CVE-2018-14721 @ Maven-com.fasterxml.jackson.core:jackson-databind-2.8.9

**Checkmarx \(SCA\):** Vulnerable Package
**Vulnerability:** [Read More ](https://devhub.checkmarx.com/cve-details/CVE-2018-14721) about CVE-2018-14721
**Checkmarx Project:** [margaritalm/BookStore\_Small\_CLI\_small](https://eu.ast.checkmarx.net/projects/10208537-12a5-4bf8-824a-81a62121b508/overview?branch=master)
**Repository URL:** [https://github.com/margaritalm/BookStore\_Small\_CLI\_small](https://github.com/margaritalm/BookStore_Small_CLI_small)
**Branch:** master
**Scan ID:** [79dde67e\-447e\-480d\-9f9e\-f0bfb2e3e6f8](https://eu.ast.checkmarx.net/projects/10208537-12a5-4bf8-824a-81a62121b508/scans?id=79dde67e-447e-480d-9f9e-f0bfb2e3e6f8&branch=master)


----
FasterXML jackson-databind before 2.6.7.2, 2.7.x before 2.7.9.5, 2.8.x before 2.8.11.3
and 2.9.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.





----
**Additional Info**
**Attack vector:** NETWORK
**Attack complexity:** LOW
**Confidentiality impact:** HIGH
**Availability impact:** HIGH
**Remediation Upgrade Recommendation:** 2.8.11.3-redhat-00001


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2018-14721 @ Maven-com.fasterxml.jackson.core:jackson-databind-2.8.9 #90

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CVE-2018-14721 @ Maven-com.fasterxml.jackson.core:jackson-databind-2.8.9 #90

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions