Lucene search
K

7 matches found

OSV
OSV
added 2026/06/23 9:22 p.m.8 views

GHSA-HGJ6-7826-R7M5 jackson-databind: InetSocketAddress deserialization triggers eager DNS resolution (SSRF)

Summary JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution for hostname inputs at deserialization time. An application that binds untrusted JSON into a type containing an InetSocketAddress field issues an...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/23 8:48 p.m.6 views

CVE-2026-54516

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed...

5.3CVSS5.9AI score0.00282EPSS
Exploits0References6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/22 8:8 a.m.51 views

Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics - Log Analysis

Summary There are multiple vulnerabilities in various versions of Data-Binding functionality for Jackson that affect IBM Operations Analytics - Log Analysis. It has been fixed. The vulnerabilities are listed in the Vulnerability Details section below. Vulnerability Details CVEID:CVE-2020-25649...

9.8CVSS10AI score0.45205EPSS
Exploits28Affected Software1
CNVD
CNVD
added 2021/01/07 12:0 a.m.3 views

Unspecified vulnerability in FasterXML jackson-databind (CNVD-2021-03346)

FasterXML jackson-databind is a generic data binding package for Jackson 2.x. A security vulnerability exists in FasterXML jackson-databind. No details of the vulnerability are provided at this time...

8.1CVSS9.1AI score0.05218EPSS
Exploits1References1
Fedora
Fedora
added 2019/10/26 5:30 p.m.47 views

[SECURITY] Fedora 31 Update: jackson-annotations-2.10.0-1.fc31

Core annotations used for value types, used by Jackson data-binding package...

9.8CVSS2.2AI score0.10676EPSS
Exploits1
OSV
OSV
added 2019/10/12 9:15 p.m.2 views

DEBIAN-CVE-2019-17531

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in the classpath, and an...

9.8CVSS8.2AI score0.05329EPSS
Exploits0References1
Fedora
Fedora
added 2019/09/22 2:26 a.m.71 views

[SECURITY] Fedora 30 Update: jackson-annotations-2.9.9-1.fc30

Core annotations used for value types, used by Jackson data-binding package...

9.8CVSS2.2AI score0.45205EPSS
Exploits4
Rows per page
Query Builder