Skip to content

Commit eb8029f

Browse files
Merge pull request #2621 from IABTechLab/bmz-UID2-7364-jackson-databind-cve
UID2-7364: Suppress CVE-2026-54512 / CVE-2026-54513 (jackson-databind)
2 parents 117a894 + 4553c1c commit eb8029f

1 file changed

Lines changed: 8 additions & 0 deletions

File tree

.trivyignore

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,3 +36,11 @@ CVE-2026-42577 exp:2026-09-11
3636
# libcrypto3 C library. No JNI or OpenSSL calls in source. Attack vector (malformed
3737
# PKCS#7/S/MIME parsing) is not reachable from this service. See: UID2-7279
3838
CVE-2026-45447 exp:2026-07-11
39+
40+
# jackson-databind data-binding vulnerability - no upstream fix released yet (fix targets: 2.18.8, 2.21.4, 3.1.4)
41+
# jackson-databind is pulled in transitively via uid2-shared; the version fix is tracked in
42+
# uid2-shared (https://github.com/IABTechLab/uid2-shared/pull/631) and will flow here on the
43+
# next uid2-shared release. Suppressing in the interim.
44+
# See: UID2-7364
45+
CVE-2026-54512 exp:2026-07-25
46+
CVE-2026-54513 exp:2026-07-25

0 commit comments

Comments
 (0)