com.fasterxml.jackson.datatype:jackson-datatype-jsr310@2.3.3 vulnerabilities
-
latest version
2.18.1
-
latest non vulnerable version
-
first published
12 years ago
-
latest version published
17 days ago
-
licenses detected
- (Apache-2.0 OR LGPL-2.1)[2.2.0-beta1,2.4.0-rc2)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the com.fasterxml.jackson.datatype:jackson-datatype-jsr310 package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
com.fasterxml.jackson.datatype:jackson-datatype-jsr310 is a datatype module to make Jackson recognize Java 8 Date & Time API data types (JSR-310). Affected versions of this package are vulnerable to Improper Input Validation that can cause a Denial of Service (DoS). It appear to be exploitable via the victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. How to fix Improper Input Validation? Upgrade |
[,2.9.8)
|