Miggo Logo
Miggo Vulnerability Database
CVE-2018-11307

CVE-2018-11307: Deserialization of Untrusted Data in jackson-databind

9.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2018-11307
GHSA ID
GHSA-qr7j-h6gg-jmgc
EPSS Score
0.93633%
CWE
CWE-502
Published
7/16/2019
Updated
3/1/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
com.fasterxml.jackson.core:jackson-databindmaven>= 2.9.0, < 2.9.62.9.6
com.fasterxml.jackson.core:jackson-databindmaven>= 2.0.0, <= 2.7.9.32.7.9.4
com.fasterxml.jackson.core:jackson-databindmaven>= 2.8.0, <= 2.8.11.12.8.11.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis:
In progress

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in **st*rXML j**kson-**t**in* *.*.* t*rou** *.*.*. Us* o* J**kson ****ult typin* *lon* wit* * *****t *l*ss *rom i**tis *llows *x*iltr*tion o* *ont*nt. *ix** in *.*.*.*, *.*.**.*, *n* *.*.*.

Reasoning

No *n*lysis *v*il**l*