Jackson-databind PolymorphicTypeValidator Bypass via Generic Type Parameters
Security AdvisoryCriticalFasterXML
Affected:
- com.fasterxml.jackson.core:jackson-databind 2.10.0-2.18.7
- tools.jackson.core:jackson-databind 3.0.0-3.1.3
Fixed in:
- 2.18.8
- 2.21.4
- 3.1.4
Referenced CVEs: CVE-2026-54512 · 8.1
文章内图片已隐藏以节省流量 · Upgrade to Pro to view images & offline archive
This content was auto-fetched from github.com, cleaned by our LLM pipeline, and translated to English. View original.