All vulnerabilities
CVE-2018-14721
Server-Side Request Forgery (SSRF) in jackson-databind
Description
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
Patch Available
Fix available through Seal Security. No upgrade required, protect your application instantly.
Fix without upgrading
Score
10
Severity
Critical
Ecosystem
Java
Publish Date
January 4, 2019
Modified Date
February 3, 2026
Score Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Versions

