Is CVE-2020-36518 actively exploited?

CVE-2020-36518 has no public evidence of in-the-wild exploitation as of 2025-08-27.

What is the CVSS score for CVE-2020-36518?

CVE-2020-36518 has a CVSS score of 7.5 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

How do I patch CVE-2020-36518?

Patch guidance is available from fasterxml security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2020-36518.

Fix CVE-2020-36518 - HIGH fasterxml jackson-databind

Q: Which products are affected by CVE-2020-36518?

77 products: fasterxml jackson-databind, fasterxml jackson-databind, oracle big data spatial and graph, oracle coherence, oracle commerce platform, and 72 more.

Description

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
Weaknesses: CWE-787 · Out-of-bounds Write CWE-787 · Out-of-bounds Write

Metadata

Primary Vendor: FASTERXML
Published: 3/11/2022
Last Modified: 8/27/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

fasterxml : jackson-databindfasterxml : jackson-databindoracle : big_data_spatial_and_graphoracle : coherenceoracle : commerce_platformoracle : commerce_platformoracle : commerce_platformoracle : communications_billing_and_revenue_managementoracle : communications_cloud_native_core_binding_support_functionoracle : communications_cloud_native_core_consoleoracle : communications_cloud_native_core_network_repository_functionoracle : communications_cloud_native_core_network_repository_functionoracle : communications_cloud_native_core_network_slice_selection_functionoracle : communications_cloud_native_core_network_slice_selection_functionoracle : communications_cloud_native_core_security_edge_protection_proxyoracle : communications_cloud_native_core_service_communication_proxyoracle : communications_cloud_native_core_unified_data_repositoryoracle : financial_services_analytical_applications_infrastructureoracle : financial_services_analytical_applications_infrastructureoracle : financial_services_analytical_applications_infrastructureoracle : financial_services_analytical_applications_infrastructureoracle : financial_services_behavior_detection_platformoracle : financial_services_behavior_detection_platformoracle : financial_services_behavior_detection_platformoracle : financial_services_crime_and_compliance_management_studiooracle : financial_services_crime_and_compliance_management_studiooracle : financial_services_enterprise_case_managementoracle : financial_services_enterprise_case_managementoracle : financial_services_enterprise_case_managementoracle : financial_services_enterprise_case_managementoracle : financial_services_enterprise_case_managementoracle : financial_services_trade-based_anti_money_launderingoracle : financial_services_trade-based_anti_money_launderingoracle : global_lifecycle_management_nextgen_oui_frameworkoracle : global_lifecycle_management_nextgen_oui_frameworkoracle : global_lifecycle_management_opatchoracle : graph_server_and_clientoracle : health_sciences_empirica_signaloracle : peoplesoft_enterprise_peopletoolsoracle : peoplesoft_enterprise_peopletoolsoracle : primavera_gatewayoracle : primavera_gatewayoracle : primavera_gatewayoracle : primavera_gatewayoracle : primavera_gatewayoracle : primavera_p6_enterprise_project_portfolio_managementoracle : primavera_p6_enterprise_project_portfolio_managementoracle : primavera_p6_enterprise_project_portfolio_managementoracle : primavera_p6_enterprise_project_portfolio_managementoracle : primavera_unifieroracle : primavera_unifieroracle : primavera_unifieroracle : primavera_unifieroracle : primavera_unifieroracle : retail_sales_auditoracle : sd-wan_edgeoracle : sd-wan_edgeoracle : spatial_studiooracle : utilities_frameworkoracle : utilities_frameworkoracle : utilities_frameworkoracle : utilities_frameworkoracle : utilities_frameworkoracle : utilities_frameworkoracle : weblogic_serveroracle : weblogic_serveroracle : weblogic_serverdebian : debian_linuxdebian : debian_linuxdebian : debian_linuxnetapp : active_iq_unified_managernetapp : active_iq_unified_managernetapp : active_iq_unified_managernetapp : cloud_insights_acquisition_unitnetapp : oncommand_insightnetapp : oncommand_workflow_automationnetapp : snap_creator_framework

Remediation Guidance

Executive Summary

View on NIST NVD