fasterxml

Top products

The 15 most recently published vulnerabilities affecting fasterxml.

• CVE-2025-52999jackson-core Has Potential for StackoverflowError if user parses an input file that contains very deeply nested data5.3Jun 25, 2025
• CVE-2025-49128Jackson-core Vulnerable to Memory Disclosure via Source Snippet in JsonLocation4.0Jun 6, 2025
• CVE-2023-3894DOS in jackson-dataformats-text5.8Aug 8, 2023
• CVE-2023-35116jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that ...4.7Jun 14, 2023
• CVE-2021-46877jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving Jso...7.5Mar 18, 2023
• CVE-2020-10650A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.j...8.1Dec 26, 2022
• CVE-2022-42004In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An applicat...7.5Oct 2, 2022
• CVE-2022-42003In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting...7.5Oct 2, 2022
• CVE-2022-40152Stack Buffer Overflow in Woodstox6.5Sep 16, 2022
• CVE-2020-36518jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.7.5Mar 11, 2022
• CVE-2020-28491Denial of Service (DoS)7.5Feb 18, 2021
• CVE-2021-20190A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidenti...8.1Jan 19, 2021
• CVE-2020-36179FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.8.1Jan 6, 2021
• CVE-2020-36180FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.8.1Jan 6, 2021
• CVE-2020-36182FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.8.1Jan 6, 2021