80 matches found
CVE-2026-54517
A flaw was found in jackson-databind. A remote attacker can exploit this vulnerability due to an issue in how active-view @JsonView filters are applied. Specifically, setterless collections annotated with a restricted @JsonView can be populated from attacker-controlled JSON even when the active...
Incomplete List of Disallowed Inputs
Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the...
GHSA-RMJ7-2VXQ-3G9F jackson-databind has an array subtype allowlist bypass in BasicPolymorphicTypeValidator (allowIfSubTypeIsArray)
Summary BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray allowlists any array type based only on clazz.isArray, without validating the array's component element type against the configured allowlist. A PTV built with allowIfSubTypeIsArray plus an explicit concrete-type allowlist...
CVE-2026-54516
The CVE-2026-54516 vulnerability affects jackson-databind where, from 2.21.0 through 2.21.4 and in 3.1.4, POJOPropertiesCollector._renameProperties() can rename a property annotated with @JsonProperty("renamed") on the getter while the setter is annotated with @JsonIgnore. When MapperFeature.INFE...
Astra Linux – Vulnerability in Jackson-Databind
FasterXML Jackson-Databind 2.x versions before 2.9.10.8 mishandle the interaction between serialization gadgets and typing, related to com.newrelic agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource...
EUVD-2019-0191
Malware in sbrugna...
EUVD-2019-0658
Malware in sbrugna...
EUVD-2020-0384
Malware in sbrugna...
EUVD-2020-0497
Malware in sbrugna...
EUVD-2020-0495
Malware in sbrugna...
EUVD-2021-2511
Malware in sbrugna...
EUVD-2020-0420
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-14540
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig. CVE-2019-14540 Note that...
Linux Distros Unpatched Vulnerability : CVE-2020-36181
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...
Linux Distros Unpatched Vulnerability : CVE-2020-9548
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to...
Linux Distros Unpatched Vulnerability : CVE-2020-10673
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceR...
Linux Distros Unpatched Vulnerability : CVE-2018-14718
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from...
Linux Distros Unpatched Vulnerability : CVE-2020-36186
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...
Linux Distros Unpatched Vulnerability : CVE-2020-36185
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...
Linux Distros Unpatched Vulnerability : CVE-2018-12022
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled either globally or for a specific...