
We found results for “”
WS-2021-0616
Good to know:


Date: November 20, 2021
FasterXML jackson-databind before 2.12.6 and 2.13.1 there is DoS when using JDK serialization to serialize JsonNode.
Language: Java
Severity Score
Severity Score
Weakness Type (CWE)
Uncontrolled Resource Consumption
CWE-400Top Fix

Upgrade Version
Upgrade to version Flyway.CommandLine - 9.3.1;gradle - no_fix;MASES.KafkaBridge - no_fix;codelab/flaskphp-identity-mobileid - v1.0.41;codelab/flaskphp-identity-mobileid - v1.0.22;codelab/flaskphp-identity-mobileid - v1.0.0;codelab/flaskphp-identity-mobileid - v1.0.19;codelab/flaskphp-identity-esteid - no_fix;codelab/flaskphp-identity-esteid - v1.0.0;igv - no_fix;igv - 2.8.10;pyspark - 3.2.3;JetBrains.Rider.Frontend2 - 212.0.20210730.195106;JetBrains.Rider.Frontend2 - 203.0.20201211.142525;JetBrains.Rider.Frontend2 - 203.0.20200923.135724-eap01;JetBrains.Rider.Frontend2 - 203.0.20201127.95230-eap09;openrefine - no_fix;daniel-werner/laravel-schemacrawler - dev-analysis-qrWRb9;daniel-werner/laravel-schemacrawler - no_fix;Dynatrace.OneAgent.Xamarin - 8.247.0;MASES.KafkaBridgeCLI - no_fix;GridGain - 8.7.43;GridGain - 8.8.14;watchdog-wms - no_fix;JetBrains.Rider.Frontend4 - 202.0.20200820.182208;MASES.KNet - 1.3.0;sirius-csifingerid - 5.8.2;Flyway.CommandLine.Jre - 9.3.1;igvtools - no_fix;rdpascua/reporter - no_fix;JMeter - 5.5.0;dhenyson/jasper-report-php - no_fix;lopezsoft/jasperphp - no_fix;rdpascua/jasperstarter - no_fix;rdpascua/jasperstarter - dev-master;AppDynamics.Azure.SiteExtension.Java - 20.6.0.1;sellerbox/phpjasper - no_fix;peptide-shaker - 2.2.17;fiji - 20231211;AppDynamics.Azure.SiteExtension.JavaAgent - 22.4.0;MASES.KNetCLI - 1.3.1;com.fasterxml.jackson.core:jackson-databind:2.11.4;com.fasterxml.jackson.core:jackson-databind:2.11.0;com.fasterxml.jackson.core:jackson-databind:2.11.1;com.fasterxml.jackson.core:jackson-databind:2.12.2;com.fasterxml.jackson.core:jackson-databind:2.12.6;com.fasterxml.jackson.core:jackson-databind:2.11.0;com.fasterxml.jackson.core:jackson-databind:2.10.2;com.fasterxml.jackson.core:jackson-databind:2.13.1;com.fasterxml.jackson.core:jackson-databind:2.12.0-rc2;com.fasterxml.jackson.core:jackson-databind:2.12.4;io.syndesis.meta:meta:1.13.1;io.syndesis.meta:meta:1.13.1;org.kie.kogito:dmn-listener-springboot:1.6.0.Final;io.fabric8.quickstarts.cxf.jaxws:spring-boot-cxf-jaxws-xml:no_fix;org.kie.kogito.examples:ruleunit-springboot-example:1.6.0.Final;io.syndesis.server:server-builder-image-generator:1.13.1;io.syndesis.server:server-builder-image-generator:1.13.1;com.redhat.fuse.boosters:fuse-rest-http-booster:no_fix;io.fabric8.quickstarts:spring-boot-camel-config:no_fix;io.fabric8.quickstarts:spring-boot-camel-config:no_fix;org.apache.activemq.examples.rest:dup-send:2.19.0;org.jboss.redhat-fuse.apicurio:fuse-apicurito-generator:no_fix;com.redhat.fuse.boosters:fuse-configmap-booster:no_fix;org.optaweb.vehiclerouting:optaweb-vehicle-routing-backend:no_fix;org.optaweb.vehiclerouting:optaweb-vehicle-routing-backend:no_fix;org.optaweb.vehiclerouting:optaweb-vehicle-routing-backend:no_fix;org.optaweb.vehiclerouting:optaweb-vehicle-routing-backend:no_fix;org.wildfly.security:wildfly-elytron:1.15.14.Final;org.wildfly.security:wildfly-elytron:1.19.1.Final;org.wildfly.security:wildfly-elytron:1.15.12.Final;org.wildfly.security:wildfly-elytron:1.15.10.Final;org.wildfly.security:wildfly-elytron:1.15.17.Final;org.wildfly.security:wildfly-elytron:1.15.15.Final;org.wildfly.security:wildfly-elytron:1.15.13.Final;org.wildfly.security:wildfly-elytron:1.15.18.Final;io.fabric8.quickstarts:spring-boot-camel-rhosak:no_fix;io.fabric8.quickstarts:spring-boot-camel-rhosak:no_fix;io.fabric8.quickstarts:spring-boot-camel-soap-rest-bridge:no_fix;io.fabric8.quickstarts:spring-boot-camel-soap-rest-bridge:no_fix;com.redhat.fuse.boosters.tracing:greetings-service:no_fix;com.redhat.fuse.quickstarts:spring-boot-camel-xa:no_fix;org.kie.kogito:pmml-springboot-example:1.6.0.Final;org.kie.kogito:dmn-springboot-example:1.6.0.Final;io.fabric8.quickstarts:spring-boot-camel-rest-sql:no_fix;org.kie:kie-server-spring-boot-kafka-sample:7.60.0.Final;com.redhat.fuse.boosters:name-service:no_fix;com.fasterxml.jackson.core:jackson-core:2.12.6;com.fasterxml.jackson.core:jackson-core:2.12.6;com.fasterxml.jackson.core:jackson-core:2.12.6;com.fasterxml.jackson.core:jackson-core:2.13.1;com.fasterxml.jackson.core:jackson-core:2.12.6;org.optaweb.employeerostering:optaweb-employee-rostering-backend:no_fix;org.optaweb.employeerostering:optaweb-employee-rostering-backend:no_fix;org.optaweb.employeerostering:optaweb-employee-rostering-backend:no_fix;org.optaweb.employeerostering:optaweb-employee-rostering-backend:no_fix;org.kie.kogito:dmn-pmml-springboot-example:1.6.0.Final;com.redhat.fuse.boosters:greetings-service:no_fix;io.fabric8.quickstarts:spring-boot-camel-drools:no_fix;io.fabric8.quickstarts:spring-boot-camel-drools:no_fix;org.apache.activemq.examples.rest:mixed-jms-rest:2.19.0;io.fabric8.quickstarts:spring-boot-camel-infinispan:no_fix;io.fabric8.quickstarts:spring-boot-camel-rest-3scale:no_fix;io.fabric8.quickstarts:spring-boot-camel-amq:no_fix;org.kie:jbpm-spring-boot-sample-basic:7.60.0.Final;org.optaweb.employeerostering:optaweb-employee-rostering-standalone:no_fix;org.optaweb.employeerostering:optaweb-employee-rostering-standalone:no_fix;org.optaweb.employeerostering:optaweb-employee-rostering-standalone:no_fix;io.hawt:hawtio-default:2.0.2;io.hawt:hawtio-default:2.0.2;com.redhat.fuse.boosters:fuse-health-check-booster:no_fix;org.kie:keycloak-kie-server-spring-boot-sample:7.60.0.Final;io.fabric8.quickstarts.cxf.jaxws:spring-boot-cxf-jaxws:no_fix;com.redhat.fuse.boosters.tracing:name-service:no_fix;io.fabric8.quickstarts.cxf.jaxrs:spring-boot-cxf-jaxrs-xml:no_fix;io.syndesis.server:server-runtime:1.13.1;org.apache.activemq.examples.rest:push:2.19.0;org.kie.kogito.examples:dmn-drools-springboot-metrics:1.6.0.Final;io.fabric8.quickstarts.cxf.jaxrs:spring-boot-cxf-jaxrs:no_fix;org.jboss.eap:wildfly-client-all:no_fix;io.syndesis.server:syndesis-cli:1.13.1;io.syndesis.server:syndesis-cli:1.13.1;org.teiid:vdb-base-builder:1.6.0;io.fabric8.quickstarts:spring-boot-camel-xml:no_fix;io.fabric8.quickstarts:spring-boot-camel:no_fix;org.apache.activemq.examples.rest:javascript-chat:2.19.0
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | HIGH |