rpm package
suse/jackson-databind&distro=SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
pkg:rpm/suse/jackson-databind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOS
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-42004 | — | < 2.13.4.2-150200.3.12.1 | 2.13.4.2-150200.3.12.1 | Oct 2, 2022 | In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. | ||
| CVE-2022-42003 | — | < 2.13.4.2-150200.3.12.1 | 2.13.4.2-150200.3.12.1 | Oct 2, 2022 | In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. | ||
| CVE-2020-36518 | — | < 2.13.0-150200.3.9.1 | 2.13.0-150200.3.9.1 | Mar 11, 2022 | jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. | ||
| CVE-2020-28491 | — | < 2.13.0-150200.3.9.1 | 2.13.0-150200.3.9.1 | Feb 18, 2021 | This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception. | ||
| CVE-2020-25649 | — | < 2.13.0-150200.3.9.1 | 2.13.0-150200.3.9.1 | Dec 3, 2020 | A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. |
- CVE-2022-42004Oct 2, 2022affected < 2.13.4.2-150200.3.12.1fixed 2.13.4.2-150200.3.12.1
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
- CVE-2022-42003Oct 2, 2022affected < 2.13.4.2-150200.3.12.1fixed 2.13.4.2-150200.3.12.1
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
- CVE-2020-36518Mar 11, 2022affected < 2.13.0-150200.3.9.1fixed 2.13.0-150200.3.9.1
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
- CVE-2020-28491Feb 18, 2021affected < 2.13.0-150200.3.9.1fixed 2.13.0-150200.3.9.1
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.
- CVE-2020-25649Dec 3, 2020affected < 2.13.0-150200.3.9.1fixed 2.13.0-150200.3.9.1
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.