CVE-2020-36518

FasterXML/jackson-databind
on github

Published

Severity

CVSS v3:
7.5 HIGH
CVSS v2:
5 MEDIUM

Description

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

References

Configurations

CPE23Version StartVersion EndExact Version
cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*n/a2.12.6.1*
cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*2.13.0 (including)2.13.2.1*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*n/an/a12.2.1.3.0
cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*n/an/a11.3.1
cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*n/an/a4.3.0.5.0
cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*n/an/a4.3.0.6.0
cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*n/an/a4.4.0.0.0
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*n/an/a12.2.1.4.0
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*n/an/a8.58
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*n/an/a19.12
cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*n/an/a9.0
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*n/an/a8.0.8
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.7:*:*:*:enterprise:*:*:*n/an/a8.0.7
cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*n/an/a13.9.4.2.2
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*n/an/a14.1.1.0.0
cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*n/an/a4.4.0.2.0
cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*n/an/a4.4.0.3.0
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*n/an/a8.59
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.1:*:*:*:*:*:*:*n/an/a8.0.7.1
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*n/an/a14.1.1.0.0
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1:*:*:*:*:*:*:*n/an/a8.0.8.1
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*17.12.0 (including)17.12.11 (including)*
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8:*:*:*:*:*:*:*n/an/a8.0.8
cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*n/an/a21.12
cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*n/an/a20.12
cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*n/an/a9.1
cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*n/a23.1*
cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*n/an/a11.3.0
cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*n/an/a11.3.2
cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*n/an/a1.9.0
cpe:2.3:a:oracle:utilities_framework:4.4.0.5.0:*:*:*:*:*:*:*n/an/a4.4.0.5.0
cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:*:*:*:*:*:*:*:*n/a13.9.4.2.2*
cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*n/an/a8.0.8.3.0
cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*n/an/a8.0.8.2.0
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.1:*:*:*:*:*:*:*n/an/a8.1.2.1
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*n/an/a22.1.2
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*n/an/a22.2.0
cpe:2.3:a:oracle:financial_services_enterprise_case_management:*:*:*:*:*:*:*:*8.1.1.0 (including)8.1.2.1 (including)*
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*n/an/a22.1.1
cpe:2.3:a:oracle:retail_sales_audit:15.0.3.1:*:*:*:*:*:*:*n/an/a15.0.3.1
cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.5.2:*:*:*:*:*:*:*n/an/a9.1.0.5.2
cpe:2.3:a:oracle:spatial_studio:*:*:*:*:*:*:*:*n/a20.1.0*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*20.12.0 (including)20.12.18 (including)*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*19.12.0 (including)19.12.13 (including)*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2:*:*:*:*:*:*:*n/an/a8.0.7.2
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.0:*:*:*:*:*:*:*n/an/a8.0.8.0
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*21.12.0 (including)21.12.1 (including)*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*18.8.0 (including)18.8.14 (including)*
cpe:2.3:a:oracle:primavera_unifier:18.0:*:*:*:*:*:*:*n/an/a18.0
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7.0.0:*:*:*:*:*:*:*n/an/a8.0.7.0.0
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*8.1.1.0 (including)8.1.2.1 (including)*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*18.8.0.0 (including)18.8.25.4 (including)*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*19.12.0 (including)19.12.19.0 (including)*
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*17.0 (including)17.12 (including)*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.0:*:*:*:*:*:*:*n/an/a8.1.1.0
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*n/an/a8.1.2.0
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*8.0.7 (including)8.1.0.0 (including)*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*20.12.0.0 (including)21.12.4.0 (including)*
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*17.12.0.0 (including)17.12.20.4 (including)*
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*n/an/a22.2.0
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*n/an/a22.1.0
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.0:*:*:*:*:*:*:*n/an/a22.2.0
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*n/an/a22.1.3
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.1:*:*:*:*:*:*:*n/an/a22.1.1
cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*12.0.0.4.0 (including)12.0.0.6.0 (including)*
cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*n/a12.2.0.1.30*
cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*n/a22.2.0*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*n/an/a9.0
cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*n/an/a-
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*n/an/a-
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*n/an/a-
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*n/an/a-
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*n/an/a-
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*n/an/a-
cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*n/an/a-
cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*2.13.0 (including)2.13.2.2*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*n/an/a10.0
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*n/an/a11.0

External Links