USN-4813-1

Advisory lineage Upstream: 78 Downstream: 0
Published: 15 Mar 2021, 21:47
Last modified:20 May 2026, 16:03

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

15 Mar 2021, 21:47
Published
Vulnerability first disclosed
20 May 2026, 16:03
Last Modified
Vulnerability information updated

Description

jackson-databind vulnerabilities It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to obtain sensitive information. (CVE-2018-11307, CVE-2019-12086, CVE-2019-12814) It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. (CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362, CVE-2019-12384, CVE-2019-14379, CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, CVE-2019-17531, CVE-2019-20330, CVE-2020-10672, CVE-2020-10673, CVE-2020-10968, CVE-2020-10969, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619, CVE-2020-11620, CVE-2020-14060, CVE-2020-14061, CVE-2020-14062, CVE-2020-14195, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548) It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute XML entity (XXE) attacks. (CVE-2018-14720) It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute server-side request forgery (SSRF). (CVE-2018-14721)

Affected Systems

  • ubuntujackson-databind

    < 2.4.2-3ubuntu0.1~esm2

References (40)