7 matches found
GHSA-HGJ6-7826-R7M5 jackson-databind: InetSocketAddress deserialization triggers eager DNS resolution (SSRF)
Summary JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution for hostname inputs at deserialization time. An application that binds untrusted JSON into a type containing an InetSocketAddress field issues an...
CVE-2026-54516
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed...
Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics - Log Analysis
Summary There are multiple vulnerabilities in various versions of Data-Binding functionality for Jackson that affect IBM Operations Analytics - Log Analysis. It has been fixed. The vulnerabilities are listed in the Vulnerability Details section below. Vulnerability Details CVEID:CVE-2020-25649...
Unspecified vulnerability in FasterXML jackson-databind (CNVD-2021-03346)
FasterXML jackson-databind is a generic data binding package for Jackson 2.x. A security vulnerability exists in FasterXML jackson-databind. No details of the vulnerability are provided at this time...
[SECURITY] Fedora 31 Update: jackson-annotations-2.10.0-1.fc31
Core annotations used for value types, used by Jackson data-binding package...
DEBIAN-CVE-2019-17531
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in the classpath, and an...
[SECURITY] Fedora 30 Update: jackson-annotations-2.9.9-1.fc30
Core annotations used for value types, used by Jackson data-binding package...