VDB

CVE-2018-19361

CVE-2018-19361 PUBLISHED

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.

EPSS 2.50% · 85.6th percentile

Risk Scores

EPSS Score
2.50%
85.6th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:14.04:LTSjackson-databind2.2.2-1, 2.2.2-1ubuntu0.1~esm1, 0
Ubuntu:Pro:16.04:LTSjackson-databind0, 2.4.2-3ubuntu0.1~esm1, 2.4.2-2

Timeline

  • Jan 2, 2019 CVE Published
  • Sep 17, 2019 CVE Updated
  • Apr 14, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Mar 17, 2025 EPSS Score
  • Mar 25, 2025 EPSS Score
  • Mar 29, 2025 EPSS Score
  • Mar 30, 2025 EPSS Score
  • Mar 31, 2025 EPSS Score
  • Apr 3, 2025 EPSS Score
  • Apr 7, 2025 EPSS Score
  • Apr 8, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›