// For flags

CVE-2020-36518

jackson-databind: denial of service via a large depth of nested objects

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

jackson-databind versiones anteriores a 2.13.0, permite una excepción Java StackOverflow y una denegación de servicio por medio de una gran profundidad de objetos anidados

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-03-11 CVE Reserved
  • 2022-03-11 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • 2024-10-15 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-400: Uncontrolled Resource Consumption
  • CWE-787: Out-of-bounds Write
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Fasterxml
Search vendor "Fasterxml"
Jackson-databind
Search vendor "Fasterxml" for product "Jackson-databind"
< 2.12.6.1
Search vendor "Fasterxml" for product "Jackson-databind" and version " < 2.12.6.1"
-
Affected
Fasterxml
Search vendor "Fasterxml"
Jackson-databind
Search vendor "Fasterxml" for product "Jackson-databind"
>= 2.13.0 < 2.13.2.1
Search vendor "Fasterxml" for product "Jackson-databind" and version " >= 2.13.0 < 2.13.2.1"
-
Affected
Oracle
Search vendor "Oracle"
Big Data Spatial And Graph
Search vendor "Oracle" for product "Big Data Spatial And Graph"
< 23.1
Search vendor "Oracle" for product "Big Data Spatial And Graph" and version " < 23.1"
-
Affected
Oracle
Search vendor "Oracle"
Coherence
Search vendor "Oracle" for product "Coherence"
14.1.1.0.0
Search vendor "Oracle" for product "Coherence" and version "14.1.1.0.0"
-
Affected
Oracle
Search vendor "Oracle"
Commerce Platform
Search vendor "Oracle" for product "Commerce Platform"
11.3.0
Search vendor "Oracle" for product "Commerce Platform" and version "11.3.0"
-
Affected
Oracle
Search vendor "Oracle"
Commerce Platform
Search vendor "Oracle" for product "Commerce Platform"
11.3.1
Search vendor "Oracle" for product "Commerce Platform" and version "11.3.1"
-
Affected
Oracle
Search vendor "Oracle"
Commerce Platform
Search vendor "Oracle" for product "Commerce Platform"
11.3.2
Search vendor "Oracle" for product "Commerce Platform" and version "11.3.2"
-
Affected
Oracle
Search vendor "Oracle"
Communications Billing And Revenue Management
Search vendor "Oracle" for product "Communications Billing And Revenue Management"
>= 12.0.0.4.0 <= 12.0.0.6.0
Search vendor "Oracle" for product "Communications Billing And Revenue Management" and version " >= 12.0.0.4.0 <= 12.0.0.6.0"
-
Affected
Oracle
Search vendor "Oracle"
Communications Cloud Native Core Binding Support Function
Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function"
22.1.3
Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function" and version "22.1.3"
-
Affected
Oracle
Search vendor "Oracle"
Communications Cloud Native Core Console
Search vendor "Oracle" for product "Communications Cloud Native Core Console"
1.9.0
Search vendor "Oracle" for product "Communications Cloud Native Core Console" and version "1.9.0"
-
Affected
Oracle
Search vendor "Oracle"
Communications Cloud Native Core Network Repository Function
Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function"
22.1.2
Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" and version "22.1.2"
-
Affected
Oracle
Search vendor "Oracle"
Communications Cloud Native Core Network Repository Function
Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function"
22.2.0
Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" and version "22.2.0"
-
Affected
Oracle
Search vendor "Oracle"
Communications Cloud Native Core Network Slice Selection Function
Search vendor "Oracle" for product "Communications Cloud Native Core Network Slice Selection Function"
22.1.0
Search vendor "Oracle" for product "Communications Cloud Native Core Network Slice Selection Function" and version "22.1.0"
-
Affected
Oracle
Search vendor "Oracle"
Communications Cloud Native Core Network Slice Selection Function
Search vendor "Oracle" for product "Communications Cloud Native Core Network Slice Selection Function"
22.1.1
Search vendor "Oracle" for product "Communications Cloud Native Core Network Slice Selection Function" and version "22.1.1"
-
Affected
Oracle
Search vendor "Oracle"
Communications Cloud Native Core Security Edge Protection Proxy
Search vendor "Oracle" for product "Communications Cloud Native Core Security Edge Protection Proxy"
22.1.1
Search vendor "Oracle" for product "Communications Cloud Native Core Security Edge Protection Proxy" and version "22.1.1"
-
Affected
Oracle
Search vendor "Oracle"
Communications Cloud Native Core Service Communication Proxy
Search vendor "Oracle" for product "Communications Cloud Native Core Service Communication Proxy"
22.2.0
Search vendor "Oracle" for product "Communications Cloud Native Core Service Communication Proxy" and version "22.2.0"
-
Affected
Oracle
Search vendor "Oracle"
Communications Cloud Native Core Unified Data Repository
Search vendor "Oracle" for product "Communications Cloud Native Core Unified Data Repository"
22.2.0
Search vendor "Oracle" for product "Communications Cloud Native Core Unified Data Repository" and version "22.2.0"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Analytical Applications Infrastructure
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure"
>= 8.0.7 <= 8.1.0.0
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version " >= 8.0.7 <= 8.1.0.0"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Analytical Applications Infrastructure
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure"
8.1.1.0
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.1.1.0"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Analytical Applications Infrastructure
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure"
8.1.2.0
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.1.2.0"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Analytical Applications Infrastructure
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure"
8.1.2.1
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.1.2.1"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Behavior Detection Platform
Search vendor "Oracle" for product "Financial Services Behavior Detection Platform"
>= 8.1.1.0 <= 8.1.2.1
Search vendor "Oracle" for product "Financial Services Behavior Detection Platform" and version " >= 8.1.1.0 <= 8.1.2.1"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Behavior Detection Platform
Search vendor "Oracle" for product "Financial Services Behavior Detection Platform"
8.0.7.0.0
Search vendor "Oracle" for product "Financial Services Behavior Detection Platform" and version "8.0.7.0.0"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Behavior Detection Platform
Search vendor "Oracle" for product "Financial Services Behavior Detection Platform"
8.0.8
Search vendor "Oracle" for product "Financial Services Behavior Detection Platform" and version "8.0.8"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Crime And Compliance Management Studio
Search vendor "Oracle" for product "Financial Services Crime And Compliance Management Studio"
8.0.8.2.0
Search vendor "Oracle" for product "Financial Services Crime And Compliance Management Studio" and version "8.0.8.2.0"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Crime And Compliance Management Studio
Search vendor "Oracle" for product "Financial Services Crime And Compliance Management Studio"
8.0.8.3.0
Search vendor "Oracle" for product "Financial Services Crime And Compliance Management Studio" and version "8.0.8.3.0"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Enterprise Case Management
Search vendor "Oracle" for product "Financial Services Enterprise Case Management"
>= 8.1.1.0 <= 8.1.2.1
Search vendor "Oracle" for product "Financial Services Enterprise Case Management" and version " >= 8.1.1.0 <= 8.1.2.1"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Enterprise Case Management
Search vendor "Oracle" for product "Financial Services Enterprise Case Management"
8.0.7.1
Search vendor "Oracle" for product "Financial Services Enterprise Case Management" and version "8.0.7.1"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Enterprise Case Management
Search vendor "Oracle" for product "Financial Services Enterprise Case Management"
8.0.7.2
Search vendor "Oracle" for product "Financial Services Enterprise Case Management" and version "8.0.7.2"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Enterprise Case Management
Search vendor "Oracle" for product "Financial Services Enterprise Case Management"
8.0.8.0
Search vendor "Oracle" for product "Financial Services Enterprise Case Management" and version "8.0.8.0"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Enterprise Case Management
Search vendor "Oracle" for product "Financial Services Enterprise Case Management"
8.0.8.1
Search vendor "Oracle" for product "Financial Services Enterprise Case Management" and version "8.0.8.1"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Trade-based Anti Money Laundering
Search vendor "Oracle" for product "Financial Services Trade-based Anti Money Laundering"
8.0.7
Search vendor "Oracle" for product "Financial Services Trade-based Anti Money Laundering" and version "8.0.7"
enterprise
Affected
Oracle
Search vendor "Oracle"
Financial Services Trade-based Anti Money Laundering
Search vendor "Oracle" for product "Financial Services Trade-based Anti Money Laundering"
8.0.8
Search vendor "Oracle" for product "Financial Services Trade-based Anti Money Laundering" and version "8.0.8"
enterprise
Affected
Oracle
Search vendor "Oracle"
Global Lifecycle Management Nextgen Oui Framework
Search vendor "Oracle" for product "Global Lifecycle Management Nextgen Oui Framework"
< 13.9.4.2.2
Search vendor "Oracle" for product "Global Lifecycle Management Nextgen Oui Framework" and version " < 13.9.4.2.2"
-
Affected
Oracle
Search vendor "Oracle"
Global Lifecycle Management Nextgen Oui Framework
Search vendor "Oracle" for product "Global Lifecycle Management Nextgen Oui Framework"
13.9.4.2.2
Search vendor "Oracle" for product "Global Lifecycle Management Nextgen Oui Framework" and version "13.9.4.2.2"
-
Affected
Oracle
Search vendor "Oracle"
Global Lifecycle Management Opatch
Search vendor "Oracle" for product "Global Lifecycle Management Opatch"
< 12.2.0.1.30
Search vendor "Oracle" for product "Global Lifecycle Management Opatch" and version " < 12.2.0.1.30"
-
Affected
Oracle
Search vendor "Oracle"
Graph Server And Client
Search vendor "Oracle" for product "Graph Server And Client"
< 22.2.0
Search vendor "Oracle" for product "Graph Server And Client" and version " < 22.2.0"
-
Affected
Oracle
Search vendor "Oracle"
Health Sciences Empirica Signal
Search vendor "Oracle" for product "Health Sciences Empirica Signal"
9.1.0.5.2
Search vendor "Oracle" for product "Health Sciences Empirica Signal" and version "9.1.0.5.2"
-
Affected
Oracle
Search vendor "Oracle"
Peoplesoft Enterprise Peopletools
Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"
8.58
Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.58"
-
Affected
Oracle
Search vendor "Oracle"
Peoplesoft Enterprise Peopletools
Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"
8.59
Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.59"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Gateway
Search vendor "Oracle" for product "Primavera Gateway"
>= 17.12.0 <= 17.12.11
Search vendor "Oracle" for product "Primavera Gateway" and version " >= 17.12.0 <= 17.12.11"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Gateway
Search vendor "Oracle" for product "Primavera Gateway"
>= 18.8.0 <= 18.8.14
Search vendor "Oracle" for product "Primavera Gateway" and version " >= 18.8.0 <= 18.8.14"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Gateway
Search vendor "Oracle" for product "Primavera Gateway"
>= 19.12.0 <= 19.12.13
Search vendor "Oracle" for product "Primavera Gateway" and version " >= 19.12.0 <= 19.12.13"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Gateway
Search vendor "Oracle" for product "Primavera Gateway"
>= 20.12.0 <= 20.12.18
Search vendor "Oracle" for product "Primavera Gateway" and version " >= 20.12.0 <= 20.12.18"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Gateway
Search vendor "Oracle" for product "Primavera Gateway"
>= 21.12.0 <= 21.12.1
Search vendor "Oracle" for product "Primavera Gateway" and version " >= 21.12.0 <= 21.12.1"
-
Affected
Oracle
Search vendor "Oracle"
Primavera P6 Enterprise Project Portfolio Management
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management"
>= 17.12.0.0 <= 17.12.20.4
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management" and version " >= 17.12.0.0 <= 17.12.20.4"
-
Affected
Oracle
Search vendor "Oracle"
Primavera P6 Enterprise Project Portfolio Management
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management"
>= 18.8.0.0 <= 18.8.25.4
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management" and version " >= 18.8.0.0 <= 18.8.25.4"
-
Affected
Oracle
Search vendor "Oracle"
Primavera P6 Enterprise Project Portfolio Management
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management"
>= 19.12.0 <= 19.12.19.0
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management" and version " >= 19.12.0 <= 19.12.19.0"
-
Affected
Oracle
Search vendor "Oracle"
Primavera P6 Enterprise Project Portfolio Management
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management"
>= 20.12.0.0 <= 21.12.4.0
Search vendor "Oracle" for product "Primavera P6 Enterprise Project Portfolio Management" and version " >= 20.12.0.0 <= 21.12.4.0"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Unifier
Search vendor "Oracle" for product "Primavera Unifier"
>= 17.0 <= 17.12
Search vendor "Oracle" for product "Primavera Unifier" and version " >= 17.0 <= 17.12"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Unifier
Search vendor "Oracle" for product "Primavera Unifier"
18.0
Search vendor "Oracle" for product "Primavera Unifier" and version "18.0"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Unifier
Search vendor "Oracle" for product "Primavera Unifier"
19.12
Search vendor "Oracle" for product "Primavera Unifier" and version "19.12"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Unifier
Search vendor "Oracle" for product "Primavera Unifier"
20.12
Search vendor "Oracle" for product "Primavera Unifier" and version "20.12"
-
Affected
Oracle
Search vendor "Oracle"
Primavera Unifier
Search vendor "Oracle" for product "Primavera Unifier"
21.12
Search vendor "Oracle" for product "Primavera Unifier" and version "21.12"
-
Affected
Oracle
Search vendor "Oracle"
Retail Sales Audit
Search vendor "Oracle" for product "Retail Sales Audit"
15.0.3.1
Search vendor "Oracle" for product "Retail Sales Audit" and version "15.0.3.1"
-
Affected
Oracle
Search vendor "Oracle"
Sd-wan Edge
Search vendor "Oracle" for product "Sd-wan Edge"
9.0
Search vendor "Oracle" for product "Sd-wan Edge" and version "9.0"
-
Affected
Oracle
Search vendor "Oracle"
Sd-wan Edge
Search vendor "Oracle" for product "Sd-wan Edge"
9.1
Search vendor "Oracle" for product "Sd-wan Edge" and version "9.1"
-
Affected
Oracle
Search vendor "Oracle"
Spatial Studio
Search vendor "Oracle" for product "Spatial Studio"
< 20.1.0
Search vendor "Oracle" for product "Spatial Studio" and version " < 20.1.0"
-
Affected
Oracle
Search vendor "Oracle"
Utilities Framework
Search vendor "Oracle" for product "Utilities Framework"
4.3.0.5.0
Search vendor "Oracle" for product "Utilities Framework" and version "4.3.0.5.0"
-
Affected
Oracle
Search vendor "Oracle"
Utilities Framework
Search vendor "Oracle" for product "Utilities Framework"
4.3.0.6.0
Search vendor "Oracle" for product "Utilities Framework" and version "4.3.0.6.0"
-
Affected
Oracle
Search vendor "Oracle"
Utilities Framework
Search vendor "Oracle" for product "Utilities Framework"
4.4.0.0.0
Search vendor "Oracle" for product "Utilities Framework" and version "4.4.0.0.0"
-
Affected
Oracle
Search vendor "Oracle"
Utilities Framework
Search vendor "Oracle" for product "Utilities Framework"
4.4.0.2.0
Search vendor "Oracle" for product "Utilities Framework" and version "4.4.0.2.0"
-
Affected
Oracle
Search vendor "Oracle"
Utilities Framework
Search vendor "Oracle" for product "Utilities Framework"
4.4.0.3.0
Search vendor "Oracle" for product "Utilities Framework" and version "4.4.0.3.0"
-
Affected
Oracle
Search vendor "Oracle"
Utilities Framework
Search vendor "Oracle" for product "Utilities Framework"
4.4.0.5.0
Search vendor "Oracle" for product "Utilities Framework" and version "4.4.0.5.0"
-
Affected
Oracle
Search vendor "Oracle"
Weblogic Server
Search vendor "Oracle" for product "Weblogic Server"
12.2.1.3.0
Search vendor "Oracle" for product "Weblogic Server" and version "12.2.1.3.0"
-
Affected
Oracle
Search vendor "Oracle"
Weblogic Server
Search vendor "Oracle" for product "Weblogic Server"
12.2.1.4.0
Search vendor "Oracle" for product "Weblogic Server" and version "12.2.1.4.0"
-
Affected
Oracle
Search vendor "Oracle"
Weblogic Server
Search vendor "Oracle" for product "Weblogic Server"
14.1.1.0.0
Search vendor "Oracle" for product "Weblogic Server" and version "14.1.1.0.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
9.0
Search vendor "Debian" for product "Debian Linux" and version "9.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
10.0
Search vendor "Debian" for product "Debian Linux" and version "10.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
11.0
Search vendor "Debian" for product "Debian Linux" and version "11.0"
-
Affected
Netapp
Search vendor "Netapp"
Active Iq Unified Manager
Search vendor "Netapp" for product "Active Iq Unified Manager"
-linux
Affected
Netapp
Search vendor "Netapp"
Active Iq Unified Manager
Search vendor "Netapp" for product "Active Iq Unified Manager"
-vmware_vsphere
Affected
Netapp
Search vendor "Netapp"
Active Iq Unified Manager
Search vendor "Netapp" for product "Active Iq Unified Manager"
-windows
Affected
Netapp
Search vendor "Netapp"
Cloud Insights Acquisition Unit
Search vendor "Netapp" for product "Cloud Insights Acquisition Unit"
--
Affected
Netapp
Search vendor "Netapp"
Oncommand Insight
Search vendor "Netapp" for product "Oncommand Insight"
--
Affected
Netapp
Search vendor "Netapp"
Oncommand Workflow Automation
Search vendor "Netapp" for product "Oncommand Workflow Automation"
--
Affected
Netapp
Search vendor "Netapp"
Snap Creator Framework
Search vendor "Netapp" for product "Snap Creator Framework"
--
Affected