Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added last week11 views

CVE-2026-54512

A flaw was found in jackson-databind. This vulnerability allows a remote attacker to bypass the PolymorphicTypeValidator PTV when polymorphic typing is enabled and a type identifier contains generic parameters. By crafting a malicious type ID, an attacker can place a denied class as a generic typ...

8.1CVSS5.9AI score0.00617EPSS
Exploits1References6
NVD
NVD
added 2026/06/23 9:17 p.m.12 views

CVE-2026-54512

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, jackson-databind's PolymorphicTypeValidator PTV is the primary safety mechanism guarding polymorphic deserialization. When polymorphic...

8.1CVSS0.00617EPSS
Exploits1References3
OSV
OSV
added 2026/06/23 9:17 p.m.5 views

DEBIAN-CVE-2026-54512

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, jackson-databind's PolymorphicTypeValidator PTV is the primary safety mechanism guarding polymorphic deserialization. When polymorphic...

8.1CVSS5.8AI score0.00617EPSS
Exploits1References1
OSV
OSV
added 2026/06/23 9:17 p.m.4 views

UBUNTU-CVE-2026-54512

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, jackson-databind's PolymorphicTypeValidator PTV is the primary safety mechanism guarding polymorphic deserialization. When polymorphic...

8.1CVSS5.8AI score0.00617EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/06/23 8:56 p.m.30 views

CVE-2026-54512 jackson-databind: PolymorphicTypeValidator bypass via generic type parameters allows arbitrary class instantiation

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, jackson-databind's PolymorphicTypeValidator PTV is the primary safety mechanism guarding polymorphic deserialization. When polymorphic...

8.1CVSS0.00617EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/23 8:56 p.m.7 views

EUVD-2026-38595

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, jackson-databind's PolymorphicTypeValidator PTV is the primary safety mechanism guarding polymorphic deserialization. When polymorphic...

8.1CVSS5.8AI score0.00617EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/08/08 5:11 a.m.42 views

CVE-2020-36469

An issue was discovered in the appendix crate through 2020-11-15 for Rust. For the generic K and V type parameters, Send and Sync are implemented unconditionally...

5.7AI score0.00978EPSS
Exploits1References2
Rows per page
Query Builder