Lucene search
+L

198 matches found

RedHat Linux
RedHat Linux
added yesterday6 views

Important: Red Hat Security Advisory: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update

An update for multiple packages is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.1CVSS6.5AI score0.00695EPSS
Exploits1References3
NVD
NVD
added 3 days ago3 views

CVE-2026-59889

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.18.0 until 2.18.9, 2.21.5, 2.22.1, 3.1.5, and 3.2.1, UnwrappedPropertyHandler.processUnwrapped replays buffered JSON for a @JsonUnwrapped property and calls...

6.5CVSS0.00416EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 3 days ago7 views

PT-2026-58288

Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.15.0 through 2.18.7 jackson-databind versions 2.21.0 through 2.21.3 jackson-databind versions 3.1.0 through 3.1.3 Description Java Records using a PropertyNamingStrategy can bypass the @JsonIgnore annotation. This...

6.5CVSS6.1AI score0.00247EPSS
Exploits0References10
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/08 4:15 p.m.4 views

Security Bulletin: IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities

Summary IBM Enterprise Build of Quarkus is affected by vulnerabilities in Jackson Data Binding, Micrometer, Keycloak Policy Enforcer, Apache CXF Vulnerability Details CVEID:CVE-2026-40983 DESCRIPTION: In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cau...

8.1CVSS5.9AI score0.00695EPSS
Exploits1Affected Software1
NVD
NVD
added 2026/06/23 10:16 p.m.10 views

CVE-2026-54518

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, UnwrappedPropertyHandler.processUnwrappedCreatorProperties replays buffered JSON into creator parameters but never consults...

6.5CVSS0.00211EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/23 9:24 p.m.7 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the POJOPropertiesCollector.renameProperties and BeanDeserializerFactory.addBeanProps methods, which rename rather than drop a property whose getter carri...

6.9CVSS6AI score0.00282EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 9:22 p.m.10 views

GHSA-HGJ6-7826-R7M5 jackson-databind: InetSocketAddress deserialization triggers eager DNS resolution (SSRF)

Summary JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution for hostname inputs at deserialization time. An application that binds untrusted JSON into a type containing an InetSocketAddress field issues an...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/23 9:2 p.m.8 views

CVE-2026-54518

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, UnwrappedPropertyHandler.processUnwrappedCreatorProperties replays buffered JSON into creator parameters but never consults...

6.5CVSS5.9AI score0.00211EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/23 8:53 p.m.11 views

CVE-2026-54513

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray allowlists any array type based only on clazz.isArray, without validating th...

8.1CVSS5.8AI score0.00695EPSS
Exploits0
EUVD
EUVD
added 2026/06/23 8:50 p.m.9 views

EUVD-2026-38591

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.0 until 2.18.9, 2.21.5, and 3.1.4, in BeanDeserializerBase.createContextual, per-property @JsonIgnoreProperties exclusions are applied by handleByNameInclusion, producing a...

5.3CVSS5.8AI score0.00345EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/23 8:48 p.m.6 views

CVE-2026-54516

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed...

5.3CVSS5.9AI score0.00282EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/06/23 8:48 p.m.12 views

EUVD-2026-38590

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed...

5.3CVSS5.9AI score0.00282EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/11 5:2 a.m.11 views

CVE-2026-40985 Data Binding Vulnerability in Spring Web Flow with Unified EL Parser

Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1...

6.4CVSS5.5AI score0.00225EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 5:2 a.m.29 views

CVE-2026-40985 Data Binding Vulnerability in Spring Web Flow with Unified EL Parser

Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1...

6.4CVSS0.00225EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 5:2 a.m.34 views

CVE-2026-40985

CVE-2026-40985 affects Spring Web Flow where configurations use the WebFlowELExpressionParser. The vulnerability arises from processing Unified EL expressions, allowing a crafted expression to influence behavior. Affected versions are Spring Web Flow 4.0.0; 3.0.0–3.0.1; and 2.5.0–2.5.1. The conne...

6.4CVSS5.5AI score0.00225EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/10 1:13 a.m.8 views

Denial of Service (DoS)

Overview org.springframework.data:spring-data-commons is a maven plugin to centralize common resources and configuration for Spring Data Maven builds. Affected versions of this package are vulnerable to Denial of Service DoS via data binding. An attacker can exhaust system memory resources by...

8.2CVSS5.6AI score0.00331EPSS
Exploits0References2
Spring Security Advisories
Spring Security Advisories
added 2026/06/10 12:0 a.m.10 views

cve-2026-40985 - MEDIUM - Data Binding Vulnerability in Spring Web Flow with Unified EL Parser

cve-2026-40985 - MEDIUM - Data Binding Vulnerability in Spring Web Flow with Unified EL Parser...

6.4CVSS6.1AI score0.00225EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/09 11:48 p.m.43 views

CVE-2026-41721 Spring Data Commons Denial of Service via Data Binding

Spring Data Commons contains a vulnerability that can lead to a Denial of Service DoS condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lo...

5.9CVSS0.00331EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 11:48 p.m.4 views

CVE-2026-41721 Spring Data Commons Denial of Service via Data Binding

Spring Data Commons contains a vulnerability that can lead to a Denial of Service DoS condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lo...

5.9CVSS5.8AI score0.00331EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 11:48 p.m.9 views

CVE-2026-41721 Spring Data Commons Denial of Service via Data Binding

Spring Data Commons contains a vulnerability that can lead to a Denial of Service DoS condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lo...

5.9CVSS5.4AI score0.00331EPSS
Exploits0References1
Rows per page
Query Builder