Lucene search
+L

2941 matches found

nuclei
nuclei
added yesterday29 views

FasterXML jackson-databind - Deserialization Remote Code Execution

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig aka ibatis-sqlmap. This vulnerability allows attackers to execute arbitrary code through deserialization of...

9.8CVSS7.3AI score0.18671EPSS
Exploits0References3
nuclei
nuclei
added yesterday116 views

FasterXML Jackson Databind <=2.9.10.4 - Remote Code Execution

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig aka anteros-core. id: CVE-2020-9548 info: name: FasterXML Jackson Databind =2.9.10.4 - Remote Code Execution author: tomaquet18...

9.8CVSS7AI score0.18345EPSS
Exploits0References5
osv
osv
added 3 days ago4 views

CVE-2026-59889 jackson-databind: @JsonView ypassed for @JsonUnwrapped container properties on deserialization

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.18.0 until 2.18.9, 2.21.5, 2.22.1, 3.1.5, and 3.2.1, UnwrappedPropertyHandler.processUnwrapped replays buffered JSON for a @JsonUnwrapped property and calls...

6.5CVSS6.1AI score0.00416EPSS
Exploits0References6
cve
cve
added 3 days ago8 views

CVE-2026-59889

CVE-2026-59889 affects jackson-databind. UnwrappedPropertyHandler.processUnwrapped replays buffered JSON for a @JsonUnwrapped property and may bypass @JsonView guards during deserialization, enabling writes from attacker JSON under a less-privileged active view. Fixed in 2.18.9, 2.21.5, 2.22.1, 3...

6.5CVSS6.1AI score0.00416EPSS
Exploits0References4
cvelist
cvelist
added 3 days ago34 views

CVE-2026-59889 jackson-databind: @JsonView ypassed for @JsonUnwrapped container properties on deserialization

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.18.0 until 2.18.9, 2.21.5, 2.22.1, 3.1.5, and 3.2.1, UnwrappedPropertyHandler.processUnwrapped replays buffered JSON for a @JsonUnwrapped property and calls...

6.5CVSS0.00416EPSS
Exploits0References4
nvd
nvd
added 3 days ago7 views

CVE-2026-59888

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.15.0 until 2.18.8, 2.21.4, and 3.1.4, Java Records using a PropertyNamingStrategy can bypass @JsonIgnore because POJOPropertiesCollector.removeUnwantedIgnorals records an...

6.5CVSS0.00247EPSS
Exploits0References4
osv
osv
added 3 days ago3 views

CVE-2026-59888 jackson-databind: @JsonIgnore on a Record property is bypassed with a PropertyNamingStrategy

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.15.0 until 2.18.8, 2.21.4, and 3.1.4, Java Records using a PropertyNamingStrategy can bypass @JsonIgnore because POJOPropertiesCollector.removeUnwantedIgnorals records an...

6.5CVSS6.1AI score0.00247EPSS
Exploits0References6
cve
cve
added 3 days ago5 views

CVE-2026-59888

The CVE-2026-59888 issue affects Jackson Databind (Java Records) where, from 2.15.0 through 2.18.8, 2.21.4, and 3.1.4, a PropertyNamingStrategy can cause a bypass of @JsonIgnore. This occurs because POJOPropertiesCollector._removeUnwantedIgnorals() records an ignored component under its original ...

6.5CVSS6.1AI score0.00247EPSS
Exploits0References4
ptsecurity
ptsecurity
added 3 days ago5 views

PT-2026-58808

Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.18.0 through 2.18.8 jackson-databind versions 2.21.0 through 2.21.4 jackson-databind versions 2.22.0 through 2.22.0 jackson-databind versions 3.1.0 through 3.1.4 jackson-databind versions 3.2.0 through 3.2.0...

6.5CVSS6.1AI score0.00416EPSS
Exploits0References10
osv
osv
added 4 days ago9 views

ROOT-APP-MAVEN-CVE-2026-54512 CVE-2026-54512 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root

Root has patched CVE-2026-54512 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...

8.1CVSS5.8AI score0.00617EPSS
Exploits1
osv
osv
added 4 days ago10 views

ROOT-APP-MAVEN-CVE-2026-54513 CVE-2026-54513 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root

Root has patched CVE-2026-54513 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...

8.1CVSS5.8AI score0.00695EPSS
Exploits0
osv
osv
added 2026/07/08 7:5 p.m.3 views

SUSE-SU-2026:2801-1 Security update for jackson-annotations, jackson-bom, jackson-core, jackson-databind, jackson-dataformats-binary, jackson-modules-base, jackson-parent

This update for jackson-annotations, jackson-bom, jackson-core, jackson-databind, jackson-dataformats-binary, jackson-modules-base, jackson-parent fixes the following issues - CVE-2026-54512: jackson-databind has a PolymorphicTypeValidator bypass via generic type parameters that allows arbitrary...

8.1CVSS6.2AI score0.00695EPSS
Exploits1References10
redhat
redhat
added 2026/07/08 6:28 p.m.5 views

jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution

A flaw was found in jackson-databind, a library used for processing data. This vulnerability allows an attacker to bypass security controls designed to validate data types. By sending specially crafted input, an attacker can force the system to process untrusted data, which may lead to the...

8.1CVSS6AI score0.00695EPSS
Exploits0References10
redhat
redhat
added 2026/07/08 6:28 p.m.8 views

jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass

A flaw was found in jackson-databind. This vulnerability allows a remote attacker to bypass the PolymorphicTypeValidator PTV when polymorphic typing is enabled and a type identifier contains generic parameters. By crafting a malicious type ID, an attacker can place a denied class as a generic typ...

8.1CVSS6.2AI score0.00617EPSS
Exploits1References7
osv
osv
added 2026/07/07 3:1 p.m.19 views

ROOT-APP-MAVEN-CVE-2022-42003 CVE-2022-42003 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root

Root has patched CVE-2022-42003 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...

7.5CVSS6.8AI score0.02706EPSS
Exploits2
osv
osv
added 2026/07/07 3:1 p.m.15 views

ROOT-APP-MAVEN-CVE-2022-42004 CVE-2022-42004 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root

Root has patched CVE-2022-42004 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...

7.5CVSS6.7AI score0.02706EPSS
Exploits1
osv
osv
added 2026/07/07 2:52 p.m.9 views

ROOT-APP-MAVEN-CVE-2020-36518 CVE-2020-36518 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root

Root has patched CVE-2020-36518 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...

7.5CVSS6.8AI score0.0486EPSS
Exploits1
osv
osv
added 2026/07/07 2:52 p.m.11 views

ROOT-APP-MAVEN-CVE-2021-46877 CVE-2021-46877 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root

Root has patched CVE-2021-46877 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...

7.5CVSS7.1AI score0.01124EPSS
Exploits1
osv
osv
added 2026/07/07 2:46 p.m.12 views

ROOT-APP-MAVEN-CVE-2020-25649 CVE-2020-25649 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root

Root has patched CVE-2020-25649 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...

7.5CVSS6.7AI score0.17611EPSS
Exploits0
osv
osv
added 2026/07/01 9:2 a.m.2 views

OPENSUSE-SU-2026:21201-1 Security update for jackson-annotations, jackson-core, jackson-databind

This update for jackson-annotations, jackson-core, jackson-databind fixes the following issues - CVE-2026-54512: jackson-databind has a PolymorphicTypeValidator bypass via generic type parameters that allows arbitrary class instantiation bsc1268897. - CVE-2026-54513: jackson-databind has an array...

8.1CVSS6.1AI score0.00695EPSS
Exploits1References9
Rows per page
Query Builder