Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2018-19361

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.

CVSS v3:

  • Severity: Critical
  • Score: 9.8
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
fasterxml / jackson-databind 2.7.0 2.7.9.5
fasterxml / jackson-databind 2.8.0 2.8.11.3
fasterxml / jackson-databind 2.9.0 2.9.8
fasterxml / jackson-databind 2.6.0 2.6.7.2.x
debian / debian_linux 8.0 8.0.x
debian / debian_linux 9.0 9.0.x
oracle / primavera_unifier 16.2 16.2.x
oracle / primavera_p6_enterprise_project_portfolio_management 16.2 16.2.x
oracle / primavera_p6_enterprise_project_portfolio_management 15.1 15.1.x
oracle / primavera_unifier 16.1 16.1.x
oracle / primavera_p6_enterprise_project_portfolio_management 16.1 16.1.x
oracle / primavera_p6_enterprise_project_portfolio_management 15.2 15.2.x
oracle / webcenter_portal 12.2.1.3.0 12.2.1.3.0.x
oracle / business_process_management_suite 12.1.3.0.0 12.1.3.0.0.x
oracle / business_process_management_suite 12.2.1.3.0 12.2.1.3.0.x
oracle / primavera_p6_enterprise_project_portfolio_management 17.7 17.12.x
oracle / primavera_p6_enterprise_project_portfolio_management 18.8 18.8.x
oracle / primavera_unifier 18.8 18.8.x
oracle / retail_workforce_management_software 1.60.9.0.0 1.60.9.0.0.x
oracle / primavera_unifier 17.7 17.12.x
redhat / openshift_container_platform 3.11 3.11.x
redhat / jboss_bpm_suite 6.4.11 6.4.11.x
redhat / jboss_brms 6.4.10 6.4.10.x
redhat / automation_manager 7.3.1 7.3.1.x
redhat / decision_manager 7.3.1 7.3.1.x
com.fasterxml.jackson.core / jackson-databind 2.7.0 2.7.9.5
com.fasterxml.jackson.core / jackson-databind 2.9.0 2.9.8
com.fasterxml.jackson.core / jackson-databind 2.8.0 2.8.11.3