VYPR
High severityNVD Advisory· Published Mar 18, 2023· Updated Feb 26, 2025

CVE-2021-46877

CVE-2021-46877

Description

jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
com.fasterxml.jackson.core:jackson-databindMaven
>= 2.10.0, < 2.12.62.12.6
com.fasterxml.jackson.core:jackson-databindMaven
>= 2.13.0, < 2.13.12.13.1

Affected products

15

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.