396 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-54512
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4,...
jackson-databind has an array subtype allowlist bypass in BasicPolymorphicTypeValidator (allowIfSubTypeIsArray)
Summary BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray allowlists any array type based only on clazz.isArray, without validating the array's component element type against the configured allowlist. A PTV built with allowIfSubTypeIsArray plus an explicit concrete-type allowlist...
DEBIAN-CVE-2026-54512
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, jackson-databind's PolymorphicTypeValidator PTV is the primary safety mechanism guarding polymorphic deserialization. When polymorphic...
CVE-2026-54512
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, jackson-databind's PolymorphicTypeValidator PTV is the primary safety mechanism guarding polymorphic deserialization. When polymorphic...
UBUNTU-CVE-2026-54512
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, jackson-databind's PolymorphicTypeValidator PTV is the primary safety mechanism guarding polymorphic deserialization. When polymorphic...
CVE-2026-54512
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, jackson-databind's PolymorphicTypeValidator PTV is the primary safety mechanism guarding polymorphic deserialization. When polymorphic...
CVE-2026-54512
jackson-databind contains a PolymorphicTypeValidator (PTV) bypass vulnerability. When polymorphic typing is enabled and the type ID includes generic parameters, DatabindContext._resolveAndValidateGeneric() validates only the raw container class name, then parses the full canonical type without va...
EUVD-2026-38595
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, jackson-databind's PolymorphicTypeValidator PTV is the primary safety mechanism guarding polymorphic deserialization. When polymorphic...
PT-2026-51595
Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.10.0 through 2.18.7 jackson-databind versions 2.21.0 through 2.21.3 jackson-databind versions 3.1.0 through 3.1.3 Description An issue exists in the PolymorphicTypeValidator PTV, the primary safety mechanism for...
EUVD-2019-0186
Malware in sbrugna...
EUVD-2020-0440
Malware in sbrugna...
EUVD-2019-0182
Malware in sbrugna...
EUVD-2019-0181
Malware in sbrugna...
EUVD-2019-0191
Malware in sbrugna...
EUVD-2020-0420
Malware in sbrugna...
EUVD-2019-0198
Malware in sbrugna...
EUVD-2019-0173
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2018-14720
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity XXE attacks by leveraging failure to block unspecified JDK...
Linux Distros Unpatched Vulnerability : CVE-2019-12384
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from...
Linux Distros Unpatched Vulnerability : CVE-2018-19362
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from...