com.fasterxml.jackson.datatype:jackson-datatype-jsr310@2.8.5 vulnerabilities
-
latest version
2.18.0
-
latest non vulnerable version
-
first published
12 years ago
-
latest version published
2 months ago
-
licenses detected
- [2.4.0-rc2,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the com.fasterxml.jackson.datatype:jackson-datatype-jsr310 package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
com.fasterxml.jackson.datatype:jackson-datatype-jsr310 is a datatype module to make Jackson recognize Java 8 Date & Time API data types (JSR-310). Affected versions of this package are vulnerable to Improper Input Validation that can cause a Denial of Service (DoS). It appear to be exploitable via the victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. How to fix Improper Input Validation? Upgrade |
[,2.9.8)
|