Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/06/23 8:56 p.m.38 views

CVE-2026-54512 jackson-databind: PolymorphicTypeValidator bypass via generic type parameters allows arbitrary class instantiation

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, jackson-databind's PolymorphicTypeValidator PTV is the primary safety mechanism guarding polymorphic deserialization. When polymorphic...

8.1CVSS0.00617EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.6 views

SUSE CVE-2019-12086

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint, the service has the mysql-connector-java jar 8.0.14 or earlier in the classpath, and an...

7.5CVSS8.3AI score0.21949EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:50 a.m.4 views

SUSE CVE-2020-36188

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource...

8.1CVSS8.7AI score0.10911EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2020/01/21 3:22 a.m.6 views

jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariDataSource gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7AI score0.04918EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2019/09/23 6:33 p.m.8 views

ai.agnos:reactive-sparql_2.12 (>=0.3.0 <=0.3.1), ai.databand:dbnd-agent (>=0.42.1 <=0.80.6) +11468 more potentially affected by CVE-2019-16335 via com.fasterxml.jackson.core:jackson-databind (>=2.7.0 <=2.8.11.4)

com.fasterxml.jackson.core:jackson-databind MAVEN version =2.7.0, =0.3.0, =0.42.1, =0.42.1, =0.40.2, =0.42.1, =0.1.8, =0.2, =0.5, =0.8.0, =2.3.0, =1.5.6, =4.2.1, =4.4.1, =3.3.3, =3.3.8 and more Source cves: CVE-2019-16335 Source advisory: OSV:GHSA-85CW-HJ65-QQV9...

9.8CVSS6.8AI score0.04918EPSS
Exploits0
Rows per page
Query Builder