Lucene search
K

7 matches found

Veracode
Veracode
added 2026/06/26 9:30 a.m.7 views

Server-Side Request Forgery

jackson-databind is vulnerable to server-side request forgery SSRF. The vulnerability is due to eager DNS resolution during InetSocketAddress deserialization, where untrusted hostnames are resolved before application-level validation, allowing attackers to trigger arbitrary DNS requests by...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-54514

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4,...

5.3CVSS6.2AI score0.00219EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/23 9:22 p.m.6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the JDKFromStringDeserializer class, which constructs InetSocketAddress and resolves the hostname through DNS at deserialization time. An attacker can force the server to issue outbound DNS lookups fo...

6.9CVSS5.8AI score0.00219EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/23 9:22 p.m.9 views

jackson-databind: InetSocketAddress deserialization triggers eager DNS resolution (SSRF)

Summary JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution for hostname inputs at deserialization time. An application that binds untrusted JSON into a type containing an InetSocketAddress field issues an...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2026/06/23 8:51 p.m.30 views

CVE-2026-54514 jackson-databind: InetSocketAddress deserialization triggers eager DNS resolution (SSRF)

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...

5.3CVSS0.00219EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2013/02/08 7:6 p.m.6 views

OpenJDK: InetSocketAddress serialization issue (Networking, 7201071)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information...

5CVSS7.4AI score0.04875EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/02/04 11:50 p.m.8 views

OpenJDK: InetSocketAddress serialization issue (Networking, 7201071)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information...

5CVSS7.4AI score0.04875EPSS
Exploits0References5
Rows per page
Query Builder