Skip to content

Commit d110a09

Browse files
Merge pull request #412 from IABTechLab/bmz-UID2-7364-jackson-databind-cve
UID2-7364: Suppress CVE-2026-54512 / CVE-2026-54513 (jackson-databind)
2 parents 25171bf + fc1cd2e commit d110a09

1 file changed

Lines changed: 8 additions & 0 deletions

File tree

.trivyignore

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,3 +14,11 @@ GHSA-72hv-8253-57qq exp:2026-09-01
1414
# LB-level connection limits and idle timeouts further cap the blast radius. CVSS impact is
1515
# Availability only (C:N/I:N/A:H). Tracking via UID2-7035; revisit on vert.x 5 migration.
1616
CVE-2026-42577 exp:2026-09-11
17+
18+
# jackson-databind data-binding vulnerability - no upstream fix released yet (fix targets: 2.18.8, 2.21.4, 3.1.4)
19+
# jackson-databind is pulled in transitively via uid2-shared; the version fix is tracked in
20+
# uid2-shared (https://github.com/IABTechLab/uid2-shared/pull/631) and will flow here on the
21+
# next uid2-shared release. Suppressing in the interim.
22+
# See: UID2-7364
23+
CVE-2026-54512 exp:2026-07-25
24+
CVE-2026-54513 exp:2026-07-25

0 commit comments

Comments
 (0)