Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1000873

Опубликовано: 24 окт. 2018
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat BPM Suite 6jackson-databindNot affected
Red Hat Decision Manager 7jackson-datatype-jsr310Not affected
Red Hat Enterprise Linux 8jackson-databindNot affected
Red Hat JBoss A-MQ 6jackson-databindNot affected
Red Hat JBoss BRMS 6jackson-databindNot affected
Red Hat JBoss Data Grid 7jackson-databindNot affected
Red Hat JBoss Data Virtualization 6jackson-databindOut of support scope
Red Hat JBoss Enterprise Application Platform 6jackson-databindNot affected
Red Hat JBoss Enterprise Application Platform 7jackson-datatype-jsr310Affected
Red Hat JBoss Fuse 6jackson-databindNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1665601jackson-modules-java8: DoS due to an Improper Input Validation

EPSS

Процентиль: 80%
0.01364
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-1000873

CVSS3: 6.5
ubuntu
около 7 лет назад

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.

nvd логотип

CVE-2018-1000873

CVSS3: 6.5
nvd
около 7 лет назад

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.

github логотип

GHSA-h4x4-5qp2-wp46

CVSS3: 6.5
github
около 7 лет назад

Moderate severity vulnerability that affects com.fasterxml.jackson.datatype:jackson-datatype-jsr353

fstec логотип

BDU:2019-04401

CVSS3: 6.5
fstec
около 7 лет назад

Уязвимость модуля Jackson-Modules-Java8 Java-библиотеки для грамматического разбора JSON файлов Jackson-databind, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 80%
0.01364
Низкий

5.3 Medium

CVSS3