CVE-2026-54517
- EPSS 0.24%
- Veröffentlicht 23.06.2026 21:17:02
- Zuletzt bearbeitet 27.06.2026 20:51:09
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, in BeanDeserializer._deserializeUsingPropertyBased, the active-view (@JsonView) filter was applied...
CVE-2026-54516
- EPSS 0.28%
- Veröffentlicht 23.06.2026 21:17:02
- Zuletzt bearbeitet 27.06.2026 20:52:12
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector._renameProperties() allows a property with @JsonProperty("renamed") on the...
CVE-2026-54515
- EPSS 0.35%
- Veröffentlicht 23.06.2026 21:17:02
- Zuletzt bearbeitet 29.06.2026 13:38:59
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.0 until 2.18.9, 2.21.5, and 3.1.4, in BeanDeserializerBase.createContextual(), per-property @JsonIgnoreProperties exclusions ...
CVE-2026-54514
- EPSS 0.22%
- Veröffentlicht 23.06.2026 21:17:02
- Zuletzt bearbeitet 27.06.2026 20:55:09
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddress(host, p...
CVE-2026-54513
- EPSS 0.68%
- Veröffentlicht 23.06.2026 21:17:02
- Zuletzt bearbeitet 09.07.2026 13:17:29
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray() allowlists any array type b...
CVE-2026-54512
- EPSS 0.62%
- Veröffentlicht 23.06.2026 21:17:02
- Zuletzt bearbeitet 27.06.2026 21:01:36
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, jackson-databind's PolymorphicTypeValidator (PTV) is the primary safety mechanism guardin...
CVE-2026-50193
- EPSS 0.62%
- Veröffentlicht 23.06.2026 21:17:01
- Zuletzt bearbeitet 27.06.2026 21:05:59
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.13.0 until 2.14.0, a potential Denial-of-Service exists when attacker sends deeply nested JSON if (and only if) the service rea...
CVE-2026-54518
- EPSS 0.21%
- Veröffentlicht 23.06.2026 21:02:07
- Zuletzt bearbeitet 27.06.2026 20:49:30
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, UnwrappedPropertyHandler.processUnwrappedCreatorProperties() replays buffered JSON into creator pa...
CVE-2025-52999
- EPSS 0.63%
- Veröffentlicht 25.06.2025 17:02:57
- Zuletzt bearbeitet 15.04.2026 00:35:42
jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing ...
CVE-2023-35116
- EPSS 0.35%
- Veröffentlicht 14.06.2023 14:15:10
- Zuletzt bearbeitet 21.11.2024 08:07:58
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the...