com.fasterxml.jackson.core:jackson-databind@2.13.1 vulnerabilities
-
latest version
2.18.1
-
latest non vulnerable version
-
first published
13 years ago
-
latest version published
19 days ago
-
licenses detected
- [2.1.0,2.2.0); [2.4.0-rc1,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the com.fasterxml.jackson.core:jackson-databind package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Denial of Service (DoS) in the NOTE:
For this vulnerability to be exploitable the non-default How to fix Denial of Service (DoS)? Upgrade |
[2.4.0,2.12.7.1)
[2.13.0,2.13.4)
|
com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Denial of Service (DoS) in the NOTE: This vulnerability is only exploitable when the non-default How to fix Denial of Service (DoS)? Upgrade |
[2.4.0,2.12.7.1)
[2.13.0,2.13.4.1)
|
com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Denial of Service (DoS) via a large depth of nested objects. How to fix Denial of Service (DoS)? Upgrade |
[,2.12.6.1)
[2.13.0,2.13.2.1)
|