Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-36518

Опубликовано: 13 авг. 2020
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.

Отчет

CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
A-MQ Clients 2jackson-databindNot affected
Red Hat A-MQ Onlinejackson-databindNot affected
Red Hat BPM Suite 6jackson-databindOut of support scope
Red Hat build of Apicurio Registry 2jackson-databindAffected
Red Hat build of Debezium 1jackson-databindWill not fix
Red Hat CodeReady Studio 12jackson-databindOut of support scope
Red Hat Integration Camel K 1jackson-databindAffected
Red Hat Integration Service Registryjackson-databindOut of support scope
Red Hat JBoss A-MQ 6jackson-databindOut of support scope
Red Hat JBoss BRMS 6jackson-databindOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=2064698jackson-databind: denial of service via a large depth of nested objects

EPSS

Процентиль: 65%
0.0049
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-36518

CVSS3: 7.5
ubuntu
больше 3 лет назад

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

nvd логотип

CVE-2020-36518

CVSS3: 7.5
nvd
больше 3 лет назад

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

debian логотип

CVE-2020-36518

CVSS3: 7.5
debian
больше 3 лет назад

jackson-databind before 2.13.0 allows a Java StackOverflow exception a ...

github логотип

GHSA-57j2-w4cx-62h2

CVSS3: 7.5
github
больше 3 лет назад

Deeply nested json in jackson-databind

oracle-oval логотип

ELSA-2024-3061

oracle-oval
около 1 года назад

ELSA-2024-3061: pki-core:10.6 and pki-deps:10.6 security update (MODERATE)

EPSS

Процентиль: 65%
0.0049
Низкий

7.5 High

CVSS3