View all vulnerabilities

CVE-2018-14721

Server-Side Request Forgery (SSRF) in jackson-databind

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
10
Score Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Versions
com.fasterxml.jackson.core:jackson-databind >= 2.9.0 < 2.9.7; com.fasterxml.jackson.core:jackson-databind >= 2.8.0 < 2.8.11.3; com.fasterxml.jackson.core:jackson-databind >= 2.7.0 < 2.7.9.5
Severity
Ecosystem
Publish Date
January 4, 2019
Modified Date
March 14, 2024