VYPR

rpm package

suse/jackson-databind&distro=SUSE Enterprise Storage 7

pkg:rpm/suse/jackson-databind&distro=SUSE%20Enterprise%20Storage%207

Vulnerabilities (5)

  • CVE-2022-42004Oct 2, 2022
    affected < 2.13.4.2-150200.3.12.1fixed 2.13.4.2-150200.3.12.1

    In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.

  • CVE-2022-42003Oct 2, 2022
    affected < 2.13.4.2-150200.3.12.1fixed 2.13.4.2-150200.3.12.1

    In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.

  • CVE-2020-36518Mar 11, 2022
    affected < 2.13.0-150200.3.9.1fixed 2.13.0-150200.3.9.1

    jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

  • CVE-2020-28491Feb 18, 2021
    affected < 2.13.0-150200.3.9.1fixed 2.13.0-150200.3.9.1

    This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.

  • CVE-2020-25649Dec 3, 2020
    affected < 2.13.0-150200.3.9.1fixed 2.13.0-150200.3.9.1

    A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.