CVE-2021-46877
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-46877
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-46877.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-46877
- Aliases
- Related
- Published
- 2023-03-18T22:15:11Z
- Modified
- 2024-10-15T05:56:57.806885Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.
- References
Affected packages
Debian:11 / jackson-databind
Package
- Name
- jackson-databind
- Purl
- pkg:deb/debian/jackson-databind?arch=source
Debian:12 / jackson-databind
Package
- Name
- jackson-databind
- Purl
- pkg:deb/debian/jackson-databind?arch=source
Debian:13 / jackson-databind
Package
- Name
- jackson-databind
- Purl
- pkg:deb/debian/jackson-databind?arch=source
Git / github.com/fasterxml/jackson-databind
Affected versions
jackson-databind-2.*
jackson-databind-2.10.0
jackson-databind-2.10.1
jackson-databind-2.10.2
jackson-databind-2.10.3
jackson-databind-2.10.4
jackson-databind-2.10.5
jackson-databind-2.10.5.1
jackson-databind-2.11.0
jackson-databind-2.11.0.rc1
jackson-databind-2.11.1
jackson-databind-2.11.2
jackson-databind-2.11.3
jackson-databind-2.11.4
jackson-databind-2.12.0
jackson-databind-2.12.0-rc1
jackson-databind-2.12.0-rc2
jackson-databind-2.12.1
jackson-databind-2.12.2
jackson-databind-2.12.3
jackson-databind-2.12.4
jackson-databind-2.12.5
jackson-databind-2.7.9.7
jackson-databind-2.8.11.5
jackson-databind-2.8.11.6
jackson-databind-2.9.10.1
jackson-databind-2.9.10.2
jackson-databind-2.9.10.3
jackson-databind-2.9.10.4
jackson-databind-2.9.10.5
jackson-databind-2.9.10.6
jackson-databind-2.9.10.7
jackson-databind-2.9.10.8