32 matches found
SUSE CVE-2026-54515
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.0 until 2.18.9, 2.21.5, and 3.1.4, in BeanDeserializerBase.createContextual, per-property @JsonIgnoreProperties exclusions are applied by handleByNameInclusion, producing a...
CVE-2026-54515
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.0 until 2.18.9, 2.21.5, and 3.1.4, in BeanDeserializerBase.createContextual, per-property @JsonIgnoreProperties exclusions are applied by handleByNameInclusion, producing a...
UBUNTU-CVE-2026-54515
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.0 until 2.18.9, 2.21.5, and 3.1.4, in BeanDeserializerBase.createContextual, per-property @JsonIgnoreProperties exclusions are applied by handleByNameInclusion, producing a...
CVE-2026-54515
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.0 until 2.18.9, 2.21.5, and 3.1.4, in BeanDeserializerBase.createContextual, per-property @JsonIgnoreProperties exclusions are applied by handleByNameInclusion, producing a...
CVE-2026-54515
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.0 until 2.18.9, 2.21.5, and 3.1.4, in BeanDeserializerBase.createContextual, per-property @JsonIgnoreProperties exclusions are applied by handleByNameInclusion, producing a...
CVE-2026-54516
The CVE-2026-54516 vulnerability affects jackson-databind where, from 2.21.0 through 2.21.4 and in 3.1.4, POJOPropertiesCollector._renameProperties() can rename a property annotated with @JsonProperty("renamed") on the getter while the setter is annotated with @JsonIgnore. When MapperFeature.INFE...
PT-2026-51599
Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.21.0 through 2.21.3 jackson-databind versions 3.0.0 through 3.1.3 Description An issue exists in the POJOPropertiesCollector. renameProperties function where a property with @JsonProperty"renamed" on the getter and...
PT-2026-51600
Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.21.0 through 2.21.3 jackson-databind versions 3.0.0 through 3.1.3 Description In the BeanDeserializer. deserializeUsingPropertyBased function, the active-view @JsonView filter was applied only to creator properties,...
Astra Linux – Vulnerability in Jackson-Databind
In FasterXML Jackson-Databind before version 2.13.4, resource exhaustion can occur due to the lack of a check in BeanDeserializer.deserializeFromArray, which prevents the use of deeply nested arrays. An application becomes vulnerable only with certain customized choices for deserialization...
jackson-databind: use of deeply nested arrays
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...
jackson-databind: use of deeply nested arrays
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...
jackson-databind: use of deeply nested arrays
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...
jackson-databind: use of deeply nested arrays
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...
jackson-databind: use of deeply nested arrays
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...
jackson-databind: use of deeply nested arrays
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...
jackson-databind: use of deeply nested arrays
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...
jackson-databind: use of deeply nested arrays
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...
jackson-databind: use of deeply nested arrays
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...
jackson-databind: use of deeply nested arrays
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...
SUSE CVE-2022-42004
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization...