Описание
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | not-affected | disputed |
| esm-apps/bionic | not-affected | disputed |
| esm-apps/focal | not-affected | disputed |
| esm-apps/jammy | not-affected | disputed |
| esm-apps/noble | not-affected | disputed |
| esm-apps/xenial | not-affected | disputed |
| esm-infra-legacy/trusty | not-affected | disputed |
| focal | not-affected | disputed |
| jammy | not-affected | disputed |
Показывать по
EPSS
4.7 Medium
CVSS3
Связанные уязвимости
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.
jackson-databind through 2.15.2 allows attackers to cause a denial of ...
An issue was discovered jackson-databind thru 2.15.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
Уязвимость библиотеки Jackson-databind проекта FasterXML, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
4.7 Medium
CVSS3