH53-92M3-QXQ2",{"_key":100},"CGA-233H-QQVF-W294","2022-10-02T00:00:00.000Z","2024-08-03T12:56:39.107Z","Modified",{"cisa_kev":32,"cisa_ransomware":32,"cisa_vendor":9,"epss_severity":105,"epss_score":106,"severity":107,"severity_score":108,"severity_version":109,"severity_source":110,"severity_vector":111,"severity_status":103},"low",0.00317,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[113,123,128,132,137,141,145,149,154,158,162,166,170,174,178,182,186,190,194],{"url":114,"sources":115,"tags":118},"https://github.com/FasterXML/jackson-databind/issues/3590",[116,110,117],"cve.org","osv_maven",[119,120,121,122],"Exploit","Issue Tracking","Third Party Advisory","WEB",{"url":124,"sources":125,"tags":126},"https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33",[116,110,117],[127,121,122],"Patch",{"url":38,"sources":129,"tags":130},[116,110,117],[119,120,131,127,121,122],"Mailing List",{"url":133,"sources":134,"tags":135},"https://security.gentoo.org/glsa/202210-21",[116,110,117],[136,121,122],"Vendor Advisory",{"url":138,"sources":139,"tags":140},"https://www.debian.org/security/2022/dsa-5283",[116,110,117],[136,121,122],{"url":142,"sources":143,"tags":144},"https://security.netapp.com/advisory/ntap-20221124-0004/",[116,110],[121],{"url":146,"sources":147,"tags":148},"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html",[116,110,117],[131,121,122],{"url":150,"sources":151,"tags":152},"https://nvd.nist.gov/vuln/detail/CVE-2022-42003",[117],[153],"Advisory",{"url":155,"sources":156,"tags":157},"https://github.com/FasterXML/jackson-databind/issues/3627",[117],[122],{"url":159,"sources":160,"tags":161},"https://github.com/FasterXML/jackson-databind/commit/0e37a39502439ecbaa1a5b5188387c01bf7f7fa1",[117],[122],{"url":163,"sources":164,"tags":165},"https://github.com/FasterXML/jackson-databind/commit/2c4a601c626f7790cad9d3c322d244e182838288",[117],[122],{"url":167,"sources":168,"tags":169},"https://github.com/FasterXML/jackson-databind/commit/7ba9ac5b87a9d6ac0d2815158ecbeb315ad4dcdc",[117],[122],{"url":171,"sources":172,"tags":173},"https://github.com/FasterXML/jackson-databind/commit/cd090979b7ea78c75e4de8a4aed04f7e9fa8deea",[117],[122],{"url":175,"sources":176,"tags":177},"https://github.com/FasterXML/jackson-databind/commit/d499f2e7bbc5ebd63af11e1f5cf1989fa323aa45",[117],[122],{"url":179,"sources":180,"tags":181},"https://security.netapp.com/advisory/ntap-20221124-0004",[117],[122],{"url":183,"sources":184,"tags":185},"https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.13.4.1...jackson-databind-2.13.4.2",[117],[122],{"url":187,"sources":188,"tags":189},"https://github.com/FasterXML/jackson-databind/commits/jackson-databind-2.4.0-rc1?after=75b97b8519f0d50c62523ad85170d80a197a2c86+174&branch=jackson-databind-2.4.0-rc1&qualified_name=refs%2Ftags%2Fjackson-databind-2.4.0-rc1",[117],[122],{"url":191,"sources":192,"tags":193},"https://github.com/FasterXML/jackson-databind/blob/2.13/release-notes/VERSION-2.x",[117],[122],{"url":195,"sources":196,"tags":197},"https://github.com/FasterXML/jackson-databind",[117],[198],"PACKAGE",[],{"date":201,"score":106,"percentile":202},"2026-06-04",0.55082,[204,208,211,215,218,221,224,227,230,233,236,239,241,244,246,250,253,256,259,262,265,268,271,274,276,279,282,285,289,292,295,298,301,304,307,310,313,316,319,323,326,329,332,335,338,341,344,347,350,353,356,359,362,365,369,372,375,378,381,385,388,391,394,397,400,403,406,409,412,415,418,421,423,426,428,431,434,437,439,442,445,448,451,453,456,458,460,463,465,468],{"date":205,"score":206,"percentile":207},"2025-11-04",0.00384,0.58997,{"date":209,"score":206,"percentile":210},"2025-11-05",0.5898,{"date":212,"score":213,"percentile":214},"2025-11-06",0.00354,0.57053,{"date":216,"score":213,"percentile":217},"2025-11-07",0.57066,{"date":219,"score":213,"percentile":220},"2025-11-08",0.5707,{"date":222,"score":213,"percentile":223},"2025-11-09",0.57057,{"date":225,"score":213,"percentile":226},"2025-11-10",0.57033,{"date":228,"score":213,"percentile":229},"2025-11-11",0.57044,{"date":231,"score":213,"percentile":232},"2025-11-12",0.57069,{"date":234,"score":213,"percentile":235},"2025-11-13",0.57074,{"date":237,"score":213,"percentile":238},"2025-11-14",0.57077,{"date":240,"score":213,"percentile":217},"2025-11-15",{"date":242,"score":213,"percentile":243},"2025-11-16",0.5705,{"date":245,"score":213,"percentile":229},"2025-11-17",{"date":247,"score":248,"percentile":249},"2025-11-18",0.03103,0.85574,{"date":251,"score":248,"percentile":252},"2025-11-19",0.85576,{"date":254,"score":248,"percentile":255},"2025-11-20",0.85577,{"date":257,"score":213,"percentile":258},"2025-11-21",0.57062,{"date":260,"score":213,"percentile":261},"2025-11-22",0.57058,{"date":263,"score":213,"percentile":264},"2025-11-23",0.57032,{"date":266,"score":213,"percentile":267},"2025-11-24",0.57025,{"date":269,"score":213,"percentile":270},"2025-11-25",0.57028,{"date":272,"score":213,"percentile":273},"2025-11-26",0.57031,{"date":275,"score":213,"percentile":264},"2025-11-27",{"date":277,"score":213,"percentile":278},"2025-11-28",0.57007,{"date":280,"score":213,"percentile":281},"2025-11-29",0.56996,{"date":283,"score":213,"percentile":284},"2025-11-30",0.56989,{"date":286,"score":287,"percentile":288},"2025-12-01",0.00215,0.44136,{"date":290,"score":287,"percentile":291},"2025-12-02",0.44151,{"date":293,"score":287,"percentile":294},"2025-12-03",0.44147,{"date":296,"score":213,"percentile":297},"2025-12-04",0.5699,{"date":299,"score":213,"percentile":300},"2025-12-05",0.57005,{"date":302,"score":213,"percentile":303},"2025-12-06",0.57004,{"date":305,"score":206,"percentile":306},"2025-12-07",0.58922,{"date":308,"score":206,"percentile":309},"2025-12-08",0.58924,{"date":311,"score":206,"percentile":312},"2025-12-09",0.58954,{"date":314,"score":206,"percentile":315},"2025-12-10",0.59007,{"date":317,"score":206,"percentile":318},"2025-12-11",0.59028,{"date":320,"score":321,"percentile":322},"2025-12-12",0.00328,0.55254,{"date":324,"score":321,"percentile":325},"2025-12-13",0.55247,{"date":327,"score":321,"percentile":328},"2025-12-14",0.55243,{"date":330,"score":321,"percentile":331},"2025-12-15",0.5523,{"date":333,"score":321,"percentile":334},"2025-12-16",0.55242,{"date":336,"score":321,"percentile":337},"2025-12-17",0.55265,{"date":339,"score":321,"percentile":340},"2025-12-18",0.55302,{"date":342,"score":321,"percentile":343},"2025-12-19",0.55306,{"date":345,"score":321,"percentile":346},"2025-12-20",0.55297,{"date":348,"score":321,"percentile":349},"2025-12-21",0.55275,{"date":351,"score":321,"percentile":352},"2025-12-22",0.55255,{"date":354,"score":321,"percentile":355},"2025-12-23",0.55259,{"date":357,"score":321,"percentile":358},"2025-12-24",0.55267,{"date":360,"score":321,"percentile":361},"2025-12-25",0.55313,{"date":363,"score":321,"percentile":364},"2025-12-26",0.55307,{"date":366,"score":367,"percentile":368},"2025-12-27",0.00276,0.50794,{"date":370,"score":321,"percentile":371},"2025-12-28",0.55272,{"date":373,"score":321,"percentile":374},"2025-12-29",0.55258,{"date":376,"score":321,"percentile":377},"2025-12-30",0.55251,{"date":379,"score":321,"percentile":380},"2025-12-31",0.55264,{"date":382,"score":383,"percentile":384},"2026-01-01",0.00234,0.46304,{"date":386,"score":383,"percentile":387},"2026-01-02",0.4628,{"date":389,"score":383,"percentile":390},"2026-01-03",0.46265,{"date":392,"score":321,"percentile":393},"2026-01-04",0.55234,{"date":395,"score":321,"percentile":396},"2026-01-05",0.55224,{"date":398,"score":321,"percentile":399},"2026-01-06",0.55231,{"date":401,"score":321,"percentile":402},"2026-01-07",0.55256,{"date":404,"score":321,"percentile":405},"2026-01-08",0.55278,{"date":407,"score":321,"percentile":408},"2026-01-09",0.55274,{"date":410,"score":321,"percentile":411},"2026-01-10",0.55273,{"date":413,"score":321,"percentile":414},"2026-01-11",0.5525,{"date":416,"score":321,"percentile":417},"2026-01-12",0.55205,{"date":419,"score":321,"percentile":420},"2026-01-13",0.55184,{"date":422,"score":321,"percentile":331},"2026-01-14",{"date":424,"score":321,"percentile":425},"2026-01-15",0.55233,{"date":427,"score":321,"percentile":322},"2026-01-16",{"date":429,"score":321,"percentile":430},"2026-01-17",0.55249,{"date":432,"score":321,"percentile":433},"2026-01-18",0.55241,{"date":435,"score":321,"percentile":436},"2026-01-19",0.55232,{"date":438,"score":321,"percentile":393},"2026-01-20",{"date":440,"score":321,"percentile":441},"2026-01-21",0.55236,{"date":443,"score":321,"percentile":444},"2026-01-22",0.5524,{"date":446,"score":321,"percentile":447},"2026-01-23",0.55285,{"date":449,"score":321,"percentile":450},"2026-01-24",0.55289,{"date":452,"score":321,"percentile":377},"2026-01-25",{"date":454,"score":321,"percentile":455},"2026-01-26",0.55238,{"date":457,"score":321,"percentile":414},"2026-01-27",{"date":459,"score":321,"percentile":337},"2026-01-28",{"date":461,"score":321,"percentile":462},"2026-01-29",0.55266,{"date":464,"score":321,"percentile":371},"2026-01-30",{"date":466,"score":321,"percentile":467},"2026-01-31",0.55277,{"date":469,"score":383,"percentile":470},"2026-02-01",0.46101,[472,477],{"source":110,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":473,"cvss_v4_0":9},{"baseScore":108,"baseSeverity":474,"vectorString":111,"impactScore":475,"exploitabilityScore":476},"HIGH",6,10,{"source":117,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":478,"cvss_v4_0":9},{"baseScore":108,"baseSeverity":9,"vectorString":111,"impactScore":475,"exploitabilityScore":476},[480,491,506,519,526],{"ecosystem":9,"name":481,"vendor":482,"product":483,"cpe_part":484,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":485},"debian linux","debian","debian_linux","o",[486,489],{"version":487,"is_range":32,"range_type":488,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0","cpe",{"version":490,"is_range":32,"range_type":488,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0",{"ecosystem":9,"name":492,"vendor":493,"product":492,"cpe_part":494,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":495},"jackson-databind","fasterxml","a",[496,501],{"version":497,"is_range":498,"range_type":488,"version_start":9,"version_start_type":9,"version_end":499,"version_end_type":500,"fixed_in":9},"lt2.12.7.1",true,"2.12.7.1","excluding",{"version":502,"is_range":498,"range_type":488,"version_start":503,"version_start_type":504,"version_end":505,"version_end_type":500,"fixed_in":9},"gte2.13.0_lt2.13.4.1","2.13.0","including","2.13.4.1",{"ecosystem":507,"name":508,"vendor":509,"product":492,"cpe_part":9,"purl_type":510,"purl_namespace":509,"purl_name":492,"source":9,"versions":511},"Maven","com.fasterxml.jackson.core:jackson-databind","com.fasterxml.jackson.core","maven",[512,516],{"version":513,"is_range":498,"range_type":514,"version_start":515,"version_start_type":504,"version_end":499,"version_end_type":500,"fixed_in":9},"gte2_4_0_rc1_lt2_12_7_1","ecosystem","2.4.0-rc1",{"version":517,"is_range":498,"range_type":514,"version_start":503,"version_start_type":504,"version_end":518,"version_end_type":500,"fixed_in":9},"gte2_13_0_lt2_13_4_2","2.13.4.2",{"ecosystem":9,"name":520,"vendor":521,"product":522,"cpe_part":494,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":523},"oncommand workflow automation","netapp","oncommand_workflow_automation",[524],{"version":525,"is_range":32,"range_type":488,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"na",{"ecosystem":9,"name":527,"vendor":527,"product":527,"cpe_part":494,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":528},"quarkus",[529],{"version":530,"is_range":498,"range_type":488,"version_start":9,"version_start_type":9,"version_end":531,"version_end_type":500,"fixed_in":9},"lt2.13.3","2.13.3"]