Uploaded image for project: 'TinkerPop'
  1. TinkerPop
  2. TINKERPOP-2948

PRISMA security vulnerabilty for jackson-databind 2.14.0

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 3.6.3, 3.5.6
    • 3.7.0, 3.5.7, 3.6.5
    • server

    Description

       

      PRISMA-2023-0067 logged against jackson-databind 2.14.0

      https://github.com/FasterXML/jackson-core/pull/827

       

      com.fasterxml.jackson.core_jackson-core package versions before 2.15.0 are vulnerable to Denial of Service (DoS). The package does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended and leads to Uncontrolled Resource Consumption ('Resource Exhaustion')

      Attachments

        Activity

          People

            colegreer Cole Greer
            acoady Aaron Coady
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: