Fasterxml

Jackson-databind

79 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.24%
  • Veröffentlicht 23.06.2026 21:17:02
  • Zuletzt bearbeitet 27.06.2026 20:51:09

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, in BeanDeserializer._deserializeUsingPropertyBased, the active-view (@JsonView) filter was applied...

  • EPSS 0.28%
  • Veröffentlicht 23.06.2026 21:17:02
  • Zuletzt bearbeitet 27.06.2026 20:52:12

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector._renameProperties() allows a property with @JsonProperty("renamed") on the...

  • EPSS 0.35%
  • Veröffentlicht 23.06.2026 21:17:02
  • Zuletzt bearbeitet 29.06.2026 13:38:59

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.0 until 2.18.9, 2.21.5, and 3.1.4, in BeanDeserializerBase.createContextual(), per-property @JsonIgnoreProperties exclusions ...

  • EPSS 0.22%
  • Veröffentlicht 23.06.2026 21:17:02
  • Zuletzt bearbeitet 27.06.2026 20:55:09

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddress(host, p...

  • EPSS 0.68%
  • Veröffentlicht 23.06.2026 21:17:02
  • Zuletzt bearbeitet 09.07.2026 13:17:29

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray() allowlists any array type b...

Exploit
  • EPSS 0.62%
  • Veröffentlicht 23.06.2026 21:17:02
  • Zuletzt bearbeitet 27.06.2026 21:01:36

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, jackson-databind's PolymorphicTypeValidator (PTV) is the primary safety mechanism guardin...

Exploit
  • EPSS 0.62%
  • Veröffentlicht 23.06.2026 21:17:01
  • Zuletzt bearbeitet 27.06.2026 21:05:59

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.13.0 until 2.14.0, a potential Denial-of-Service exists when attacker sends deeply nested JSON if (and only if) the service rea...

  • EPSS 0.21%
  • Veröffentlicht 23.06.2026 21:02:07
  • Zuletzt bearbeitet 27.06.2026 20:49:30

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, UnwrappedPropertyHandler.processUnwrappedCreatorProperties() replays buffered JSON into creator pa...

Medienbericht
  • EPSS 0.63%
  • Veröffentlicht 25.06.2025 17:02:57
  • Zuletzt bearbeitet 15.04.2026 00:35:42

jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing ...

  • EPSS 0.35%
  • Veröffentlicht 14.06.2023 14:15:10
  • Zuletzt bearbeitet 21.11.2024 08:07:58

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the...