3707 matches found
ROOT-APP-MAVEN-CVE-2026-54512 CVE-2026-54512 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root
Root has patched CVE-2026-54512 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-54513 CVE-2026-54513 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root
Root has patched CVE-2026-54513 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2022-42003 CVE-2022-42003 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root
Root has patched CVE-2022-42003 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2022-42004 CVE-2022-42004 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root
Root has patched CVE-2022-42004 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...
FasterXML Jackson Databind <=2.9.10.4 - Remote Code Execution
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig aka anteros-core. id: CVE-2020-9548 info: name: FasterXML Jackson Databind =2.9.10.4 - Remote Code Execution author: tomaquet18...
FasterXML jackson-databind - Deserialization Remote Code Execution
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig aka ibatis-sqlmap. This vulnerability allows attackers to execute arbitrary code through deserialization of...
ROOT-APP-MAVEN-GHSA-72HV-8253-57QQ GHSA-72hv-8253-57qq in io.root.com.fasterxml.jackson.core:jackson-core - Patched by Root
Root has patched GHSA-72hv-8253-57qq in the io.root.com.fasterxml.jackson.core:jackson-core package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2025-52999 CVE-2025-52999 in io.root.com.fasterxml.jackson.core:jackson-core - Patched by Root
Root has patched CVE-2025-52999 in the io.root.com.fasterxml.jackson.core:jackson-core package for Root:Maven. Multiple fixed versions available...
WordPress ThumbPress plugin <= 6.3.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Denver Jackson in WordPress Plugin ThumbPress versions = 6.3.2...
ROOT-APP-MAVEN-CVE-2020-25649 CVE-2020-25649 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root
Root has patched CVE-2020-25649 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2020-36518 CVE-2020-36518 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root
Root has patched CVE-2020-36518 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2021-46877 CVE-2021-46877 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root
Root has patched CVE-2021-46877 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...
CVE-2026-50193
A flaw was found in jackson-databind, a general-purpose data-binding library for Jackson Data Processor. A remote attacker can exploit this vulnerability by sending deeply nested JSON JavaScript Object Notation data to a service that reads and processes it. This can lead to a Denial of Service Do...
CVE-2026-54516
A flaw was found in jackson-databind. This vulnerability allows a remote attacker to bypass security controls by exploiting an issue in how properties are handled when both @JsonProperty for renaming and @JsonIgnore for ignoring annotations are used. By supplying a specially crafted JSON key, an...
CVE-2026-54517
A flaw was found in jackson-databind. A remote attacker can exploit this vulnerability due to an issue in how active-view @JsonView filters are applied. Specifically, setterless collections annotated with a restricted @JsonView can be populated from attacker-controlled JSON even when the active...
CVE-2026-54518
A flaw was found in jackson-databind. This vulnerability allows a remote attacker to bypass security view restrictions by sending specially crafted JSON JavaScript Object Notation data. The UnwrappedPropertyHandler component, which processes unwrapped properties, incorrectly populates constructor...
CVE-2026-54514
A flaw was found in jackson-databind, a library used for processing JSON data. This vulnerability allows a remote attacker to force the application to perform an attacker-chosen DNS Domain Name System query. This occurs when untrusted JSON input containing specific network address information is...
CVE-2026-54512
A flaw was found in jackson-databind. This vulnerability allows a remote attacker to bypass the PolymorphicTypeValidator PTV when polymorphic typing is enabled and a type identifier contains generic parameters. By crafting a malicious type ID, an attacker can place a denied class as a generic typ...
CVE-2026-54515
A flaw was found in jackson-databind. This vulnerability occurs in the data-binding functionality where properties intended to be ignored are incorrectly restored and become writable again. An attacker could potentially exploit this by providing input that modifies data through these supposedly...
Server-Side Request Forgery
jackson-databind is vulnerable to server-side request forgery SSRF. The vulnerability is due to eager DNS resolution during InetSocketAddress deserialization, where untrusted hostnames are resolved before application-level validation, allowing attackers to trigger arbitrary DNS requests by...