CVEFinder.io

CVE-2020-36518

⚠️ high
Summary

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

CVSS Score
7.5
High
EPSS Score
0.5
Exploit Probability
Published Date
2022-03-11
First Seen: 2026-01-05
Last Modified 2025-08-27
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE IDs (Weakness Types)
CWE-787

🔗 References 14

https://github.com/FasterXML/jackson-databind/issues...
Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/05...
Exploit Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/11...
Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20220506-0...
Third Party Advisory
https://www.debian.org/security/2022/dsa-5283
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
Third Party Advisory
https://github.com/FasterXML/jackson-databind/issues...
Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/05...
Exploit Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/11...
Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20220506-0...
Third Party Advisory
https://www.debian.org/security/2022/dsa-5283
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
Third Party Advisory

📦 Affected Products 75

Vendor Product Status Affected Versions
debian debian_linux Affected
v10.0
debian debian_linux Affected
v11.0
debian debian_linux Affected
v9.0
oracle peoplesoft_enterprise_peopletools Affected
v8.58
oracle peoplesoft_enterprise_peopletools Affected
v8.59
oracle weblogic_server Affected
v12.2.1.3.0
oracle weblogic_server Affected
v12.2.1.4.0
oracle weblogic_server Affected
v14.1.1.0.0
oracle commerce_platform Affected
v11.3.0
oracle commerce_platform Affected
v11.3.1
oracle commerce_platform Affected
v11.3.2
oracle primavera_p6_enterprise_project_portfolio_management Affected
≥ 17.12.0.0 ≤ 17.12.20.4
oracle primavera_p6_enterprise_project_portfolio_management Affected
≥ 18.8.0.0 ≤ 18.8.25.4
oracle primavera_p6_enterprise_project_portfolio_management Affected
≥ 19.12.0 ≤ 19.12.19.0
oracle primavera_p6_enterprise_project_portfolio_management Affected
≥ 20.12.0.0 ≤ 21.12.4.0
netapp snap_creator_framework Affected
v-
netapp oncommand_workflow_automation Affected
v-
oracle financial_services_analytical_applications_infrastructure Affected
≥ 8.0.7 ≤ 8.1.0.0
oracle financial_services_analytical_applications_infrastructure Affected
v8.1.1.0
oracle financial_services_analytical_applications_infrastructure Affected
v8.1.2.0
oracle financial_services_analytical_applications_infrastructure Affected
v8.1.2.1
fasterxml jackson-databind Affected
< 2.12.6.1
fasterxml jackson-databind Affected
≥ 2.13.0 < 2.13.2.1
netapp oncommand_insight Affected
v-
oracle utilities_framework Affected
v4.3.0.5.0
oracle utilities_framework Affected
v4.3.0.6.0
oracle utilities_framework Affected
v4.4.0.0.0
oracle utilities_framework Affected
v4.4.0.2.0
oracle utilities_framework Affected
v4.4.0.3.0
oracle utilities_framework Affected
v4.4.0.5.0
oracle primavera_gateway Affected
≥ 17.12.0 ≤ 17.12.11
oracle primavera_gateway Affected
≥ 18.8.0 ≤ 18.8.14
oracle primavera_gateway Affected
≥ 19.12.0 ≤ 19.12.13
oracle primavera_gateway Affected
≥ 20.12.0 ≤ 20.12.18
oracle primavera_gateway Affected
≥ 21.12.0 ≤ 21.12.1
oracle primavera_unifier Affected
≥ 17.0 ≤ 17.12
oracle primavera_unifier Affected
v18.0
oracle primavera_unifier Affected
v19.12
oracle primavera_unifier Affected
v20.12
oracle primavera_unifier Affected
v21.12
oracle retail_sales_audit Affected
v15.0.3.1
netapp active_iq_unified_manager Affected
v-
oracle coherence Affected
v14.1.1.0.0
oracle sd-wan_edge Affected
v9.0
oracle sd-wan_edge Affected
v9.1
oracle communications_billing_and_revenue_management Affected
≥ 12.0.0.4.0 ≤ 12.0.0.6.0
oracle health_sciences_empirica_signal Affected
v9.1.0.5.2
oracle global_lifecycle_management_nextgen_oui_framework Affected
< 13.9.4.2.2
oracle global_lifecycle_management_nextgen_oui_framework Affected
v13.9.4.2.2
oracle financial_services_behavior_detection_platform Affected
≥ 8.1.1.0 ≤ 8.1.2.1
oracle financial_services_behavior_detection_platform Affected
v8.0.7.0.0
oracle financial_services_behavior_detection_platform Affected
v8.0.8
oracle global_lifecycle_management_opatch Affected
< 12.2.0.1.30
oracle communications_cloud_native_core_unified_data_repository Affected
v22.2.0
oracle communications_cloud_native_core_network_slice_selection_function Affected
v22.1.0
oracle communications_cloud_native_core_network_slice_selection_function Affected
v22.1.1
oracle communications_cloud_native_core_console Affected
v1.9.0
oracle spatial_studio Affected
< 20.1.0
oracle financial_services_enterprise_case_management Affected
≥ 8.1.1.0 ≤ 8.1.2.1
oracle financial_services_enterprise_case_management Affected
v8.0.7.1
oracle financial_services_enterprise_case_management Affected
v8.0.7.2
oracle financial_services_enterprise_case_management Affected
v8.0.8.0
oracle financial_services_enterprise_case_management Affected
v8.0.8.1
oracle communications_cloud_native_core_security_edge_protection_proxy Affected
v22.1.1
oracle communications_cloud_native_core_network_repository_function Affected
v22.1.2
oracle communications_cloud_native_core_network_repository_function Affected
v22.2.0
oracle graph_server_and_client Affected
< 22.2.0
netapp cloud_insights_acquisition_unit Affected
v-
oracle communications_cloud_native_core_binding_support_function Affected
v22.1.3
oracle communications_cloud_native_core_service_communication_proxy Affected
v22.2.0
oracle big_data_spatial_and_graph Affected
< 23.1
oracle financial_services_trade-based_anti_money_laundering Affected
v8.0.7
oracle financial_services_trade-based_anti_money_laundering Affected
v8.0.8
oracle financial_services_crime_and_compliance_management_studio Affected
v8.0.8.2.0
oracle financial_services_crime_and_compliance_management_studio Affected
v8.0.8.3.0

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-68670 ⛔ critical 9.1 0.3 xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerabi... 2026-01-27
CVE-2026-24061 ⛔ critical 9.8 29.6 telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment ... 2026-01-21
CVE-2026-21934 🔶 medium 5.4 0.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Push Notifications). Su... 2026-01-20
CVE-2026-21938 🔶 medium 6.1 0.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported vers... 2026-01-20
CVE-2026-21951 🔶 medium 6.1 0.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker). Su... 2026-01-20
CVE-2026-21924 🔶 medium 5.4 0.0 Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: General... 2026-01-20
These CVEs affect the same products