Skip to content

Case-insensitive deserialization may use wrong @JsonIgnoreProperties [CVE-2026-54515] #5962

Description

@cowtowncoder

Due to mis-applied _beanProperties, BeanDeserializerBase fails to apply @JsonIgnoreProperties in some cases.

See https://advisories.gitlab.com/maven/tools.jackson.core/jackson-databind/CVE-2026-54515/

Metadata

Metadata

Assignees

No one assigned

    Labels

    2.18Issues planned at 2.18 or later2.213.1CVEIssues related to public CVEs (security vuln reports)

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions