CVE-2020-36518

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

Published: Mar 11, 2022
Updated: May 9, 2024
CVE: CVE-2020-36518
GHSA: GHSA-57j2-w4cx-62h2
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
fasterxml / jackson-databind	-	2.12.6.1
fasterxml / jackson-databind	2.13.0	2.13.2.1
oracle / weblogic_server	12.2.1.3.0	12.2.1.3.0.x
oracle / commerce_platform	11.3.1	11.3.1.x
oracle / utilities_framework	4.3.0.5.0	4.3.0.5.0.x
oracle / utilities_framework	4.3.0.6.0	4.3.0.6.0.x
oracle / utilities_framework	4.4.0.0.0	4.4.0.0.0.x
oracle / weblogic_server	12.2.1.4.0	12.2.1.4.0.x
oracle / peoplesoft_enterprise_peopletools	8.58	8.58.x
oracle / primavera_unifier	19.12	19.12.x
oracle / sd-wan_edge	9.0	9.0.x
oracle / weblogic_server	14.1.1.0.0	14.1.1.0.0.x
oracle / coherence	14.1.1.0.0	14.1.1.0.0.x
oracle / utilities_framework	4.4.0.2.0	4.4.0.2.0.x
oracle / global_lifecycle_management_nextgen_oui_framework	13.9.4.2.2	13.9.4.2.2.x
oracle / primavera_unifier	20.12	20.12.x
oracle / peoplesoft_enterprise_peopletools	8.59	8.59.x
oracle / primavera_gateway	17.12.0	17.12.11.x
oracle / utilities_framework	4.4.0.3.0	4.4.0.3.0.x
oracle / sd-wan_edge	9.1	9.1.x
oracle / commerce_platform	11.3.0	11.3.0.x
oracle / commerce_platform	11.3.2	11.3.2.x
oracle / primavera_unifier	21.12	21.12.x
oracle / financial_services_trade-based_anti_money_laundering	8.0.7	8.0.7.x
oracle / financial_services_trade-based_anti_money_laundering	8.0.8	8.0.8.x
oracle / financial_services_behavior_detection_platform	8.0.8	8.0.8.x
oracle / big_data_spatial_and_graph	-	23.1
oracle / financial_services_enterprise_case_management	8.0.8.1	8.0.8.1.x
oracle / financial_services_enterprise_case_management	8.0.7.1	8.0.7.1.x
oracle / financial_services_enterprise_case_management	8.0.8.0	8.0.8.0.x
oracle / communications_cloud_native_core_console	1.9.0	1.9.0.x
oracle / communications_cloud_native_core_network_slice_selection_function	22.1.0	22.1.0.x
oracle / financial_services_analytical_applications_infrastructure	8.1.2.0	8.1.2.0.x
oracle / financial_services_analytical_applications_infrastructure	8.1.1.0	8.1.1.0.x
oracle / financial_services_enterprise_case_management	8.0.7.2	8.0.7.2.x
oracle / communications_billing_and_revenue_management	12.0.0.4.0	12.0.0.6.0.x
oracle / communications_cloud_native_core_binding_support_function	22.1.3	22.1.3.x
oracle / financial_services_crime_and_compliance_management_studio	8.0.8.2.0	8.0.8.2.0.x
oracle / financial_services_crime_and_compliance_management_studio	8.0.8.3.0	8.0.8.3.0.x
oracle / communications_cloud_native_core_network_repository_function	22.2.0	22.2.0.x
oracle / communications_cloud_native_core_security_edge_protection_proxy	22.1.1	22.1.1.x
oracle / communications_cloud_native_core_network_repository_function	22.1.2	22.1.2.x
oracle / communications_cloud_native_core_unified_data_repository	22.2.0	22.2.0.x
oracle / utilities_framework	4.4.0.5.0	4.4.0.5.0.x
oracle / global_lifecycle_management_nextgen_oui_framework	-	13.9.4.2.2
oracle / financial_services_analytical_applications_infrastructure	8.1.2.1	8.1.2.1.x
oracle / financial_services_enterprise_case_management	8.1.1.0	8.1.2.1.x
oracle / retail_sales_audit	15.0.3.1	15.0.3.1.x
oracle / health_sciences_empirica_signal	9.1.0.5.2	9.1.0.5.2.x
oracle / spatial_studio	-	20.1.0
oracle / primavera_gateway	20.12.0	20.12.18.x
oracle / primavera_gateway	19.12.0	19.12.13.x
oracle / primavera_gateway	21.12.0	21.12.1.x
oracle / primavera_gateway	18.8.0	18.8.14.x
oracle / primavera_unifier	18.0	18.0.x
oracle / financial_services_behavior_detection_platform	8.0.7.0.0	8.0.7.0.0.x
oracle / financial_services_behavior_detection_platform	8.1.1.0	8.1.2.1.x
oracle / primavera_p6_enterprise_project_portfolio_management	18.8.0.0	18.8.25.4.x
oracle / primavera_p6_enterprise_project_portfolio_management	19.12.0	19.12.19.0.x
oracle / primavera_unifier	17.0	17.12.x
oracle / financial_services_analytical_applications_infrastructure	8.0.7	8.1.0.0.x
oracle / primavera_p6_enterprise_project_portfolio_management	20.12.0.0	21.12.4.0.x
oracle / primavera_p6_enterprise_project_portfolio_management	17.12.0.0	17.12.20.4.x
oracle / communications_cloud_native_core_service_communication_proxy	22.2.0	22.2.0.x
oracle / communications_cloud_native_core_network_slice_selection_function	22.1.1	22.1.1.x
oracle / global_lifecycle_management_opatch	-	12.2.0.1.30
oracle / graph_server_and_client	-	22.2.0
debian / debian_linux	9.0	9.0.x
debian / debian_linux	10.0	10.0.x
debian / debian_linux	11.0	11.0.x
com.fasterxml.jackson.core / jackson-databind	2.13.0	2.13.2.1
com.fasterxml.jackson.core / jackson-databind	-	2.12.6.1

Vulnerability Database

CVE-2020-36518

Deep Security Visibility Without the Complexity