All vulnerabilities

CVE-2018-14721

Server-Side Request Forgery (SSRF) in jackson-databind

Description

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Score
10
Severity
Critical
Ecosystem
Java
Publish Date
January 4, 2019
Modified Date
February 3, 2026
Score Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Versions