High severityNVD Advisory· Published Mar 18, 2023· Updated Feb 26, 2025
CVE-2021-46877
CVE-2021-46877
Description
jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.fasterxml.jackson.core:jackson-databindMaven | >= 2.10.0, < 2.12.6 | 2.12.6 |
com.fasterxml.jackson.core:jackson-databindMaven | >= 2.13.0, < 2.13.1 | 2.13.1 |
Affected products
15- jackson-databind/jackson-databinddescription
- osv-coords14 versionspkg:apk/chainguard/cassandra-reaperpkg:apk/chainguard/management-api-for-apache-cassandra-4.0pkg:apk/chainguard/management-api-for-apache-cassandra-4.0-compatpkg:apk/chainguard/management-api-for-apache-cassandra-4.1pkg:apk/chainguard/management-api-for-apache-cassandra-5.0pkg:apk/chainguard/management-api-for-apache-cassandra-5.0-compatpkg:apk/chainguard/request-1277pkg:apk/chainguard/scala-3.8pkg:apk/wolfi/cassandra-reaperpkg:apk/wolfi/management-api-for-apache-cassandra-4.1pkg:apk/wolfi/management-api-for-apache-cassandra-5.0pkg:apk/wolfi/management-api-for-apache-cassandra-5.0-compatpkg:apk/wolfi/scala-3.8pkg:maven/com.fasterxml.jackson.core/jackson-databind
< 4.0.1-r1+ 13 more
- (no CPE)range: < 4.0.1-r1
- (no CPE)range: < 0.1.89-r0
- (no CPE)range: < 0.1.89-r0
- (no CPE)range: < 0.1.109-r0
- (no CPE)range: < 0.1.89-r0
- (no CPE)range: < 0.1.89-r0
- (no CPE)range: < 0.1.89-r0
- (no CPE)range: < 3.8.4-r1
- (no CPE)range: < 4.0.1-r1
- (no CPE)range: < 0.1.109-r0
- (no CPE)range: < 0.1.89-r0
- (no CPE)range: < 0.1.89-r0
- (no CPE)range: < 3.8.4-r1
- (no CPE)range: >= 2.10.0, < 2.12.6
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-3x8x-79m2-3w2wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-46877ghsaADVISORY
- github.com/FasterXML/jackson-databind/commit/3ccde7d938fea547e598fdefe9a82cff37fed5cbghsaWEB
- github.com/FasterXML/jackson-databind/issues/3328ghsaWEB
- groups.google.com/g/jackson-user/c/OsBsirPM_VwghsaWEB
News mentions
0No linked articles in our index yet.