44 matches found
SUSE-SU-2026:2801-1 Security update for jackson-annotations, jackson-bom, jackson-core, jackson-databind, jackson-dataformats-binary, jackson-modules-base, jackson-parent
This update for jackson-annotations, jackson-bom, jackson-core, jackson-databind, jackson-dataformats-binary, jackson-modules-base, jackson-parent fixes the following issues - CVE-2026-54512: jackson-databind has a PolymorphicTypeValidator bypass via generic type parameters that allows arbitrary...
OPENSUSE-SU-2026:21201-1 Security update for jackson-annotations, jackson-core, jackson-databind
This update for jackson-annotations, jackson-core, jackson-databind fixes the following issues - CVE-2026-54512: jackson-databind has a PolymorphicTypeValidator bypass via generic type parameters that allows arbitrary class instantiation bsc1268897. - CVE-2026-54513: jackson-databind has an array...
SUSE-SU-2026:22504-1 Security update for jackson-annotations, jackson-core, jackson-databind
This update for jackson-annotations, jackson-core, jackson-databind fixes the following issues - CVE-2026-54512: jackson-databind has a PolymorphicTypeValidator bypass via generic type parameters that allows arbitrary class instantiation bsc1268897. - CVE-2026-54513: jackson-databind has an array...
CVE-2026-41006 Spring HATEOAS Collection+JSON/UBER deserializers do not honor Jackson configuration
Spring HATEOAS's internal PropertyUtils.createObjectFromProperties method, used by the Collection+JSON and UBER media type deserializers, performs bean property binding via reflection without consulting Jackson access-control annotations. Affected versions: Spring HATEOAS 1.5.0 through 1.5.6; 2.3...
VMware Spring HATEOAS 访问控制错误漏洞
VMware Spring HATEOAS is a REST API hypermedia development framework provided by the American company VMware. Vulnerabilities in access control exist in versions 1.5.0 to 1.5.6, 2.3.0 to 2.3.4, 2.4.0 to 2.4.1, 2.5.0 to 2.5.2, and 3.0.0 to 3.0.3 of VMware Spring HATEOAS. This vulnerability stems...
cve-2026-41006 - HIGH - Spring HATEOAS Collection+JSON/UBER deserializers do not honor Jackson configuration
cve-2026-41006 - HIGH - Spring HATEOAS Collection+JSON/UBER deserializers do not honor Jackson configuration...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via reflective property binding in PropertyUtils.createObjectFromProperties. An attacker can modify security-sensitive object properties by supplying crafted...
MiracleLinux 9 : jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base (AXSA:2025-10737:01)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10737:01 advisory. com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError CVE-2025-52999 Tenable has extracted the preceding description block...
CLSA-2025-1764847045 jackson-annotations: Fix of CVE-2025-52999
Rebuilt with the CVE-2025-52999: fixed jackson-core version - Fixed build: removed unavailable jackson-parent dependencies...
RLSA-2025:12280 Important: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update
Core part of Jackson that defines Streaming API as well as basic shared abstractions. Security Fixes: com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError CVE-2025-52999 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...
RockyLinux 9 : jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base (RLSA-2025:12280)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:12280 advisory. com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError CVE-2025-52999 Tenable has extracted the preceding description block directly...
RHSA-2025:12283 Red Hat Security Advisory: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update
Bulletin has no description...
Oracle Linux 9 : jackson-annotations, / jackson-core, / jackson-databind, / jackson-jaxrs-providers, / and / jackson-modules-base (ELSA-2025-12280)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-12280 advisory. jackson-annotations 2.19.1-1 - Update to version 2.19.1 - Resolves: RHEL-100233 jackson-core 2.19.1-1 - Update to version 2.19.1 - Resolves: RHEL-103636...
RHSA-2025:12281 Red Hat Security Advisory: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update
Bulletin has no description...
Important: Red Hat Security Advisory: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update
An update for jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Comm...
ALSA-2025:12280 Important: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update
Core part of Jackson that defines Streaming API as well as basic shared abstractions. Security Fixes: com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError CVE-2025-52999 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...
jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update
jackson-annotations 2.19.1-1 - Update to version 2.19.1 - Resolves: RHEL-100233 jackson-core 2.19.1-1 - Update to version 2.19.1 - Resolves: RHEL-103636 jackson-databind 2.19.1-1 - Update to version 2.19.1 - Resolves: RHEL-100233 jackson-jaxrs-providers 2.19.1-1 - Update to version 2.19.1 -...
OPENSUSE-SU-2024:12100-1 jackson-annotations-2.13.0-3.1 on GA media
These are all security issues fixed in the jackson-annotations-2.13.0-3.1 package on the GA media of openSUSE Tumbleweed...
[SECURITY] Fedora 40 Update: jackson-annotations-2.16.1-3.fc40
Core annotations used for value types, used by Jackson data-binding package...
[SECURITY] Fedora 40 Update: jackson-databind-2.16.1-4.fc40
The general-purpose data-binding functionality and tree-model for Jackson Data Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration...