CVE-2020-36518

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-36518

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36518.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-36518

Aliases

GHSA-57j2-w4cx-62h2

Downstream

DEBIAN-CVE-2020-36518

DLA-2990-1

DLA-3207-1

DSA-5283-1

OESA-2023-1921

OESA-2023-1971

RHSA-2022:4918

RHSA-2022:4919

RHSA-2022:6782

RHSA-2022:6783

RHSA-2022:7409

RHSA-2022:7410

RHSA-2022:7411

RHSA-2023:2312

RHSA-2024:3061

RHSA-2025:9582

RHSA-2025:9583

RLSA-2024:3061

SUSE-SU-2022:1678-1

UBUNTU-CVE-2020-36518

openSUSE-SU-2024:12096-1

openSUSE-SU-2024:12100-1

openSUSE-SU-2024:12101-1

Related

Published

2022-03-11T07:15:07.800Z

Modified

2026-02-05T05:29:12.350698Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

References

Affected packages

Git / github.com/fasterxml/jackson-databind

Affected ranges

Type: GIT
Repo: https://github.com/fasterxml/jackson-databind
Events: Introduced

70c5dfbd52410d99d36181072711125ac5240a15

Fixed

bdf6441dac25e2908b642100a588656da57b4077

Fixed

f758e50f0ecb7c24d91f66beda42d259a1e2c4a4

Affected versions

jackson-databind-2.*

jackson-databind-2.12.6

jackson-databind-2.13.0

jackson-databind-2.13.1

jackson-databind-2.13.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36518.json"