OESA-2021-1140

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1140

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2021-1140.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2021-1140

Upstream

CVE-2020-28491

Published

2021-04-07T11:02:49Z

Modified

2025-08-12T05:06:18.591032Z

Summary

jackson-dataformats-binary security update

Details

This module is a multi-module umbrella project for Jackson standard binary dataformat backends. Dataformat backends are used to support format alternatives to JSON, using general-purpose Jackson API. Formats included allow access using all 3 API styles (streaming, databinding, tree model).

Security Fix(es):

This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.(CVE-2020-28491)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / jackson-dataformats-binary

Package

Name: jackson-dataformats-binary
Purl: pkg:rpm/openEuler/jackson-dataformats-binary&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.4-6.oe1

Ecosystem specific

{
    "src": [
        "jackson-dataformats-binary-2.9.4-6.oe1.src.rpm"
    ],
    "noarch": [
        "jackson-dataformats-binary-2.9.4-6.oe1.noarch.rpm"
    ]
}