[CASSANDRA-17556] jackson-databind 2.13.2 is vulnerable to CVE-2020-36518 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Normal
Resolution: Fixed
Fix Version/s: 3.11.13, 4.0.4, 4.1-alpha1, 4.1
Component/s: Build
Labels:
None

Bug Category:
Security - Denial of Service
Severity:
Normal
Complexity:
Normal
Discovered By:
User Report
Platform:

All
Impacts:

None
Since Version:

4.0.3
Source Control Link:

https://github.com/apache/cassandra/commit/4bb1a07b5be16b35d33ef5a4645a1209dffa9759
Test and Documentation Plan:

Hide

run CI

Show
run CI

Description

Seems like it's technically possible to cause a DoS with nested json.

Attachments

Activity

People

Assignee:: Brandon Williams

Reporter:: Brandon Williams

Authors:: Brandon Williams

Reviewers:: Berenguer Blasi

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 13/Apr/22 19:22

Updated:: 27/May/22 19:25

Resolved:: 28/Apr/22 14:13