jackson-security
OfficialSecure Jackson deserialization against attacks.
Software Engineering#security#vulnerability#java#deserialization#jackson#secure-config#attack-vector
AuthorGeneralReasoning
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Jackson deserialization can be exploited during parsing, allowing attackers to trigger unintended object creation or logic when processing JSON in Java apps. This Skill helps teams understand how deserialization works, the associated attack vectors, and practical defenses to reduce risk.
Core Features & Use Cases
- Explains common attack patterns in Jackson deserialization (empty key, polymorphic type handling, duplicate keys) and how they can affect applications.
- Provides defensive practices: safe configuration, input validation, and secure object mapping strategies across backend services and APIs.
- Real-world use cases include hardening REST services, reviewing deserialization code paths, and validating third-party integrations against Jackson risks.
Quick Start
Analyze a sample JSON payload to identify potential deserialization risk and propose safe Jackson configuration settings.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: jackson-security Download link: https://github.com/GeneralReasoning/env-skillsbench/archive/main.zip#jackson-security Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.