Search CVE reports
1 – 3 of 3 results
CVE-2019-10172
Medium prioritySome fixes available 2 of 5
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.
1 affected packages
libjackson-json-java
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libjackson-json-java | Not affected | Not affected | Needs evaluation | Needs evaluation | Fixed |
CVE-2017-7525
Medium prioritySome fixes available 6 of 10
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the...
2 affected packages
jackson-databind, libjackson-json-java
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
jackson-databind | Not affected | Not affected | Not affected | Not affected | Fixed |
libjackson-json-java | Not affected | Not affected | Needs evaluation | Needs evaluation | Fixed |
CVE-2017-15095
Medium prioritySome fixes available 6 of 9
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue...
2 affected packages
jackson-databind, libjackson-json-java
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
jackson-databind | Not affected | Not affected | Not affected | Not affected | Fixed |
libjackson-json-java | Not affected | Not affected | Needs evaluation | Needs evaluation | Fixed |