[DepShield] (CVSS 9.8) Vulnerability due to usage of com.fasterxml.jackson.core:jackson-databind:2.9.9

**Vulnerabilities**

DepShield reports that this application's usage of [com.fasterxml.jackson.core:jackson-databind:2.9.9](https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.9) results in the following vulnerability(s):

- (CVSS **9.8**) [[CVE-2019-16335] A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2...](https://ossindex.sonatype.org/vuln/3242fdc1-bfe9-46a6-af0c-0b8f57f56eb7)
- (CVSS **9.8**) [[CVE-2020-9547] FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/9da160f2-eb42-4ae6-af89-509b72c038cc)
- (CVSS **9.8**) [[CVE-2019-17531] A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 th...](https://ossindex.sonatype.org/vuln/ea932c13-011a-4c74-a092-48cd1c49adb4)
- (CVSS **9.8**) [[CVE-2020-11620] FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/323c6a23-f1e2-416d-bbcf-77b58cf7d4c4)
- (CVSS **9.8**) [[CVE-2019-20330] FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache bloc...](https://ossindex.sonatype.org/vuln/40d250b4-680a-4cf2-a677-40b8cdda0ce2)
- (CVSS **9.8**) [[CVE-2020-9548] FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/f479df7f-a147-4b9a-809d-828667c3d08e)
- (CVSS **9.8**) [[CVE-2019-14892] A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 an...](https://ossindex.sonatype.org/vuln/67a15c66-4684-48a7-adb1-96845987cb0c)
- (CVSS **9.8**) [[CVE-2020-11619] FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/5573b207-1a49-45a3-8dbc-71685b0f1012)
- (CVSS **9.8**) [[CVE-2019-16943] A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 th...](https://ossindex.sonatype.org/vuln/f4f0c103-c9d9-4308-bd8f-489f2a632680)
- (CVSS **9.8**) [[CVE-2019-16942] A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 th...](https://ossindex.sonatype.org/vuln/07632245-fcef-4eb3-82b6-aadbbfd2b33e)
- (CVSS **9.8**) [[CVE-2020-8840] FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JN...](https://ossindex.sonatype.org/vuln/2fada372-53aa-4b38-907c-7d3faba7bcb8)
- (CVSS **9.8**) [[CVE-2020-9546] FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/a2779722-6c77-4e1b-8ff0-71df027e1f03)
- (CVSS **9.8**) [[CVE-2019-14540] A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2...](https://ossindex.sonatype.org/vuln/fc1e8802-77e5-458f-b987-eb778c6ac2fc)
- (CVSS **9.8**) [[CVE-2019-17267] A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2...](https://ossindex.sonatype.org/vuln/6ce886d0-2dfd-4cef-b9a4-2fb400baf5ef)
- (CVSS **9.8**) [[CVE-2019-14893] A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.1...](https://ossindex.sonatype.org/vuln/5113110f-3321-491d-9506-447a3361f9cd)
- (CVSS **9.8**) [[CVE-2019-14379] SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles de...](https://ossindex.sonatype.org/vuln/e5794172-1257-4372-9baf-7b87307a3cc9)
- (CVSS **8.8**) [[CVE-2020-10969] FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/2fce6452-0901-4591-84ce-be0b9e4e82e9)
- (CVSS **8.8**) [[CVE-2020-10968] FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/b9dd031f-8287-454b-841f-635120eb35c2)
- (CVSS **8.8**) [[CVE-2020-10672] FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/008dd13c-dede-46f4-b103-f72bdbae725e)
- (CVSS **8.8**) [[CVE-2020-10673] FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/ed6fd4f6-b25f-494e-b4e3-ef10deff7d39)
- (CVSS **8.8**) [[CVE-2020-11113] FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/69934c79-655c-4b0a-971b-ce869a375183)
- (CVSS **8.8**) [[CVE-2020-11112] FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/b217e47a-bd88-4936-b953-8560d22683dd)
- (CVSS **8.8**) [[CVE-2020-11111] FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/38254502-b22d-424d-a101-6da4433580ee)
- (CVSS **8.1**) [[CVE-2020-35728] FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/3dc110af-5bce-4750-9eba-f1b05d4f7b37)
- (CVSS **8.1**) [[CVE-2020-36180] FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/95c48df9-0a14-49fa-90ee-0be064d40cd0)
- (CVSS **8.1**) [[CVE-2020-36184] FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/154d2af1-83c4-420a-98e4-8121be29fde3)
- (CVSS **8.1**) [[CVE-2020-36182] FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/71e6a6bc-0599-4f02-974d-9bcd7dc2f945)
- (CVSS **8.1**) [[CVE-2020-36179] FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/13e0d723-8734-43b2-9303-bbe6b34073bd)
- (CVSS **8.1**) [[CVE-2020-36189] FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/8e1e5c80-a79e-431d-baaf-19384a2f108a)
- (CVSS **8.1**) [[CVE-2020-35491] FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/3d628ad1-1b5a-4b06-aa06-6af9c81524af)
- (CVSS **8.1**) [[CVE-2021-20190] A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the i...](https://ossindex.sonatype.org/vuln/406617d4-0d1c-4672-98c6-16c3abacb7aa)
- (CVSS **8.1**) [[CVE-2020-14062] FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/ec7df330-c447-40b7-8e5b-e8cf9ccaf554)
- (CVSS **8.1**) [[CVE-2020-36183] FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/4bab2c36-6ba1-41b3-970d-281ed6087d06)
- (CVSS **8.1**) [[CVE-2020-36185] FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/7a536eb6-9e19-4d39-9d33-cf8e8e785899)
- (CVSS **8.1**) [[CVE-2020-14061] FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/1d118717-b49c-40ba-acd1-4f76dbbb6388)
- (CVSS **8.1**) [[CVE-2020-35490] FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/dfe89d20-b434-4f07-afec-31ae42df769f)
- (CVSS **8.1**) [[CVE-2020-36188] FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/39c02e99-5f0b-407a-a3da-4f2307a7be31)
- (CVSS **8.1**) [[CVE-2020-24750] FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/ab4b2280-a9e0-469e-b3f3-69c2e45c6f41)
- (CVSS **8.1**) [[CVE-2020-24616] FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/f208f4c7-7c5f-49e1-b937-61e5d5097e14)
- (CVSS **8.1**) [[CVE-2020-36187] FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/02dd8b4b-2fc2-4fca-8d07-8f7b30cab99f)
- (CVSS **8.1**) [[CVE-2020-36181] FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/5c10478f-8926-428f-9d4d-f76209614971)
- (CVSS **8.1**) [[CVE-2020-14060] FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/8eb39fa0-6815-4460-9fad-5f3595149d8a)
- (CVSS **8.1**) [[CVE-2020-36186] FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/88f789db-7913-42a3-aaac-9f6e64824bb2)
- (CVSS **8.1**) [[CVE-2020-14195] FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/8a0d6ade-00da-494d-b675-d15fa32b71a6)
- (CVSS **7.5**) [[CVE-2020-25649] A flaw was found in FasterXML Jackson Databind, where it did not have entity exp...](https://ossindex.sonatype.org/vuln/f582b4ea-ef28-4d6e-93ad-15034025df21)
- (CVSS **7.5**) [[CVE-2019-14439] A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x befo...](https://ossindex.sonatype.org/vuln/ac9dce23-7b35-4691-b05e-a68f58d48b8c)
- (CVSS **5.9**) [[CVE-2019-12814]  Information Exposure](https://ossindex.sonatype.org/vuln/3e008100-e0d4-45bf-afd2-9d5e9b13efa7)
- (CVSS **5.9**) [[CVE-2019-12384]  Deserialization of Untrusted Data](https://ossindex.sonatype.org/vuln/33d59f1d-83ff-4527-9707-c3f1507b6125)

<hr />

**Occurrences**

com.fasterxml.jackson.core:jackson-databind:2.9.9 is a transitive dependency introduced by the following direct dependency(s):

• **[com.amazonaws:aws-java-sdk-dynamodb:1.11.899](https://ossindex.sonatype.org/component/pkg:maven/com.amazonaws/aws-java-sdk-dynamodb@1.11.899)**
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;└─ [com.amazonaws:aws-java-sdk-core:1.11.899](https://ossindex.sonatype.org/component/pkg:maven/com.amazonaws/aws-java-sdk-core@1.11.899)
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;└─ [com.fasterxml.jackson.core:jackson-databind:2.9.9](https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.9)

<sub>This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for [personal](https://help.github.com/articles/managing-your-personal-account-s-apps/) and [organization](https://help.github.com/articles/managing-your-organization-s-apps/) accounts. Please submit questions or feedback about DepShield to the [Sonatype DepShield Community](https://community.sonatype.com/c/depshield).</sub>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[DepShield] (CVSS 9.8) Vulnerability due to usage of com.fasterxml.jackson.core:jackson-databind:2.9.9 #10

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[DepShield] (CVSS 9.8) Vulnerability due to usage of com.fasterxml.jackson.core:jackson-databind:2.9.9 #10

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions