| Vulnerable Component Details | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Type | Namespace | Name | Version | Package URL | ||||||||||||||
| maven | com.fasterxml.jackson.core | jackson-databind | 2.11.4 | pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.11.4?type=jar | ||||||||||||||
| Vulnerability Details | ||||||||||||||||||
| ID | GHSA-57j2-w4cx-62h2 | |||||||||||||||||
| Description | jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. | |||||||||||||||||
| Recommendation | Upgrade to version 2.12.6.1, 2.12.2.1 or above.. || State: fixed | Fix Versions: 2.12.6.1 | |||||||||||||||||
| Ratings |
|
|||||||||||||||||
| Related Vulnerabilities | ||||||||||||||||||
| Found By | Anchore Grype , Aquasec Trivy , Sonotype OSS-Index , Gitlab Gemnasium | |||||||||||||||||
| References / Advisories |
|
|||||||||||||||||
| Weakness Enumeration | ||||||||||||||||||