WS-2018-0124
Published:May 19, 2026
Updated:May 19, 2026
In Jackson Core before version 2.8.6 if the REST endpoint consumes POST requests with JSON or XML data and data are invalid, the first unrecognized token is printed to server.log. If the first token is word of length 10MB, the whole word is printed. This is potentially dangerous and can be used to attack the server by filling the disk with logs.
Affected Packages
pepgenome (CONDA):
Affected version(s) =1.1.betaFix Suggestion:
Update to version no_fixbeakerx (CONDA):
Affected version(s) >=0.3.0.dev0 <0.12.0Fix Suggestion:
Update to version 0.12.0r-awr (CONDA):
Affected version(s) =1.11.189 <1.11.189_1Fix Suggestion:
Update to version 1.11.189_1mpa-portable (CONDA):
Affected version(s) =1.4.1 <1.9.0Fix Suggestion:
Update to version 1.9.0beakerx (CONDA):
Affected version(s) >=0.12.2 <=1.4.1Fix Suggestion:
Update to version no_fixnextflow (CONDA):
Affected version(s) =0.31.1 <0.32.0Fix Suggestion:
Update to version 0.32.0pyspark (CONDA):
Affected version(s) >=2.1.0 <3.0.0Fix Suggestion:
Update to version 3.0.0flapjack (CONDA):
Affected version(s) >=1.16.10.31 <=1.20.10.07Fix Suggestion:
Update to version no_fixnextflow (CONDA):
Affected version(s) >=0.27.0 <0.31.0Fix Suggestion:
Update to version 0.31.0womtool (CONDA):
Affected version(s) =52 <53Fix Suggestion:
Update to version 53wdltool (CONDA):
Affected version(s) >=0.6 <=0.14Fix Suggestion:
Update to version no_fixopenrefine (CONDA):
Affected version(s) =2.7 <3.4Fix Suggestion:
Update to version 3.4pepquery (CONDA):
Affected version(s) >=1.3.0 <2.0.2Fix Suggestion:
Update to version 2.0.2womtool (CONDA):
Affected version(s) >=31 <50Fix Suggestion:
Update to version 50cromwell (CONDA):
Affected version(s) >=0.19.4 <40Fix Suggestion:
Update to version 40nextflow (CONDA):
Affected version(s) >=19.01.0 <21.04.0Fix Suggestion:
Update to version 21.04.0jetbrains.rider.frontend4 (NUGET):
Affected version(s) =202.0.20201215.161733 <202.0.20200820.182208Fix Suggestion:
Update to version 202.0.20200820.182208oraclenosqldriver (NUGET):
Affected version(s) >=12.4.5 <=12.4.5.4Fix Suggestion:
Update to version no_fixoracle.kv.client (NUGET):
Affected version(s) =12.4.20170407 <12.4.1Fix Suggestion:
Update to version 12.4.1stesabvba/horizon (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixziack/jasperphp (PHP):
Affected version(s) =dev-pr/79Fix Suggestion:
Update to version no_fixvufind/vufind (PHP):
Affected version(s) =dev-legacy/jquerymobile <dev-legacy/mink-autoretryFix Suggestion:
Update to version dev-legacy/mink-autoretryziack/jasperphp (PHP):
Affected version(s) >=v1.0.0 <2.8.0Fix Suggestion:
Update to version 2.8.0eihen/jasperstarter-bin (PHP):
Affected version(s) >=v3.2.1.0 <v3.4.1.0Fix Suggestion:
Update to version v3.4.1.0ziack/jasperphp (PHP):
Affected version(s) =dev-development <dev-masterFix Suggestion:
Update to version dev-masterxidmonx/jasperphp (PHP):
Affected version(s) >=dev-allow-string-parameters <2.7.0Fix Suggestion:
Update to version 2.7.0vufind/vufind (PHP):
Affected version(s) >=dev-release-3.0 <v3.1Fix Suggestion:
Update to version v3.1codelab/flaskphp-identity-smartid (PHP):
Affected version(s) >=v1.4.3 <=v1.6.8Fix Suggestion:
Update to version no_fixdericktan/phpjasper (PHP):
Affected version(s) >=dev-master <v1.2Fix Suggestion:
Update to version v1.2siu-toba/jasper (PHP):
Affected version(s) >=v5.6 <=v5.6.2Fix Suggestion:
Update to version no_fixa.ambrogini/phpjasper (PHP):
Affected version(s) >=v2.7 <=2.8Fix Suggestion:
Update to version no_fixlavela/phpjasper (PHP):
Affected version(s) >=v1.3 <v2.0Fix Suggestion:
Update to version v2.0dericktan/phpjasper (PHP):
Affected version(s) >=v1.3 <=v1.5.1Fix Suggestion:
Update to version no_fixsmart145/phpjasper (PHP):
Affected version(s) >=v1.6 <v1.8Fix Suggestion:
Update to version v1.8davidecaruso/jasper-php (PHP):
Affected version(s) =v1.0.2Fix Suggestion:
Update to version no_fixdavidecaruso/jasper-php (PHP):
Affected version(s) >=dev-develop <v1.0.0Fix Suggestion:
Update to version v1.0.0copam/phpjasper7 (PHP):
Affected version(s) >=v1.0 <v1.3Fix Suggestion:
Update to version v1.3smart145/phpjasper (PHP):
Affected version(s) =v1.0 <v1.1Fix Suggestion:
Update to version v1.1vufind/vufind (PHP):
Affected version(s) =dev-feature/foundation5 <dev-release-5.0Fix Suggestion:
Update to version dev-release-5.0rdpascua/jasperstarter (PHP):
Affected version(s) >=3.1.0 <3.5.0Fix Suggestion:
Update to version 3.5.0codelab/flaskphp-identity-smartid (PHP):
Affected version(s) =v1.4.0 <v1.4.1Fix Suggestion:
Update to version v1.4.1minkbear/phpjasper (PHP):
Affected version(s) >=v1.0 <3.0.0Fix Suggestion:
Update to version 3.0.0i4n/phpjasper (PHP):
Affected version(s) =dev-master <1.1.0Fix Suggestion:
Update to version 1.1.0lopezsoft/jasperphp (PHP):
Affected version(s) >=dev-main <v2.9.3Fix Suggestion:
Update to version v2.9.3starkliew/jasperphp (PHP):
Affected version(s) >=dev-development <=v2.4.0Fix Suggestion:
Update to version no_fixcopam/phpjasper (PHP):
Affected version(s) =v1.4 <v1.5Fix Suggestion:
Update to version v1.5copam/phpjasper (PHP):
Affected version(s) >=v1.0 <1.4Fix Suggestion:
Update to version 1.4lavela/phpjasper (PHP):
Affected version(s) =dev-develop <dev-masterFix Suggestion:
Update to version dev-mastera.ambrogini/phpjasper (PHP):
Affected version(s) >=v1.2 <v2.6Fix Suggestion:
Update to version v2.6salesfusion/reporter (PHP):
Affected version(s) >=1.0.0 <1.1.4Fix Suggestion:
Update to version 1.1.4vufind/vufind (PHP):
Affected version(s) =dev-legacy/vudl <dev-pullrequest_accessib_turn-my-account-menu-into-ulFix Suggestion:
Update to version dev-pullrequest_accessib_turn-my-account-menu-into-ulsmart145/phpjasper (PHP):
Affected version(s) =v1.4 <v1.5Fix Suggestion:
Update to version v1.5smart145/phpjasper (PHP):
Affected version(s) =v1.16 <2.0Fix Suggestion:
Update to version 2.0chrmorandi/yii2-jasper (PHP):
Affected version(s) >=dev-master <v1.1.1Fix Suggestion:
Update to version v1.1.1smart145/phpjasper (PHP):
Affected version(s) =v1.10 <v1.11Fix Suggestion:
Update to version v1.11codelab/flaskphp-identity-smartid (PHP):
Affected version(s) =dev-master <v1.0.0Fix Suggestion:
Update to version v1.0.0fazo96/jasperphp (PHP):
Affected version(s) >=v1.0.0 <=v2.3.0Fix Suggestion:
Update to version no_fixgeekcom/phpjasper-laravel (PHP):
Affected version(s) >=v1.0 <=v1.1Fix Suggestion:
Update to version no_fixcossou/jasperphp (PHP):
Affected version(s) >=dev-allow-string-parameters <=dev-pr/79Fix Suggestion:
Update to version no_fixcopam/phpjasper7 (PHP):
Affected version(s) =dev-develop <dev-masterFix Suggestion:
Update to version dev-masternealis/jasperphp (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixsmart145/phpjasper (PHP):
Affected version(s) >=v2.2 <3.0.0Fix Suggestion:
Update to version 3.0.0a.ambrogini/phpjasper (PHP):
Affected version(s) >=dev-develop <v1.1Fix Suggestion:
Update to version v1.1beakerx (PYTHON):
Affected version(s) >=0.12.2 <=1.4.1Fix Suggestion:
Update to version no_fixbeakerx (PYTHON):
Affected version(s) >=0.3.0.dev0 <0.12.0Fix Suggestion:
Update to version 0.12.0Related Resources (2)
Do you need more information?
Contact UsCVSS v4
Base Score:
6.9
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW