Lucene search
K

80 matches found

RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-54517

A flaw was found in jackson-databind. A remote attacker can exploit this vulnerability due to an issue in how active-view @JsonView filters are applied. Specifically, setterless collections annotated with a restricted @JsonView can be populated from attacker-controlled JSON even when the active...

5.3CVSS5.7AI score0.00237EPSS
Exploits0References8
Snyk
Snyk
added 2026/06/23 9:22 p.m.4 views

Incomplete List of Disallowed Inputs

Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the...

9.2CVSS5.8AI score0.00677EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 9:22 p.m.4 views

GHSA-RMJ7-2VXQ-3G9F jackson-databind has an array subtype allowlist bypass in BasicPolymorphicTypeValidator (allowIfSubTypeIsArray)

Summary BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray allowlists any array type based only on clazz.isArray, without validating the array's component element type against the configured allowlist. A PTV built with allowIfSubTypeIsArray plus an explicit concrete-type allowlist...

8.1CVSS5.8AI score0.00677EPSS
Exploits0References7
CVE
CVE
added 2026/06/23 8:48 p.m.39 views

CVE-2026-54516

The CVE-2026-54516 vulnerability affects jackson-databind where, from 2.21.0 through 2.21.4 and in 3.1.4, POJOPropertiesCollector._renameProperties() can rename a property annotated with @JsonProperty("renamed") on the getter while the setter is annotated with @JsonIgnore. When MapperFeature.INFE...

5.3CVSS5.9AI score0.00282EPSS
Exploits0References5Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Jackson-Databind

FasterXML Jackson-Databind 2.x versions before 2.9.10.8 mishandle the interaction between serialization gadgets and typing, related to com.newrelic agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource...

8.1CVSS8AI score0.04912EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-0191

Malware in sbrugna...

9.8CVSS9.1AI score0.10599EPSS
Exploits0References56
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-0658

Malware in sbrugna...

9.8CVSS7.8AI score0.04918EPSS
Exploits0References62
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-0384

Malware in sbrugna...

8.1CVSS8.5AI score0.05594EPSS
Exploits0References26
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-0497

Malware in sbrugna...

8.1CVSS8.5AI score0.04511EPSS
Exploits0References21
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-0495

Malware in sbrugna...

8.1CVSS7.4AI score0.08607EPSS
Exploits0References26
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-2511

Malware in sbrugna...

8.1CVSS8.5AI score0.10911EPSS
Exploits1References18
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-0420

Malware in sbrugna...

9.8CVSS7.6AI score0.0544EPSS
Exploits0References25
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2019-14540

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig. CVE-2019-14540 Note that...

9.8CVSS7.3AI score0.10676EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2020-36181

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.8CVSS7.1AI score0.05018EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2020-9548

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to...

9.8CVSS7.4AI score0.18345EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-10673

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceR...

8.8CVSS7AI score0.07963EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2018-14718

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from...

9.8CVSS8.5AI score0.12679EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2020-36186

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS7.1AI score0.05218EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2020-36185

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS7.1AI score0.05218EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2018-12022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled either globally or for a specific...

7.5CVSS8AI score0.07289EPSS
Exploits0References2
Rows per page
Query Builder