CVE-2026-41006 Spring HATEOAS Collection+JSON/UBER deserializers do not honor Jackson configuration

Spring HATEOAS's internal PropertyUtils.createObjectFromProperties method, used by the Collection+JSON and UBER media type deserializers, performs bean property binding via reflection without consulting Jackson access-control annotations. Affected versions: Spring HATEOAS 1.5.0 through 1.5.6; 2.3...

VMware Spring HATEOAS 访问控制错误漏洞

VMware Spring HATEOAS is a REST API hypermedia development framework provided by the American company VMware. Vulnerabilities in access control exist in versions 1.5.0 to 1.5.6, 2.3.0 to 2.3.4, 2.4.0 to 2.4.1, 2.5.0 to 2.5.2, and 3.0.0 to 3.0.3 of VMware Spring HATEOAS. This vulnerability stems...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via reflective property binding in PropertyUtils.createObjectFromProperties. An attacker can modify security-sensitive object properties by supplying crafted...

MiracleLinux 9 : jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base (AXSA:2025-10737:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10737:01 advisory. com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError CVE-2025-52999 Tenable has extracted the preceding description block...

CLSA-2025-1764847045 jackson-annotations: Fix of CVE-2025-52999

Rebuilt with the CVE-2025-52999: fixed jackson-core version - Fixed build: removed unavailable jackson-parent dependencies...

RLSA-2025:12280 Important: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update

Core part of Jackson that defines Streaming API as well as basic shared abstractions. Security Fixes: com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError CVE-2025-52999 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

RockyLinux 9 : jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base (RLSA-2025:12280)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:12280 advisory. com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError CVE-2025-52999 Tenable has extracted the preceding description block directly...

RHSA-2025:12283 Red Hat Security Advisory: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update

Bulletin has no description...

Oracle Linux 9 : jackson-annotations, / jackson-core, / jackson-databind, / jackson-jaxrs-providers, / and / jackson-modules-base (ELSA-2025-12280)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-12280 advisory. jackson-annotations 2.19.1-1 - Update to version 2.19.1 - Resolves: RHEL-100233 jackson-core 2.19.1-1 - Update to version 2.19.1 - Resolves: RHEL-103636...

RHSA-2025:12281 Red Hat Security Advisory: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update

Bulletin has no description...

Important: Red Hat Security Advisory: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update

An update for jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Comm...

ALSA-2025:12280 Important: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update

Core part of Jackson that defines Streaming API as well as basic shared abstractions. Security Fixes: com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError CVE-2025-52999 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update

jackson-annotations 2.19.1-1 - Update to version 2.19.1 - Resolves: RHEL-100233 jackson-core 2.19.1-1 - Update to version 2.19.1 - Resolves: RHEL-103636 jackson-databind 2.19.1-1 - Update to version 2.19.1 - Resolves: RHEL-100233 jackson-jaxrs-providers 2.19.1-1 - Update to version 2.19.1 -...

OPENSUSE-SU-2024:12100-1 jackson-annotations-2.13.0-3.1 on GA media

These are all security issues fixed in the jackson-annotations-2.13.0-3.1 package on the GA media of openSUSE Tumbleweed...

[SECURITY] Fedora 40 Update: jackson-databind-2.16.1-4.fc40

The general-purpose data-binding functionality and tree-model for Jackson Data Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration...

[SECURITY] Fedora 40 Update: jackson-annotations-2.16.1-3.fc40

Core annotations used for value types, used by Jackson data-binding package...

jackson security update

jackson-annotations 2.14.1-1 - Update to version 2.14.1 - Resolves: 2070122 jackson-core 2.14.1-1 - Update to version 2.14.1 - Resolves: 2070122 jackson-databind 2.14.1-1 - Update to version 2.14.1 - Resolves: 2070122 jackson-jaxrs-providers 2.14.1-1 - Update to version 2.14.1 - Resolves: 2070122...

SUSE SLED15 / SLES15 Security Update : jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core (SUSE-SU-2022:1678-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1678-1 advisory. - A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. Thi...

SUSE: Security Advisory (SUSE-SU-2022:1678-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for jackson-databind, (SUSE-SU-2022:1678-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...