2 matches found
CVE-2026-41732
JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Additionally, an empty trusted-packages configuration fell back to trusting all packages rather than applying a safe default...
Deserialization of Untrusted Data
Overview org.springframework.pulsar:spring-pulsar is a Spring Pulsar Core Affected versions of this package are vulnerable to Deserialization of Untrusted Data via trusted package validation in JsonPulsarHeaderMapper. An attacker can trigger deserialization of unintended classes by supplying...