icon

We found results for “

WS-2021-0616

Good to know:

icon
icon

Date: November 20, 2021

FasterXML jackson-databind before 2.12.6 and 2.13.1 there is DoS when using JDK serialization to serialize JsonNode.

Language: Java

Severity Score

Severity Score

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Top Fix

icon

Upgrade Version

Upgrade to version Flyway.CommandLine - 9.3.1;gradle - no_fix;MASES.KafkaBridge - no_fix;codelab/flaskphp-identity-mobileid - v1.0.41;codelab/flaskphp-identity-mobileid - v1.0.22;codelab/flaskphp-identity-mobileid - v1.0.0;codelab/flaskphp-identity-mobileid - v1.0.19;codelab/flaskphp-identity-esteid - no_fix;codelab/flaskphp-identity-esteid - v1.0.0;igv - no_fix;igv - 2.8.10;pyspark - 3.2.3;JetBrains.Rider.Frontend2 - 212.0.20210730.195106;JetBrains.Rider.Frontend2 - 203.0.20201211.142525;JetBrains.Rider.Frontend2 - 203.0.20200923.135724-eap01;JetBrains.Rider.Frontend2 - 203.0.20201127.95230-eap09;openrefine - no_fix;daniel-werner/laravel-schemacrawler - dev-analysis-qrWRb9;daniel-werner/laravel-schemacrawler - no_fix;Dynatrace.OneAgent.Xamarin - 8.247.0;MASES.KafkaBridgeCLI - no_fix;GridGain - 8.7.43;GridGain - 8.8.14;watchdog-wms - no_fix;JetBrains.Rider.Frontend4 - 202.0.20200820.182208;MASES.KNet - 1.3.0;sirius-csifingerid - 5.8.2;Flyway.CommandLine.Jre - 9.3.1;igvtools - no_fix;rdpascua/reporter - no_fix;JMeter - 5.5.0;dhenyson/jasper-report-php - no_fix;lopezsoft/jasperphp - no_fix;rdpascua/jasperstarter - no_fix;rdpascua/jasperstarter - dev-master;AppDynamics.Azure.SiteExtension.Java - 20.6.0.1;sellerbox/phpjasper - no_fix;peptide-shaker - 2.2.17;fiji - 20231211;AppDynamics.Azure.SiteExtension.JavaAgent - 22.4.0;MASES.KNetCLI - 1.3.1;com.fasterxml.jackson.core:jackson-databind:2.11.4;com.fasterxml.jackson.core:jackson-databind:2.11.0;com.fasterxml.jackson.core:jackson-databind:2.11.1;com.fasterxml.jackson.core:jackson-databind:2.12.2;com.fasterxml.jackson.core:jackson-databind:2.12.6;com.fasterxml.jackson.core:jackson-databind:2.11.0;com.fasterxml.jackson.core:jackson-databind:2.10.2;com.fasterxml.jackson.core:jackson-databind:2.13.1;com.fasterxml.jackson.core:jackson-databind:2.12.0-rc2;com.fasterxml.jackson.core:jackson-databind:2.12.4;io.syndesis.meta:meta:1.13.1;io.syndesis.meta:meta:1.13.1;org.kie.kogito:dmn-listener-springboot:1.6.0.Final;io.fabric8.quickstarts.cxf.jaxws:spring-boot-cxf-jaxws-xml:no_fix;org.kie.kogito.examples:ruleunit-springboot-example:1.6.0.Final;io.syndesis.server:server-builder-image-generator:1.13.1;io.syndesis.server:server-builder-image-generator:1.13.1;com.redhat.fuse.boosters:fuse-rest-http-booster:no_fix;io.fabric8.quickstarts:spring-boot-camel-config:no_fix;io.fabric8.quickstarts:spring-boot-camel-config:no_fix;org.apache.activemq.examples.rest:dup-send:2.19.0;org.jboss.redhat-fuse.apicurio:fuse-apicurito-generator:no_fix;com.redhat.fuse.boosters:fuse-configmap-booster:no_fix;org.optaweb.vehiclerouting:optaweb-vehicle-routing-backend:no_fix;org.optaweb.vehiclerouting:optaweb-vehicle-routing-backend:no_fix;org.optaweb.vehiclerouting:optaweb-vehicle-routing-backend:no_fix;org.optaweb.vehiclerouting:optaweb-vehicle-routing-backend:no_fix;org.wildfly.security:wildfly-elytron:1.15.14.Final;org.wildfly.security:wildfly-elytron:1.19.1.Final;org.wildfly.security:wildfly-elytron:1.15.12.Final;org.wildfly.security:wildfly-elytron:1.15.10.Final;org.wildfly.security:wildfly-elytron:1.15.17.Final;org.wildfly.security:wildfly-elytron:1.15.15.Final;org.wildfly.security:wildfly-elytron:1.15.13.Final;org.wildfly.security:wildfly-elytron:1.15.18.Final;io.fabric8.quickstarts:spring-boot-camel-rhosak:no_fix;io.fabric8.quickstarts:spring-boot-camel-rhosak:no_fix;io.fabric8.quickstarts:spring-boot-camel-soap-rest-bridge:no_fix;io.fabric8.quickstarts:spring-boot-camel-soap-rest-bridge:no_fix;com.redhat.fuse.boosters.tracing:greetings-service:no_fix;com.redhat.fuse.quickstarts:spring-boot-camel-xa:no_fix;org.kie.kogito:pmml-springboot-example:1.6.0.Final;org.kie.kogito:dmn-springboot-example:1.6.0.Final;io.fabric8.quickstarts:spring-boot-camel-rest-sql:no_fix;org.kie:kie-server-spring-boot-kafka-sample:7.60.0.Final;com.redhat.fuse.boosters:name-service:no_fix;com.fasterxml.jackson.core:jackson-core:2.12.6;com.fasterxml.jackson.core:jackson-core:2.12.6;com.fasterxml.jackson.core:jackson-core:2.12.6;com.fasterxml.jackson.core:jackson-core:2.13.1;com.fasterxml.jackson.core:jackson-core:2.12.6;org.optaweb.employeerostering:optaweb-employee-rostering-backend:no_fix;org.optaweb.employeerostering:optaweb-employee-rostering-backend:no_fix;org.optaweb.employeerostering:optaweb-employee-rostering-backend:no_fix;org.optaweb.employeerostering:optaweb-employee-rostering-backend:no_fix;org.kie.kogito:dmn-pmml-springboot-example:1.6.0.Final;com.redhat.fuse.boosters:greetings-service:no_fix;io.fabric8.quickstarts:spring-boot-camel-drools:no_fix;io.fabric8.quickstarts:spring-boot-camel-drools:no_fix;org.apache.activemq.examples.rest:mixed-jms-rest:2.19.0;io.fabric8.quickstarts:spring-boot-camel-infinispan:no_fix;io.fabric8.quickstarts:spring-boot-camel-rest-3scale:no_fix;io.fabric8.quickstarts:spring-boot-camel-amq:no_fix;org.kie:jbpm-spring-boot-sample-basic:7.60.0.Final;org.optaweb.employeerostering:optaweb-employee-rostering-standalone:no_fix;org.optaweb.employeerostering:optaweb-employee-rostering-standalone:no_fix;org.optaweb.employeerostering:optaweb-employee-rostering-standalone:no_fix;io.hawt:hawtio-default:2.0.2;io.hawt:hawtio-default:2.0.2;com.redhat.fuse.boosters:fuse-health-check-booster:no_fix;org.kie:keycloak-kie-server-spring-boot-sample:7.60.0.Final;io.fabric8.quickstarts.cxf.jaxws:spring-boot-cxf-jaxws:no_fix;com.redhat.fuse.boosters.tracing:name-service:no_fix;io.fabric8.quickstarts.cxf.jaxrs:spring-boot-cxf-jaxrs-xml:no_fix;io.syndesis.server:server-runtime:1.13.1;org.apache.activemq.examples.rest:push:2.19.0;org.kie.kogito.examples:dmn-drools-springboot-metrics:1.6.0.Final;io.fabric8.quickstarts.cxf.jaxrs:spring-boot-cxf-jaxrs:no_fix;org.jboss.eap:wildfly-client-all:no_fix;io.syndesis.server:syndesis-cli:1.13.1;io.syndesis.server:syndesis-cli:1.13.1;org.teiid:vdb-base-builder:1.6.0;io.fabric8.quickstarts:spring-boot-camel-xml:no_fix;io.fabric8.quickstarts:spring-boot-camel:no_fix;org.apache.activemq.examples.rest:javascript-chat:2.19.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us