CVE-2021-46877, GHSA-3x8x-79m2-3w2w
maven/com.fasterxml.jackson.core/jackson-databind
jackson-databind possible Denial of Service if using JDK serialization to serialize JsonNode
jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.
All versions starting from 2.10.0 before 2.12.6, version 2.13.0
Upgrade to versions 2.12.6, 2.13.1 or above.
2023-03-22
source |