CPE Details
FasterXML Jackson-databind 2.11.3
2.11.3
2022-09-07
13h15 +00:00
13h15 +00:00
2023-09-12
18h28 +00:00
18h28 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:fasterxml:jackson-databind:2.11.3:*:*:*:*:*:*:*
Informations
Vendor
fasterxmlProduct
jackson-databindVersion
2.11.3Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker. | 4.7 |
Medium |
||
| jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. | 7.5 |
High |
||
| In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. | 7.5 |
High |
||
| In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. | 7.5 |
High |
||
| jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. | 7.5 |
High |
2025©
tesweb SA
