sonatype-2017-000880

jackson-databind - Missing type checks when using polymorphic type ids

Published Jun 4, 2026

CVSS ScoreMedium

6.9

sonatype-2017-000880

jackson-databind - Missing type checks when using polymorphic type ids

Published Jun 4, 2026

CVSS ScoreMedium

6.9

CVE ID: sonatype-2017-000880
CWE: N/A
CVE Description: jackson-databind - Missing type checks when using polymorphic type ids
Published: Jun 4, 2026
CVSS Score & Severity: 6.9Medium
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
EPSS Score: 0%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Vulnerable Methods: com/fasterxml/jackson/databind/jsontype/impl/ClassNameIdResolver._typeFromId(Ljava/lang/String;Lcom/fasterxml/jackson/databind/DatabindContext;)Lcom/fasterxml/jackson/databind/JavaType;
JVMVulnerable params: 0
Affected Ecosystems: affected
Source: Sonatype
References: GitHub · Issue #1735PROJECT

CVE ID: sonatype-2017-000880
CWE: N/A
CVE Description: jackson-databind - Missing type checks when using polymorphic type ids
Published: Jun 4, 2026
CVSS Score & Severity: 6.9Medium
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
EPSS Score: 0%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Vulnerable Methods: com/fasterxml/jackson/databind/jsontype/impl/ClassNameIdResolver._typeFromId(Ljava/lang/String;Lcom/fasterxml/jackson/databind/DatabindContext;)Lcom/fasterxml/jackson/databind/JavaType;
JVMVulnerable params: 0
Affected Ecosystems: affected
Source: Sonatype
References: GitHub · Issue #1735PROJECT

Find vulnerabilities. Fix fast with AI.