INFSA-2023:2312: jackson security update
Information about definition
Identificator: INFSA-2023:2312
Type: security
Release date: 2025-03-05 17:35:46 UTC
Information about package
Jackson is a suite of data-processing tools for Java, including the flagship streaming JSON parser / generator library, matching data-binding library, and additional modules to process data encoded in various other data formats.
Vulnerabilities description
- CVE-2020-36518
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2020-36518
|
no information | 7.5 | no information |
Updated packages