CVE-2026-59888 in jackson-databind정보

요약

\~에 의해 MITRE • 2026. 07. 14.

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.15.0 until 2.18.8, 2.21.4, and 3.1.4, Java Records using a PropertyNamingStrategy can bypass @JsonIgnore because POJOPropertiesCollector._removeUnwantedIgnorals() records an ignored component under its original implicit name before _renameUsing() applies the naming strategy, allowing the renamed JSON key to be assigned to the Record constructor parameter. This issue is fixed in versions 2.18.8, 2.21.4, and 3.1.4.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

출처

Want to stay up to date on a daily basis?

Enable the mail alert feature now!