GCVE - cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*

part: a version: 2.0.0 update: *

Vendor	Fasterxml (`ad2f994e-5748-54a8-a922-c0875b2b0045`)
Product	Jackson Databind (`41cba8d8-a87d-5900-8550-ce40bafcfc23`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/fasterxml/jackson-databind`	purl2cpe	2026-06-01 10:13:08.845933
`pkg:maven/com.fasterxml.jackson.core/jackson-databind`	purl2cpe	2026-06-01 10:13:08.845934
`pkg:maven/org.apache.fasterxml.jackson.core/jackson-databind`	purl2cpe	2026-06-01 10:13:08.845936
`pkg:rpm/fedora/jackson-databind`	purl2cpe	2026-06-01 10:13:08.845937
`pkg:rpm/opensuse/jackson-databind`	purl2cpe	2026-06-01 10:13:08.845938

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-36181`	vulnerable	2026-06-08 05:25:02.595080	Details available FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS. Published: 2021-01-06T22:29:19.000Z Updated: 2024-08-04T17:23:09.306Z Open on db.gcve.eu Reference links https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 https://github.com/FasterXML/jackson-databind/issues/3004 https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html https://www.oracle.com/security-alerts/cpuApr2021.html https://security.netapp.com/advisory/ntap-20210205-0005/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-10969`	vulnerable	2026-06-08 05:16:36.119092	Details available FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. Published: 2020-03-26T12:43:34.000Z Updated: 2024-08-04T11:21:13.816Z Open on db.gcve.eu Reference links https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 https://www.oracle.com/security-alerts/cpujul2020.html https://security.netapp.com/advisory/ntap-20200403-0002/ https://github.com/FasterXML/jackson-databind/issues/2642	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-10968`	vulnerable	2026-06-08 05:16:36.116575	Details available FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). Published: 2020-03-26T12:43:45.000Z Updated: 2024-08-04T11:21:14.276Z Open on db.gcve.eu Reference links https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 https://www.oracle.com/security-alerts/cpujul2020.html https://security.netapp.com/advisory/ntap-20200403-0002/ https://github.com/FasterXML/jackson-databind/issues/2662	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-10673`	vulnerable	2026-06-08 05:16:35.541982	Details available FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). Published: 2020-03-18T21:17:26.000Z Updated: 2025-08-27T20:32:51.171Z Open on db.gcve.eu Reference links https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 https://www.oracle.com/security-alerts/cpujul2020.html https://security.netapp.com/advisory/ntap-20200403-0002/ https://github.com/FasterXML/jackson-databind/issues/2660	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-10672`	vulnerable	2026-06-08 05:16:35.515480	Details available FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). Published: 2020-03-18T21:17:43.000Z Updated: 2024-08-04T11:06:11.143Z Open on db.gcve.eu Reference links https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 https://www.oracle.com/security-alerts/cpujul2020.html https://github.com/FasterXML/jackson-databind/issues/2659 https://security.netapp.com/advisory/ntap-20200403-0002/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.