GHSA-xmc8-26q4-qjhx

Source

https://github.com/advisories/GHSA-xmc8-26q4-qjhx

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-xmc8-26q4-qjhx/GHSA-xmc8-26q4-qjhx.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-xmc8-26q4-qjhx

Aliases

CVE-2020-28491
SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329

Published

2021-12-09T19:17:21Z

Modified

2023-11-01T04:52:56.966811Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Denial of Service (DoS) in Jackson Dataformat CBOR

Details

This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 2.8.0-rc1 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.

References

Affected packages

Maven / com.fasterxml.jackson.dataformat:jackson-dataformat-cbor

Package

Name: com.fasterxml.jackson.dataformat:jackson-dataformat-cbor; View open source insights on deps.dev
Purl: pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-cbor

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.8.0rc1

Fixed

2.11.4

Affected versions

2.*

2.8.0.rc1

2.8.0.rc2

2.8.0

2.8.1

2.8.2

2.8.3

2.8.4

2.8.5

2.8.6

2.8.7

2.8.8

2.8.9

2.8.10

2.8.11

2.9.0

2.9.0.pr1

2.9.0.pr2

2.9.0.pr3

2.9.0.pr4

2.9.1

2.9.2

2.9.3

2.9.4

2.9.5

2.9.6

2.9.7

2.9.8

2.9.9

2.9.10

2.10.0

2.10.0.pr1

2.10.0.pr2

2.10.0.pr3

2.10.1

2.10.2

2.10.3

2.10.4

2.10.5

2.11.0.rc1

2.11.0

2.11.1

2.11.2

2.11.3

Maven / com.fasterxml.jackson.dataformat:jackson-dataformat-cbor

Package

Name: com.fasterxml.jackson.dataformat:jackson-dataformat-cbor; View open source insights on deps.dev
Purl: pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-cbor

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.12.0rc1

Fixed

2.12.1

Affected versions

2.*

2.12.0-rc1

2.12.0-rc2

2.12.0