7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-36518

GHSA ID

GHSA-57j2-w4cx-62h2

EPSS Score

0.64596%

CWE

CWE-787

Published

3/12/2022

Updated

3/15/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-36518

CVE-2020-36518: Deeply nested json in jackson-databind

jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-36518

GHSA ID

GHSA-57j2-w4cx-62h2

EPSS Score

0.64596%

CWE

CWE-787

Published

3/12/2022

Updated

3/15/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
com.fasterxml.jackson.core:jackson-databind	maven	>= 2.13.0, <= 2.13.2.0	2.13.2.1
com.fasterxml.jackson.core:jackson-databind	maven	<= 2.12.6.0	2.12.6.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

j**kson-**t**in* is * **t*-*in*in* p**k*** *or t** J**kson **t* Pro**ssor. j**kson-**t**in* *llows * J*v* st**k ov*r*low *x**ption *n* **ni*l o* s*rvi** vi* * l*r** **pt* o* n*st** o*j**ts.

Reasoning

No *n*lysis *v*il**l*

7.5

Basic Information

Concerned about an active attack path?

CVE-2020-36518: Deeply nested json in jackson-databind

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI