It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to obtain sensitive information. (CVE-2018-11307, CVE-2019-12086, CVE-2019-12814)
It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code or other unspecified impact. (CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362, CVE-2019-12384, CVE-2019-14379, CVE-2019-14439, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, CVE-2019-17531, CVE-2019-20330, CVE-2020-10672, CVE-2020-10673, CVE-2020-10968, CVE-2020-10969, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619, CVE-2020-11620, CVE-2020-14060, CVE-2020-14061, CVE-2020-14062, CVE-2020-14195, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548)
It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute XML entity (XXE) attacks. (CVE-2018-14720)
It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute server-side request forgery (SSRF). (CVE-2018-14721)