Vulnerability	Vulnerable Version
H Allocation of Resources Without Limits or Throttling Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in `ReaderBasedJsonParser.java` and `UTF8DataInputJsonParser.java`, when processing deeply nested data. A regression in 3.0 versions caused the `StreamReadConstraints.maxNestingDepth` setting for `DataInput` to not be checked, allowing resources to be overwhelmed by malicious inputs. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `tools.jackson.core:jackson-core` to version 3.1.0 or higher.	[3.0.0-rc1,3.1.0)
H Allocation of Resources Without Limits or Throttling Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in which the non-blocking async JSON parser can be made to bypass the `maxNumberLength` constraint (default: 1000 characters) defined in `StreamReadConstraints`. An attacker can cause excessive memory allocation and CPU exhaustion by submitting JSON documents containing extremely long numeric values through the asynchronous parser interface. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `tools.jackson.core:jackson-core` to version 3.1.0 or higher.	[3.0.0,3.1.0)

Allocation of Resources Without Limits or Throttling

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in ReaderBasedJsonParser.java and UTF8DataInputJsonParser.java, when processing deeply nested data. A regression in 3.0 versions caused the StreamReadConstraints.maxNestingDepth setting for DataInput to not be checked, allowing resources to be overwhelmed by malicious inputs.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade tools.jackson.core:jackson-core to version 3.1.0 or higher.

[3.0.0-rc1,3.1.0)

Allocation of Resources Without Limits or Throttling

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in which the non-blocking async JSON parser can be made to bypass the maxNumberLength constraint (default: 1000 characters) defined in StreamReadConstraints. An attacker can cause excessive memory allocation and CPU exhaustion by submitting JSON documents containing extremely long numeric values through the asynchronous parser interface.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade tools.jackson.core:jackson-core to version 3.1.0 or higher.

[3.0.0,3.1.0)

Go back to all versions of this package