rpm package

suse/jackson-dataformats-binary&distro=SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

pkg:rpm/suse/jackson-dataformats-binary&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS

Vulnerabilities (3)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2020-36518	—	< 2.13.0-150200.3.3.3	2.13.0-150200.3.3.3	Mar 11, 2022	jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVE-2020-28491	—	< 2.13.0-150200.3.3.3	2.13.0-150200.3.3.3	Feb 18, 2021	This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.
CVE-2020-25649	—	< 2.13.0-150200.3.3.3	2.13.0-150200.3.3.3	Dec 3, 2020	A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

CVE-2020-36518Mar 11, 2022
affected < 2.13.0-150200.3.3.3fixed 2.13.0-150200.3.3.3
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVE-2020-28491Feb 18, 2021
affected < 2.13.0-150200.3.3.3fixed 2.13.0-150200.3.3.3
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.
CVE-2020-25649Dec 3, 2020
affected < 2.13.0-150200.3.3.3fixed 2.13.0-150200.3.3.3
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.