GCVE - cpe:2.3:a:fasterxml:jackson-databind:2.10.0:prerelease3:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:fasterxml:jackson-databind:2.10.0:prerelease3:*:*:*:*:*:*

part: a version: 2.10.0 update: prerelease3

Vendor	Fasterxml (`ad2f994e-5748-54a8-a922-c0875b2b0045`)
Product	Jackson Databind (`41cba8d8-a87d-5900-8550-ce40bafcfc23`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/fasterxml/jackson-databind`	purl2cpe	2026-06-01 10:13:08.846037
`pkg:maven/com.fasterxml.jackson.core/jackson-databind`	purl2cpe	2026-06-01 10:13:08.846038
`pkg:maven/org.apache.fasterxml.jackson.core/jackson-databind`	purl2cpe	2026-06-01 10:13:08.846040
`pkg:rpm/fedora/jackson-databind`	purl2cpe	2026-06-01 10:13:08.846041
`pkg:rpm/opensuse/jackson-databind`	purl2cpe	2026-06-01 10:13:08.846043

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-10650`	vulnerable	2026-06-08 05:16:35.461907	Details available A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider. Published: 2022-12-26T00:00:00.000Z Updated: 2025-04-14T16:22:00.404Z Open on db.gcve.eu Reference links https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 https://www.oracle.com/security-alerts/cpujan2021.html https://github.com/advisories/GHSA-rpr3-cw39-3pxh https://www.oracle.com/security-alerts/cpuoct2022.html https://github.com/FasterXML/jackson-databind/issues/2658	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.